./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec3_product61.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e7bb482b Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec3_product61.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 53b1b58c0a8af862b137647fd316df606e2053e614741221b62b3a107765e608 --- Real Ultimate output --- This is Ultimate 0.2.3-dev-e7bb482 [2023-11-06 22:56:29,651 INFO L188 SettingsManager]: Resetting all preferences to default values... [2023-11-06 22:56:29,781 INFO L114 SettingsManager]: Loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf [2023-11-06 22:56:29,787 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2023-11-06 22:56:29,787 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2023-11-06 22:56:29,825 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2023-11-06 22:56:29,826 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2023-11-06 22:56:29,826 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2023-11-06 22:56:29,827 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2023-11-06 22:56:29,828 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2023-11-06 22:56:29,829 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2023-11-06 22:56:29,829 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2023-11-06 22:56:29,830 INFO L153 SettingsManager]: * Use SBE=true [2023-11-06 22:56:29,830 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2023-11-06 22:56:29,831 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2023-11-06 22:56:29,832 INFO L153 SettingsManager]: * sizeof long=4 [2023-11-06 22:56:29,832 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2023-11-06 22:56:29,833 INFO L153 SettingsManager]: * sizeof POINTER=4 [2023-11-06 22:56:29,833 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2023-11-06 22:56:29,834 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2023-11-06 22:56:29,835 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2023-11-06 22:56:29,835 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2023-11-06 22:56:29,836 INFO L153 SettingsManager]: * sizeof long double=12 [2023-11-06 22:56:29,836 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2023-11-06 22:56:29,837 INFO L153 SettingsManager]: * Use constant arrays=true [2023-11-06 22:56:29,837 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2023-11-06 22:56:29,838 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2023-11-06 22:56:29,838 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2023-11-06 22:56:29,839 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 22:56:29,840 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2023-11-06 22:56:29,840 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2023-11-06 22:56:29,840 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2023-11-06 22:56:29,841 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2023-11-06 22:56:29,841 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2023-11-06 22:56:29,841 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2023-11-06 22:56:29,841 INFO L153 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2023-11-06 22:56:29,842 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2023-11-06 22:56:29,842 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2023-11-06 22:56:29,842 INFO L153 SettingsManager]: * Independence relation used for large block encoding in concurrent analysis=SYNTACTIC [2023-11-06 22:56:29,842 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 53b1b58c0a8af862b137647fd316df606e2053e614741221b62b3a107765e608 [2023-11-06 22:56:30,176 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2023-11-06 22:56:30,217 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2023-11-06 22:56:30,220 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2023-11-06 22:56:30,222 INFO L270 PluginConnector]: Initializing CDTParser... [2023-11-06 22:56:30,222 INFO L274 PluginConnector]: CDTParser initialized [2023-11-06 22:56:30,223 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/../../sv-benchmarks/c/product-lines/minepump_spec3_product61.cil.c [2023-11-06 22:56:33,277 INFO L533 CDTParser]: Created temporary CDT project at NULL [2023-11-06 22:56:33,578 INFO L384 CDTParser]: Found 1 translation units. [2023-11-06 22:56:33,579 INFO L180 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/sv-benchmarks/c/product-lines/minepump_spec3_product61.cil.c [2023-11-06 22:56:33,596 INFO L427 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/data/f74ce254f/4341feb729234f1285d7785f3500852d/FLAG769ffa63e [2023-11-06 22:56:33,615 INFO L435 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/data/f74ce254f/4341feb729234f1285d7785f3500852d [2023-11-06 22:56:33,618 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2023-11-06 22:56:33,620 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2023-11-06 22:56:33,622 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2023-11-06 22:56:33,622 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2023-11-06 22:56:33,627 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2023-11-06 22:56:33,628 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 10:56:33" (1/1) ... [2023-11-06 22:56:33,629 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@3c29a60f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:33, skipping insertion in model container [2023-11-06 22:56:33,629 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 10:56:33" (1/1) ... [2023-11-06 22:56:33,746 INFO L177 MainTranslator]: Built tables and reachable declarations [2023-11-06 22:56:33,971 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/sv-benchmarks/c/product-lines/minepump_spec3_product61.cil.c[7381,7394] [2023-11-06 22:56:34,092 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 22:56:34,110 INFO L202 MainTranslator]: Completed pre-run [2023-11-06 22:56:34,119 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [49] [2023-11-06 22:56:34,121 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [118] [2023-11-06 22:56:34,121 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [368] [2023-11-06 22:56:34,122 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [472] [2023-11-06 22:56:34,122 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [481] [2023-11-06 22:56:34,122 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification3_spec.i","") [580] [2023-11-06 22:56:34,122 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [614] [2023-11-06 22:56:34,123 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [649] [2023-11-06 22:56:34,148 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/sv-benchmarks/c/product-lines/minepump_spec3_product61.cil.c[7381,7394] [2023-11-06 22:56:34,218 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 22:56:34,246 INFO L206 MainTranslator]: Completed translation [2023-11-06 22:56:34,246 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34 WrapperNode [2023-11-06 22:56:34,246 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2023-11-06 22:56:34,248 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2023-11-06 22:56:34,248 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2023-11-06 22:56:34,248 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2023-11-06 22:56:34,260 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,278 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,308 INFO L138 Inliner]: procedures = 57, calls = 105, calls flagged for inlining = 23, calls inlined = 20, statements flattened = 227 [2023-11-06 22:56:34,309 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2023-11-06 22:56:34,309 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2023-11-06 22:56:34,310 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2023-11-06 22:56:34,310 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2023-11-06 22:56:34,320 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,320 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,323 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,324 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,333 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,339 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,341 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,343 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,359 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2023-11-06 22:56:34,360 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2023-11-06 22:56:34,361 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2023-11-06 22:56:34,361 INFO L274 PluginConnector]: RCFGBuilder initialized [2023-11-06 22:56:34,362 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (1/1) ... [2023-11-06 22:56:34,391 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 22:56:34,401 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 22:56:34,420 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2023-11-06 22:56:34,455 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2023-11-06 22:56:34,466 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2023-11-06 22:56:34,466 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2023-11-06 22:56:34,466 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2023-11-06 22:56:34,466 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2023-11-06 22:56:34,468 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2023-11-06 22:56:34,469 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2023-11-06 22:56:34,469 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2023-11-06 22:56:34,469 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2023-11-06 22:56:34,469 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2023-11-06 22:56:34,469 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 22:56:34,469 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 22:56:34,469 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2023-11-06 22:56:34,470 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2023-11-06 22:56:34,470 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__methaneQuery [2023-11-06 22:56:34,470 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__methaneQuery [2023-11-06 22:56:34,470 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2023-11-06 22:56:34,471 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2023-11-06 22:56:34,471 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2023-11-06 22:56:34,471 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2023-11-06 22:56:34,471 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2023-11-06 22:56:34,471 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2023-11-06 22:56:34,471 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2023-11-06 22:56:34,472 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2023-11-06 22:56:34,473 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2023-11-06 22:56:34,594 INFO L236 CfgBuilder]: Building ICFG [2023-11-06 22:56:34,600 INFO L262 CfgBuilder]: Building CFG for each procedure with an implementation [2023-11-06 22:56:34,945 INFO L277 CfgBuilder]: Performing block encoding [2023-11-06 22:56:34,954 INFO L297 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2023-11-06 22:56:34,954 INFO L302 CfgBuilder]: Removed 2 assume(true) statements. [2023-11-06 22:56:34,956 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:56:34 BoogieIcfgContainer [2023-11-06 22:56:34,957 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2023-11-06 22:56:34,959 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2023-11-06 22:56:34,960 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2023-11-06 22:56:34,963 INFO L274 PluginConnector]: TraceAbstraction initialized [2023-11-06 22:56:34,963 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 06.11 10:56:33" (1/3) ... [2023-11-06 22:56:34,964 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5ab02be4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 10:56:34, skipping insertion in model container [2023-11-06 22:56:34,964 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:56:34" (2/3) ... [2023-11-06 22:56:34,965 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5ab02be4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 10:56:34, skipping insertion in model container [2023-11-06 22:56:34,965 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:56:34" (3/3) ... [2023-11-06 22:56:34,966 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec3_product61.cil.c [2023-11-06 22:56:34,986 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2023-11-06 22:56:34,986 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2023-11-06 22:56:35,040 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2023-11-06 22:56:35,047 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@1fa0a393, mLbeIndependenceSettings=[IndependenceType=SYNTACTIC, AbstractionType=NONE, UseConditional=, UseSemiCommutativity=, Solver=, SolverTimeout=] [2023-11-06 22:56:35,048 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2023-11-06 22:56:35,052 INFO L276 IsEmpty]: Start isEmpty. Operand has 110 states, 80 states have (on average 1.375) internal successors, (110), 90 states have internal predecessors, (110), 18 states have call successors, (18), 10 states have call predecessors, (18), 10 states have return successors, (18), 13 states have call predecessors, (18), 18 states have call successors, (18) [2023-11-06 22:56:35,064 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2023-11-06 22:56:35,065 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:35,065 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:35,066 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:35,071 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:35,072 INFO L85 PathProgramCache]: Analyzing trace with hash -1589663850, now seen corresponding path program 1 times [2023-11-06 22:56:35,081 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:35,081 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1561244494] [2023-11-06 22:56:35,082 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:35,082 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:35,251 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:35,366 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2023-11-06 22:56:35,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:35,393 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:56:35,394 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:35,394 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1561244494] [2023-11-06 22:56:35,395 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1561244494] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:35,395 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:35,395 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2023-11-06 22:56:35,397 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1790887213] [2023-11-06 22:56:35,397 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:35,402 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2023-11-06 22:56:35,402 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:35,462 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2023-11-06 22:56:35,464 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 22:56:35,468 INFO L87 Difference]: Start difference. First operand has 110 states, 80 states have (on average 1.375) internal successors, (110), 90 states have internal predecessors, (110), 18 states have call successors, (18), 10 states have call predecessors, (18), 10 states have return successors, (18), 13 states have call predecessors, (18), 18 states have call successors, (18) Second operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:56:35,543 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:35,543 INFO L93 Difference]: Finished difference Result 212 states and 287 transitions. [2023-11-06 22:56:35,545 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2023-11-06 22:56:35,546 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2023-11-06 22:56:35,547 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:35,560 INFO L225 Difference]: With dead ends: 212 [2023-11-06 22:56:35,560 INFO L226 Difference]: Without dead ends: 101 [2023-11-06 22:56:35,566 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 22:56:35,578 INFO L413 NwaCegarLoop]: 140 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 140 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:35,579 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 140 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:56:35,597 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 101 states. [2023-11-06 22:56:35,640 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 101 to 101. [2023-11-06 22:56:35,642 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 101 states, 73 states have (on average 1.3150684931506849) internal successors, (96), 82 states have internal predecessors, (96), 18 states have call successors, (18), 10 states have call predecessors, (18), 9 states have return successors, (17), 12 states have call predecessors, (17), 17 states have call successors, (17) [2023-11-06 22:56:35,650 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 101 states to 101 states and 131 transitions. [2023-11-06 22:56:35,651 INFO L78 Accepts]: Start accepts. Automaton has 101 states and 131 transitions. Word has length 25 [2023-11-06 22:56:35,652 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:35,652 INFO L495 AbstractCegarLoop]: Abstraction has 101 states and 131 transitions. [2023-11-06 22:56:35,653 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:56:35,653 INFO L276 IsEmpty]: Start isEmpty. Operand 101 states and 131 transitions. [2023-11-06 22:56:35,662 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2023-11-06 22:56:35,662 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:35,662 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:35,662 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2023-11-06 22:56:35,663 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:35,664 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:35,664 INFO L85 PathProgramCache]: Analyzing trace with hash 363264377, now seen corresponding path program 1 times [2023-11-06 22:56:35,664 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:35,665 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1830217229] [2023-11-06 22:56:35,665 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:35,665 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:35,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:35,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2023-11-06 22:56:35,828 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:35,831 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:56:35,831 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:35,832 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1830217229] [2023-11-06 22:56:35,832 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1830217229] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:35,832 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:35,833 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2023-11-06 22:56:35,833 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1812116461] [2023-11-06 22:56:35,833 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:35,834 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2023-11-06 22:56:35,835 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:35,835 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2023-11-06 22:56:35,836 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:56:35,836 INFO L87 Difference]: Start difference. First operand 101 states and 131 transitions. Second operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:56:35,858 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:35,858 INFO L93 Difference]: Finished difference Result 168 states and 218 transitions. [2023-11-06 22:56:35,859 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2023-11-06 22:56:35,859 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2023-11-06 22:56:35,859 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:35,861 INFO L225 Difference]: With dead ends: 168 [2023-11-06 22:56:35,861 INFO L226 Difference]: Without dead ends: 92 [2023-11-06 22:56:35,863 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:56:35,865 INFO L413 NwaCegarLoop]: 118 mSDtfsCounter, 12 mSDsluCounter, 102 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 220 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:35,866 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [15 Valid, 220 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:56:35,867 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 92 states. [2023-11-06 22:56:35,878 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 92 to 92. [2023-11-06 22:56:35,879 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 92 states, 67 states have (on average 1.328358208955224) internal successors, (89), 76 states have internal predecessors, (89), 15 states have call successors, (15), 9 states have call predecessors, (15), 9 states have return successors, (15), 10 states have call predecessors, (15), 15 states have call successors, (15) [2023-11-06 22:56:35,880 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 92 states to 92 states and 119 transitions. [2023-11-06 22:56:35,881 INFO L78 Accepts]: Start accepts. Automaton has 92 states and 119 transitions. Word has length 26 [2023-11-06 22:56:35,881 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:35,881 INFO L495 AbstractCegarLoop]: Abstraction has 92 states and 119 transitions. [2023-11-06 22:56:35,882 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:56:35,882 INFO L276 IsEmpty]: Start isEmpty. Operand 92 states and 119 transitions. [2023-11-06 22:56:35,884 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2023-11-06 22:56:35,884 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:35,884 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:35,884 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2023-11-06 22:56:35,885 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:35,885 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:35,886 INFO L85 PathProgramCache]: Analyzing trace with hash -1922022974, now seen corresponding path program 1 times [2023-11-06 22:56:35,886 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:35,886 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [700171229] [2023-11-06 22:56:35,886 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:35,887 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:35,909 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:36,089 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:56:36,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:36,097 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:56:36,098 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:36,098 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [700171229] [2023-11-06 22:56:36,098 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [700171229] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:36,099 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:36,100 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 22:56:36,100 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1801123255] [2023-11-06 22:56:36,100 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:36,102 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 22:56:36,102 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:36,103 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 22:56:36,104 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2023-11-06 22:56:36,104 INFO L87 Difference]: Start difference. First operand 92 states and 119 transitions. Second operand has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:56:36,314 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:36,314 INFO L93 Difference]: Finished difference Result 177 states and 232 transitions. [2023-11-06 22:56:36,315 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2023-11-06 22:56:36,315 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2023-11-06 22:56:36,315 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:36,317 INFO L225 Difference]: With dead ends: 177 [2023-11-06 22:56:36,317 INFO L226 Difference]: Without dead ends: 92 [2023-11-06 22:56:36,318 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2023-11-06 22:56:36,320 INFO L413 NwaCegarLoop]: 112 mSDtfsCounter, 217 mSDsluCounter, 138 mSDsCounter, 0 mSdLazyCounter, 65 mSolverCounterSat, 38 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 217 SdHoareTripleChecker+Valid, 250 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 38 IncrementalHoareTripleChecker+Valid, 65 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:36,320 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [217 Valid, 250 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [38 Valid, 65 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2023-11-06 22:56:36,322 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 92 states. [2023-11-06 22:56:36,334 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 92 to 92. [2023-11-06 22:56:36,335 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 92 states, 67 states have (on average 1.3134328358208955) internal successors, (88), 76 states have internal predecessors, (88), 15 states have call successors, (15), 9 states have call predecessors, (15), 9 states have return successors, (15), 10 states have call predecessors, (15), 15 states have call successors, (15) [2023-11-06 22:56:36,336 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 92 states to 92 states and 118 transitions. [2023-11-06 22:56:36,336 INFO L78 Accepts]: Start accepts. Automaton has 92 states and 118 transitions. Word has length 30 [2023-11-06 22:56:36,336 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:36,337 INFO L495 AbstractCegarLoop]: Abstraction has 92 states and 118 transitions. [2023-11-06 22:56:36,337 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:56:36,337 INFO L276 IsEmpty]: Start isEmpty. Operand 92 states and 118 transitions. [2023-11-06 22:56:36,339 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 46 [2023-11-06 22:56:36,339 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:36,339 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:36,340 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2023-11-06 22:56:36,340 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:36,340 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:36,341 INFO L85 PathProgramCache]: Analyzing trace with hash -1575345012, now seen corresponding path program 1 times [2023-11-06 22:56:36,341 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:36,341 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2124042656] [2023-11-06 22:56:36,341 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:36,342 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:36,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:36,429 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:56:36,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:36,442 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:36,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:36,459 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:36,460 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:36,463 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 34 [2023-11-06 22:56:36,464 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:36,467 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:56:36,467 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:36,467 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2124042656] [2023-11-06 22:56:36,467 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2124042656] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:36,468 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:36,468 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 22:56:36,468 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1445035551] [2023-11-06 22:56:36,468 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:36,469 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 22:56:36,469 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:36,470 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 22:56:36,470 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 22:56:36,470 INFO L87 Difference]: Start difference. First operand 92 states and 118 transitions. Second operand has 5 states, 5 states have (on average 7.2) internal successors, (36), 5 states have internal predecessors, (36), 4 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 22:56:36,819 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:36,820 INFO L93 Difference]: Finished difference Result 268 states and 342 transitions. [2023-11-06 22:56:36,820 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 22:56:36,820 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.2) internal successors, (36), 5 states have internal predecessors, (36), 4 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 45 [2023-11-06 22:56:36,821 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:36,823 INFO L225 Difference]: With dead ends: 268 [2023-11-06 22:56:36,825 INFO L226 Difference]: Without dead ends: 183 [2023-11-06 22:56:36,832 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2023-11-06 22:56:36,840 INFO L413 NwaCegarLoop]: 131 mSDtfsCounter, 231 mSDsluCounter, 187 mSDsCounter, 0 mSdLazyCounter, 143 mSolverCounterSat, 77 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 233 SdHoareTripleChecker+Valid, 318 SdHoareTripleChecker+Invalid, 220 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 77 IncrementalHoareTripleChecker+Valid, 143 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:36,840 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [233 Valid, 318 Invalid, 220 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [77 Valid, 143 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 22:56:36,841 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 183 states. [2023-11-06 22:56:36,878 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 183 to 177. [2023-11-06 22:56:36,880 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 177 states, 131 states have (on average 1.251908396946565) internal successors, (164), 140 states have internal predecessors, (164), 22 states have call successors, (22), 18 states have call predecessors, (22), 23 states have return successors, (29), 24 states have call predecessors, (29), 22 states have call successors, (29) [2023-11-06 22:56:36,882 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 177 states to 177 states and 215 transitions. [2023-11-06 22:56:36,883 INFO L78 Accepts]: Start accepts. Automaton has 177 states and 215 transitions. Word has length 45 [2023-11-06 22:56:36,883 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:36,883 INFO L495 AbstractCegarLoop]: Abstraction has 177 states and 215 transitions. [2023-11-06 22:56:36,884 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.2) internal successors, (36), 5 states have internal predecessors, (36), 4 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 22:56:36,884 INFO L276 IsEmpty]: Start isEmpty. Operand 177 states and 215 transitions. [2023-11-06 22:56:36,888 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2023-11-06 22:56:36,888 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:36,889 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:36,889 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2023-11-06 22:56:36,889 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:36,890 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:36,890 INFO L85 PathProgramCache]: Analyzing trace with hash -1919204828, now seen corresponding path program 1 times [2023-11-06 22:56:36,890 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:36,891 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2020089028] [2023-11-06 22:56:36,892 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:36,892 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:36,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:56:37,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:37,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:56:37,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2023-11-06 22:56:37,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,066 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:56:37,069 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:37,070 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2020089028] [2023-11-06 22:56:37,070 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2020089028] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:37,070 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:37,070 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 22:56:37,071 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [788843831] [2023-11-06 22:56:37,072 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:37,073 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 22:56:37,073 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:37,074 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 22:56:37,075 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 22:56:37,075 INFO L87 Difference]: Start difference. First operand 177 states and 215 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 3 states have call predecessors, (5), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 22:56:37,380 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:37,380 INFO L93 Difference]: Finished difference Result 452 states and 570 transitions. [2023-11-06 22:56:37,380 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2023-11-06 22:56:37,381 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 3 states have call predecessors, (5), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 51 [2023-11-06 22:56:37,382 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:37,390 INFO L225 Difference]: With dead ends: 452 [2023-11-06 22:56:37,390 INFO L226 Difference]: Without dead ends: 282 [2023-11-06 22:56:37,392 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2023-11-06 22:56:37,399 INFO L413 NwaCegarLoop]: 98 mSDtfsCounter, 159 mSDsluCounter, 306 mSDsCounter, 0 mSdLazyCounter, 188 mSolverCounterSat, 45 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 166 SdHoareTripleChecker+Valid, 404 SdHoareTripleChecker+Invalid, 233 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 45 IncrementalHoareTripleChecker+Valid, 188 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:37,400 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [166 Valid, 404 Invalid, 233 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [45 Valid, 188 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 22:56:37,402 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 282 states. [2023-11-06 22:56:37,463 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 282 to 274. [2023-11-06 22:56:37,464 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 274 states, 203 states have (on average 1.2413793103448276) internal successors, (252), 215 states have internal predecessors, (252), 35 states have call successors, (35), 30 states have call predecessors, (35), 35 states have return successors, (48), 37 states have call predecessors, (48), 35 states have call successors, (48) [2023-11-06 22:56:37,466 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 274 states to 274 states and 335 transitions. [2023-11-06 22:56:37,472 INFO L78 Accepts]: Start accepts. Automaton has 274 states and 335 transitions. Word has length 51 [2023-11-06 22:56:37,474 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:37,474 INFO L495 AbstractCegarLoop]: Abstraction has 274 states and 335 transitions. [2023-11-06 22:56:37,474 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 3 states have call predecessors, (5), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 22:56:37,474 INFO L276 IsEmpty]: Start isEmpty. Operand 274 states and 335 transitions. [2023-11-06 22:56:37,476 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2023-11-06 22:56:37,477 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:37,477 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:37,477 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2023-11-06 22:56:37,477 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:37,478 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:37,478 INFO L85 PathProgramCache]: Analyzing trace with hash -1745115842, now seen corresponding path program 1 times [2023-11-06 22:56:37,478 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:37,478 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2089573185] [2023-11-06 22:56:37,478 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:37,479 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:37,504 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:56:37,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,675 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:56:37,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:37,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:56:37,717 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2023-11-06 22:56:37,738 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:37,741 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:56:37,741 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:37,742 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2089573185] [2023-11-06 22:56:37,742 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2089573185] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:37,742 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:37,742 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2023-11-06 22:56:37,742 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1618264378] [2023-11-06 22:56:37,743 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:37,743 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2023-11-06 22:56:37,743 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:37,744 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2023-11-06 22:56:37,744 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2023-11-06 22:56:37,745 INFO L87 Difference]: Start difference. First operand 274 states and 335 transitions. Second operand has 8 states, 8 states have (on average 5.5) internal successors, (44), 6 states have internal predecessors, (44), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2023-11-06 22:56:38,478 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:38,479 INFO L93 Difference]: Finished difference Result 666 states and 852 transitions. [2023-11-06 22:56:38,479 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2023-11-06 22:56:38,480 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.5) internal successors, (44), 6 states have internal predecessors, (44), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) Word has length 55 [2023-11-06 22:56:38,480 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:38,488 INFO L225 Difference]: With dead ends: 666 [2023-11-06 22:56:38,488 INFO L226 Difference]: Without dead ends: 496 [2023-11-06 22:56:38,490 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 36 GetRequests, 15 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 96 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=141, Invalid=365, Unknown=0, NotChecked=0, Total=506 [2023-11-06 22:56:38,492 INFO L413 NwaCegarLoop]: 65 mSDtfsCounter, 445 mSDsluCounter, 249 mSDsCounter, 0 mSdLazyCounter, 396 mSolverCounterSat, 181 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 450 SdHoareTripleChecker+Valid, 314 SdHoareTripleChecker+Invalid, 577 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 181 IncrementalHoareTripleChecker+Valid, 396 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:38,494 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [450 Valid, 314 Invalid, 577 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [181 Valid, 396 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2023-11-06 22:56:38,497 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 496 states. [2023-11-06 22:56:38,564 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 496 to 458. [2023-11-06 22:56:38,565 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 458 states, 337 states have (on average 1.2195845697329377) internal successors, (411), 359 states have internal predecessors, (411), 60 states have call successors, (60), 46 states have call predecessors, (60), 60 states have return successors, (95), 64 states have call predecessors, (95), 60 states have call successors, (95) [2023-11-06 22:56:38,569 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 458 states to 458 states and 566 transitions. [2023-11-06 22:56:38,569 INFO L78 Accepts]: Start accepts. Automaton has 458 states and 566 transitions. Word has length 55 [2023-11-06 22:56:38,570 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:38,570 INFO L495 AbstractCegarLoop]: Abstraction has 458 states and 566 transitions. [2023-11-06 22:56:38,570 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.5) internal successors, (44), 6 states have internal predecessors, (44), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2023-11-06 22:56:38,570 INFO L276 IsEmpty]: Start isEmpty. Operand 458 states and 566 transitions. [2023-11-06 22:56:38,572 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2023-11-06 22:56:38,572 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:38,572 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:38,572 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2023-11-06 22:56:38,572 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:38,573 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:38,573 INFO L85 PathProgramCache]: Analyzing trace with hash -1683076228, now seen corresponding path program 1 times [2023-11-06 22:56:38,573 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:38,573 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [817355596] [2023-11-06 22:56:38,574 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:38,574 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:38,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:38,641 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:56:38,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:38,651 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:56:38,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:38,669 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:38,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:38,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:56:38,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:38,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2023-11-06 22:56:38,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:38,718 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:56:38,718 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:38,719 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [817355596] [2023-11-06 22:56:38,719 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [817355596] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:38,719 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:38,719 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 22:56:38,719 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [121513641] [2023-11-06 22:56:38,720 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:38,720 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 22:56:38,720 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:38,721 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 22:56:38,721 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 22:56:38,721 INFO L87 Difference]: Start difference. First operand 458 states and 566 transitions. Second operand has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 4 states have internal predecessors, (44), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 22:56:39,095 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:39,096 INFO L93 Difference]: Finished difference Result 826 states and 1026 transitions. [2023-11-06 22:56:39,096 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2023-11-06 22:56:39,096 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 4 states have internal predecessors, (44), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) Word has length 55 [2023-11-06 22:56:39,097 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:39,100 INFO L225 Difference]: With dead ends: 826 [2023-11-06 22:56:39,100 INFO L226 Difference]: Without dead ends: 468 [2023-11-06 22:56:39,102 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2023-11-06 22:56:39,103 INFO L413 NwaCegarLoop]: 69 mSDtfsCounter, 165 mSDsluCounter, 211 mSDsCounter, 0 mSdLazyCounter, 321 mSolverCounterSat, 56 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 168 SdHoareTripleChecker+Valid, 280 SdHoareTripleChecker+Invalid, 377 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 56 IncrementalHoareTripleChecker+Valid, 321 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:39,103 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [168 Valid, 280 Invalid, 377 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [56 Valid, 321 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2023-11-06 22:56:39,104 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 468 states. [2023-11-06 22:56:39,158 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 468 to 458. [2023-11-06 22:56:39,159 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 458 states, 337 states have (on average 1.2166172106824926) internal successors, (410), 359 states have internal predecessors, (410), 60 states have call successors, (60), 46 states have call predecessors, (60), 60 states have return successors, (95), 64 states have call predecessors, (95), 60 states have call successors, (95) [2023-11-06 22:56:39,163 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 458 states to 458 states and 565 transitions. [2023-11-06 22:56:39,163 INFO L78 Accepts]: Start accepts. Automaton has 458 states and 565 transitions. Word has length 55 [2023-11-06 22:56:39,164 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:39,164 INFO L495 AbstractCegarLoop]: Abstraction has 458 states and 565 transitions. [2023-11-06 22:56:39,164 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 4 states have internal predecessors, (44), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 22:56:39,164 INFO L276 IsEmpty]: Start isEmpty. Operand 458 states and 565 transitions. [2023-11-06 22:56:39,166 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2023-11-06 22:56:39,166 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:39,166 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:39,166 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2023-11-06 22:56:39,166 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:39,167 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:39,167 INFO L85 PathProgramCache]: Analyzing trace with hash -1817089734, now seen corresponding path program 1 times [2023-11-06 22:56:39,167 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:39,167 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1427755939] [2023-11-06 22:56:39,168 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:39,168 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:39,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:39,238 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:56:39,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:39,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:56:39,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:39,261 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:39,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:39,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:56:39,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:39,305 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2023-11-06 22:56:39,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:39,308 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:56:39,308 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:39,308 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1427755939] [2023-11-06 22:56:39,308 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1427755939] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:39,309 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:39,309 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2023-11-06 22:56:39,309 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [550444324] [2023-11-06 22:56:39,309 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:39,310 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2023-11-06 22:56:39,310 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:39,310 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2023-11-06 22:56:39,311 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2023-11-06 22:56:39,311 INFO L87 Difference]: Start difference. First operand 458 states and 565 transitions. Second operand has 9 states, 9 states have (on average 4.888888888888889) internal successors, (44), 7 states have internal predecessors, (44), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 22:56:39,830 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:39,830 INFO L93 Difference]: Finished difference Result 938 states and 1173 transitions. [2023-11-06 22:56:39,831 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2023-11-06 22:56:39,831 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 4.888888888888889) internal successors, (44), 7 states have internal predecessors, (44), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) Word has length 55 [2023-11-06 22:56:39,832 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:39,835 INFO L225 Difference]: With dead ends: 938 [2023-11-06 22:56:39,835 INFO L226 Difference]: Without dead ends: 487 [2023-11-06 22:56:39,837 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 15 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 11 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=160, Unknown=0, NotChecked=0, Total=210 [2023-11-06 22:56:39,838 INFO L413 NwaCegarLoop]: 67 mSDtfsCounter, 211 mSDsluCounter, 358 mSDsCounter, 0 mSdLazyCounter, 556 mSolverCounterSat, 66 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 214 SdHoareTripleChecker+Valid, 425 SdHoareTripleChecker+Invalid, 622 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 66 IncrementalHoareTripleChecker+Valid, 556 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:39,838 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [214 Valid, 425 Invalid, 622 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [66 Valid, 556 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2023-11-06 22:56:39,840 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 487 states. [2023-11-06 22:56:39,887 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 487 to 461. [2023-11-06 22:56:39,888 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 461 states, 342 states have (on average 1.2105263157894737) internal successors, (414), 363 states have internal predecessors, (414), 59 states have call successors, (59), 45 states have call predecessors, (59), 59 states have return successors, (94), 63 states have call predecessors, (94), 59 states have call successors, (94) [2023-11-06 22:56:39,891 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 461 states to 461 states and 567 transitions. [2023-11-06 22:56:39,892 INFO L78 Accepts]: Start accepts. Automaton has 461 states and 567 transitions. Word has length 55 [2023-11-06 22:56:39,892 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:39,893 INFO L495 AbstractCegarLoop]: Abstraction has 461 states and 567 transitions. [2023-11-06 22:56:39,893 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 4.888888888888889) internal successors, (44), 7 states have internal predecessors, (44), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 22:56:39,893 INFO L276 IsEmpty]: Start isEmpty. Operand 461 states and 567 transitions. [2023-11-06 22:56:39,894 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 65 [2023-11-06 22:56:39,894 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:39,895 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:39,895 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2023-11-06 22:56:39,895 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:39,896 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:39,896 INFO L85 PathProgramCache]: Analyzing trace with hash 1139830327, now seen corresponding path program 1 times [2023-11-06 22:56:39,896 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:39,896 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [894541944] [2023-11-06 22:56:39,896 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:39,897 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:39,909 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:39,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:56:39,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:40,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:56:40,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:40,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:40,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:40,082 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:56:40,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:40,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:56:40,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:40,127 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2023-11-06 22:56:40,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:40,138 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:56:40,138 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:40,138 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [894541944] [2023-11-06 22:56:40,138 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [894541944] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:40,138 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:40,139 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2023-11-06 22:56:40,139 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [209894519] [2023-11-06 22:56:40,139 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:40,140 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2023-11-06 22:56:40,140 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:40,140 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2023-11-06 22:56:40,141 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=109, Unknown=0, NotChecked=0, Total=132 [2023-11-06 22:56:40,141 INFO L87 Difference]: Start difference. First operand 461 states and 567 transitions. Second operand has 12 states, 12 states have (on average 4.083333333333333) internal successors, (49), 7 states have internal predecessors, (49), 2 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (6), 5 states have call predecessors, (6), 2 states have call successors, (6) [2023-11-06 22:56:41,548 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:41,548 INFO L93 Difference]: Finished difference Result 1331 states and 1697 transitions. [2023-11-06 22:56:41,549 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 30 states. [2023-11-06 22:56:41,549 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 12 states have (on average 4.083333333333333) internal successors, (49), 7 states have internal predecessors, (49), 2 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (6), 5 states have call predecessors, (6), 2 states have call successors, (6) Word has length 64 [2023-11-06 22:56:41,550 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:41,558 INFO L225 Difference]: With dead ends: 1331 [2023-11-06 22:56:41,558 INFO L226 Difference]: Without dead ends: 877 [2023-11-06 22:56:41,561 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 16 SyntacticMatches, 0 SemanticMatches, 34 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 261 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=243, Invalid=1017, Unknown=0, NotChecked=0, Total=1260 [2023-11-06 22:56:41,564 INFO L413 NwaCegarLoop]: 114 mSDtfsCounter, 225 mSDsluCounter, 787 mSDsCounter, 0 mSdLazyCounter, 1329 mSolverCounterSat, 83 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 231 SdHoareTripleChecker+Valid, 901 SdHoareTripleChecker+Invalid, 1412 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 83 IncrementalHoareTripleChecker+Valid, 1329 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:41,564 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [231 Valid, 901 Invalid, 1412 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [83 Valid, 1329 Invalid, 0 Unknown, 0 Unchecked, 1.0s Time] [2023-11-06 22:56:41,566 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 877 states. [2023-11-06 22:56:41,715 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 877 to 862. [2023-11-06 22:56:41,717 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 862 states, 629 states have (on average 1.1828298887122417) internal successors, (744), 667 states have internal predecessors, (744), 117 states have call successors, (117), 90 states have call predecessors, (117), 115 states have return successors, (205), 123 states have call predecessors, (205), 117 states have call successors, (205) [2023-11-06 22:56:41,724 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 862 states to 862 states and 1066 transitions. [2023-11-06 22:56:41,725 INFO L78 Accepts]: Start accepts. Automaton has 862 states and 1066 transitions. Word has length 64 [2023-11-06 22:56:41,725 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:41,726 INFO L495 AbstractCegarLoop]: Abstraction has 862 states and 1066 transitions. [2023-11-06 22:56:41,726 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 12 states have (on average 4.083333333333333) internal successors, (49), 7 states have internal predecessors, (49), 2 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (6), 5 states have call predecessors, (6), 2 states have call successors, (6) [2023-11-06 22:56:41,726 INFO L276 IsEmpty]: Start isEmpty. Operand 862 states and 1066 transitions. [2023-11-06 22:56:41,729 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 66 [2023-11-06 22:56:41,729 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:41,729 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:41,730 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2023-11-06 22:56:41,730 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:41,730 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:41,731 INFO L85 PathProgramCache]: Analyzing trace with hash 890398829, now seen corresponding path program 1 times [2023-11-06 22:56:41,731 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:41,731 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [379025077] [2023-11-06 22:56:41,731 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:41,732 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:41,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:41,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:56:41,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:41,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:56:41,833 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:41,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:41,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:41,872 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:56:41,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:41,876 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:56:41,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:41,878 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2023-11-06 22:56:41,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:41,883 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:56:41,883 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:41,883 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [379025077] [2023-11-06 22:56:41,884 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [379025077] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:56:41,884 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:56:41,884 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2023-11-06 22:56:41,884 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [941226465] [2023-11-06 22:56:41,884 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:56:41,885 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2023-11-06 22:56:41,886 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:41,886 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2023-11-06 22:56:41,886 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2023-11-06 22:56:41,887 INFO L87 Difference]: Start difference. First operand 862 states and 1066 transitions. Second operand has 7 states, 7 states have (on average 7.142857142857143) internal successors, (50), 5 states have internal predecessors, (50), 2 states have call successors, (7), 3 states have call predecessors, (7), 2 states have return successors, (6), 2 states have call predecessors, (6), 2 states have call successors, (6) [2023-11-06 22:56:42,455 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:42,456 INFO L93 Difference]: Finished difference Result 1723 states and 2131 transitions. [2023-11-06 22:56:42,457 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2023-11-06 22:56:42,457 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 7.142857142857143) internal successors, (50), 5 states have internal predecessors, (50), 2 states have call successors, (7), 3 states have call predecessors, (7), 2 states have return successors, (6), 2 states have call predecessors, (6), 2 states have call successors, (6) Word has length 65 [2023-11-06 22:56:42,458 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:42,463 INFO L225 Difference]: With dead ends: 1723 [2023-11-06 22:56:42,463 INFO L226 Difference]: Without dead ends: 868 [2023-11-06 22:56:42,468 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 20 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=59, Invalid=151, Unknown=0, NotChecked=0, Total=210 [2023-11-06 22:56:42,469 INFO L413 NwaCegarLoop]: 108 mSDtfsCounter, 233 mSDsluCounter, 340 mSDsCounter, 0 mSdLazyCounter, 469 mSolverCounterSat, 74 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 236 SdHoareTripleChecker+Valid, 448 SdHoareTripleChecker+Invalid, 543 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 74 IncrementalHoareTripleChecker+Valid, 469 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:42,471 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [236 Valid, 448 Invalid, 543 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [74 Valid, 469 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2023-11-06 22:56:42,472 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 868 states. [2023-11-06 22:56:42,555 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 868 to 862. [2023-11-06 22:56:42,557 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 862 states, 629 states have (on average 1.1701112877583466) internal successors, (736), 667 states have internal predecessors, (736), 117 states have call successors, (117), 90 states have call predecessors, (117), 115 states have return successors, (186), 123 states have call predecessors, (186), 117 states have call successors, (186) [2023-11-06 22:56:42,563 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 862 states to 862 states and 1039 transitions. [2023-11-06 22:56:42,563 INFO L78 Accepts]: Start accepts. Automaton has 862 states and 1039 transitions. Word has length 65 [2023-11-06 22:56:42,565 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:42,565 INFO L495 AbstractCegarLoop]: Abstraction has 862 states and 1039 transitions. [2023-11-06 22:56:42,565 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 7.142857142857143) internal successors, (50), 5 states have internal predecessors, (50), 2 states have call successors, (7), 3 states have call predecessors, (7), 2 states have return successors, (6), 2 states have call predecessors, (6), 2 states have call successors, (6) [2023-11-06 22:56:42,565 INFO L276 IsEmpty]: Start isEmpty. Operand 862 states and 1039 transitions. [2023-11-06 22:56:42,574 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2023-11-06 22:56:42,575 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:56:42,575 INFO L195 NwaCegarLoop]: trace histogram [4, 4, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:42,575 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2023-11-06 22:56:42,575 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:56:42,576 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:56:42,576 INFO L85 PathProgramCache]: Analyzing trace with hash -1014722144, now seen corresponding path program 1 times [2023-11-06 22:56:42,576 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:56:42,577 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1871298120] [2023-11-06 22:56:42,577 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:42,577 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:56:42,593 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,709 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:56:42,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,717 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:56:42,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2023-11-06 22:56:42,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,810 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:56:42,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,864 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:56:42,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:56:42,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 34 [2023-11-06 22:56:42,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,936 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2023-11-06 22:56:42,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,940 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:56:42,942 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2023-11-06 22:56:42,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2023-11-06 22:56:42,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:42,952 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 17 proven. 11 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2023-11-06 22:56:42,952 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:56:42,952 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1871298120] [2023-11-06 22:56:42,952 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1871298120] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 22:56:42,953 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [98428101] [2023-11-06 22:56:42,953 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:56:42,953 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:56:42,953 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 22:56:42,959 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 22:56:42,966 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2023-11-06 22:56:43,085 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:56:43,089 INFO L262 TraceCheckSpWp]: Trace formula consists of 344 conjuncts, 13 conjunts are in the unsatisfiable core [2023-11-06 22:56:43,099 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 22:56:43,384 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 17 proven. 12 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2023-11-06 22:56:43,384 INFO L327 TraceCheckSpWp]: Computing backward predicates... [2023-11-06 22:56:43,824 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 8 proven. 4 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2023-11-06 22:56:43,825 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [98428101] provided 0 perfect and 2 imperfect interpolant sequences [2023-11-06 22:56:43,825 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2023-11-06 22:56:43,825 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 8, 9] total 22 [2023-11-06 22:56:43,825 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [357312067] [2023-11-06 22:56:43,825 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2023-11-06 22:56:43,826 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 22 states [2023-11-06 22:56:43,826 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:56:43,826 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 22 interpolants. [2023-11-06 22:56:43,827 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=68, Invalid=394, Unknown=0, NotChecked=0, Total=462 [2023-11-06 22:56:43,827 INFO L87 Difference]: Start difference. First operand 862 states and 1039 transitions. Second operand has 22 states, 22 states have (on average 6.681818181818182) internal successors, (147), 15 states have internal predecessors, (147), 7 states have call successors, (28), 10 states have call predecessors, (28), 10 states have return successors, (28), 10 states have call predecessors, (28), 7 states have call successors, (28) [2023-11-06 22:56:46,232 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:56:46,232 INFO L93 Difference]: Finished difference Result 1809 states and 2244 transitions. [2023-11-06 22:56:46,233 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 59 states. [2023-11-06 22:56:46,233 INFO L78 Accepts]: Start accepts. Automaton has has 22 states, 22 states have (on average 6.681818181818182) internal successors, (147), 15 states have internal predecessors, (147), 7 states have call successors, (28), 10 states have call predecessors, (28), 10 states have return successors, (28), 10 states have call predecessors, (28), 7 states have call successors, (28) Word has length 105 [2023-11-06 22:56:46,233 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:56:46,235 INFO L225 Difference]: With dead ends: 1809 [2023-11-06 22:56:46,235 INFO L226 Difference]: Without dead ends: 0 [2023-11-06 22:56:46,251 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 310 GetRequests, 228 SyntacticMatches, 7 SemanticMatches, 75 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1630 ImplicationChecksByTransitivity, 1.3s TimeCoverageRelationStatistics Valid=1291, Invalid=4561, Unknown=0, NotChecked=0, Total=5852 [2023-11-06 22:56:46,252 INFO L413 NwaCegarLoop]: 51 mSDtfsCounter, 1306 mSDsluCounter, 500 mSDsCounter, 0 mSdLazyCounter, 1020 mSolverCounterSat, 599 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1308 SdHoareTripleChecker+Valid, 551 SdHoareTripleChecker+Invalid, 1619 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 599 IncrementalHoareTripleChecker+Valid, 1020 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:56:46,253 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1308 Valid, 551 Invalid, 1619 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [599 Valid, 1020 Invalid, 0 Unknown, 0 Unchecked, 1.2s Time] [2023-11-06 22:56:46,253 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2023-11-06 22:56:46,254 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2023-11-06 22:56:46,254 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2023-11-06 22:56:46,254 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2023-11-06 22:56:46,255 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 105 [2023-11-06 22:56:46,255 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:56:46,255 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2023-11-06 22:56:46,256 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 22 states, 22 states have (on average 6.681818181818182) internal successors, (147), 15 states have internal predecessors, (147), 7 states have call successors, (28), 10 states have call predecessors, (28), 10 states have return successors, (28), 10 states have call predecessors, (28), 7 states have call successors, (28) [2023-11-06 22:56:46,256 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2023-11-06 22:56:46,256 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2023-11-06 22:56:46,259 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2023-11-06 22:56:46,285 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2023-11-06 22:56:46,485 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:56:46,487 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2023-11-06 22:56:52,778 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 266 273) no Hoare annotation was computed. [2023-11-06 22:56:52,779 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 266 273) the Hoare annotation is: (or (not (= 1 ~systemActive~0)) (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) [2023-11-06 22:56:52,779 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 266 273) no Hoare annotation was computed. [2023-11-06 22:56:52,779 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 156 162) no Hoare annotation was computed. [2023-11-06 22:56:52,780 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 156 162) the Hoare annotation is: true [2023-11-06 22:56:52,780 INFO L895 garLoopResultBuilder]: At program point L209(line 209) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0) (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1))))) [2023-11-06 22:56:52,780 INFO L899 garLoopResultBuilder]: For program point L209-1(lines 190 214) no Hoare annotation was computed. [2023-11-06 22:56:52,780 INFO L895 garLoopResultBuilder]: At program point isLowWaterSensorDry_returnLabel#1(lines 463 471) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0))) [2023-11-06 22:56:52,781 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 190 214) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0))) [2023-11-06 22:56:52,781 INFO L899 garLoopResultBuilder]: For program point L358(lines 358 362) no Hoare annotation was computed. [2023-11-06 22:56:52,781 INFO L899 garLoopResultBuilder]: For program point L358-2(lines 358 362) no Hoare annotation was computed. [2023-11-06 22:56:52,781 INFO L895 garLoopResultBuilder]: At program point isLowWaterLevel_returnLabel#1(lines 349 367) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0))) [2023-11-06 22:56:52,781 INFO L895 garLoopResultBuilder]: At program point L204(line 204) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0))) [2023-11-06 22:56:52,782 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__methaneQueryEXIT(lines 190 214) no Hoare annotation was computed. [2023-11-06 22:56:52,782 INFO L895 garLoopResultBuilder]: At program point L200(line 200) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0))) [2023-11-06 22:56:52,782 INFO L899 garLoopResultBuilder]: For program point L198(lines 198 206) no Hoare annotation was computed. [2023-11-06 22:56:52,782 INFO L899 garLoopResultBuilder]: For program point L194(lines 194 211) no Hoare annotation was computed. [2023-11-06 22:56:52,782 INFO L899 garLoopResultBuilder]: For program point L400-1(lines 396 407) no Hoare annotation was computed. [2023-11-06 22:56:52,782 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 396 407) the Hoare annotation is: (let ((.cse3 (= ~methaneLevelCritical~0 0)) (.cse5 (= |old(~methaneLevelCritical~0)| 0))) (let ((.cse1 (not .cse5)) (.cse7 (not (= ~pumpRunning~0 1))) (.cse0 (< 2 ~waterLevel~0)) (.cse2 (not (= ~pumpRunning~0 0))) (.cse4 (not (= 1 ~systemActive~0))) (.cse6 (not .cse3))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse4 .cse5 .cse6 .cse7) (or .cse0 .cse1 .cse3 .cse4 .cse7) (or .cse0 .cse2 .cse4 .cse5 .cse6)))) [2023-11-06 22:56:52,783 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 396 407) no Hoare annotation was computed. [2023-11-06 22:56:52,783 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 408 416) the Hoare annotation is: true [2023-11-06 22:56:52,783 INFO L899 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 408 416) no Hoare annotation was computed. [2023-11-06 22:56:52,783 INFO L899 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 408 416) no Hoare annotation was computed. [2023-11-06 22:56:52,783 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 483 512) no Hoare annotation was computed. [2023-11-06 22:56:52,783 INFO L902 garLoopResultBuilder]: At program point L508(lines 483 512) the Hoare annotation is: true [2023-11-06 22:56:52,783 INFO L899 garLoopResultBuilder]: For program point L504(line 504) no Hoare annotation was computed. [2023-11-06 22:56:52,784 INFO L899 garLoopResultBuilder]: For program point L497(lines 497 501) no Hoare annotation was computed. [2023-11-06 22:56:52,784 INFO L902 garLoopResultBuilder]: At program point L497-1(lines 497 501) the Hoare annotation is: true [2023-11-06 22:56:52,784 INFO L899 garLoopResultBuilder]: For program point L494(line 494) no Hoare annotation was computed. [2023-11-06 22:56:52,784 INFO L902 garLoopResultBuilder]: At program point L493-2(lines 493 507) the Hoare annotation is: true [2023-11-06 22:56:52,784 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 483 512) the Hoare annotation is: true [2023-11-06 22:56:52,784 INFO L902 garLoopResultBuilder]: At program point L489(line 489) the Hoare annotation is: true [2023-11-06 22:56:52,784 INFO L899 garLoopResultBuilder]: For program point L489-1(line 489) no Hoare annotation was computed. [2023-11-06 22:56:52,785 INFO L899 garLoopResultBuilder]: For program point L477(line 477) no Hoare annotation was computed. [2023-11-06 22:56:52,785 INFO L899 garLoopResultBuilder]: For program point L143-1(lines 143 149) no Hoare annotation was computed. [2023-11-06 22:56:52,785 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 132 155) no Hoare annotation was computed. [2023-11-06 22:56:52,785 INFO L895 garLoopResultBuilder]: At program point L230(line 230) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (and (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 1)) .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:56:52,785 INFO L895 garLoopResultBuilder]: At program point L226(line 226) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (and (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 1)) .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:56:52,786 INFO L895 garLoopResultBuilder]: At program point L222(line 222) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (and (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 1)) .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:56:52,786 INFO L899 garLoopResultBuilder]: For program point L222-1(line 222) no Hoare annotation was computed. [2023-11-06 22:56:52,786 INFO L895 garLoopResultBuilder]: At program point getWaterLevel_returnLabel#1(lines 440 448) the Hoare annotation is: (let ((.cse2 (= ~methaneLevelCritical~0 0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse8 (= ~pumpRunning~0 1)) (.cse6 (= |timeShift___utac_acc__Specification3_spec__1_~tmp~8#1| 0)) (.cse9 (= ~pumpRunning~0 0)) (.cse10 (<= ~waterLevel~0 1)) (.cse5 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse3 (not (= |old(~pumpRunning~0)| 1))) (.cse4 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (= |timeShift_getWaterLevel_#res#1| 1)) (or .cse2 .cse1 .cse3 .cse4) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1 .cse5) (or .cse0 .cse2 .cse1 .cse4) (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and .cse6 .cse7 .cse8) .cse1 (and .cse6 .cse9 .cse10 .cse7) .cse4)) (let ((.cse11 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or .cse1 (and .cse6 .cse10 .cse11 .cse5 .cse8) (and .cse6 .cse9 .cse10 .cse11 .cse5) .cse3 .cse4)))) [2023-11-06 22:56:52,787 INFO L899 garLoopResultBuilder]: For program point L590(lines 590 610) no Hoare annotation was computed. [2023-11-06 22:56:52,795 INFO L895 garLoopResultBuilder]: At program point L235(line 235) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse1))) [2023-11-06 22:56:52,795 INFO L895 garLoopResultBuilder]: At program point L235-1(lines 216 240) the Hoare annotation is: (let ((.cse0 (<= ~waterLevel~0 1)) (.cse2 (= ~pumpRunning~0 1)) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 0)) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (= ~methaneLevelCritical~0 0)) (.cse3 (not (= 1 ~systemActive~0))) (.cse5 (< 2 |old(~waterLevel~0)|))) (and (let ((.cse1 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or (and .cse0 .cse1 .cse2) .cse3 (not (= |old(~pumpRunning~0)| 1)) (and .cse4 .cse0 .cse1) .cse5)) (or (and .cse4 .cse0 .cse6) .cse7 .cse3 (not .cse8) .cse5 (and .cse6 .cse2)) (or .cse7 (and .cse4 .cse6) .cse8 .cse3 .cse5))) [2023-11-06 22:56:52,796 INFO L899 garLoopResultBuilder]: For program point L136-1(lines 135 154) no Hoare annotation was computed. [2023-11-06 22:56:52,796 INFO L899 garLoopResultBuilder]: For program point L376(lines 376 380) no Hoare annotation was computed. [2023-11-06 22:56:52,796 INFO L895 garLoopResultBuilder]: At program point L376-2(lines 372 383) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (and (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 1)) .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:56:52,796 INFO L895 garLoopResultBuilder]: At program point __automaton_fail_returnLabel#1(lines 473 480) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:56:52,796 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 132 155) the Hoare annotation is: (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1 (and .cse2 (= ~pumpRunning~0 1))) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse2) .cse0 .cse1))) [2023-11-06 22:56:52,797 INFO L899 garLoopResultBuilder]: For program point L224(lines 224 232) no Hoare annotation was computed. [2023-11-06 22:56:52,797 INFO L899 garLoopResultBuilder]: For program point L220(lines 220 237) no Hoare annotation was computed. [2023-11-06 22:56:52,797 INFO L899 garLoopResultBuilder]: For program point L600(lines 600 606) no Hoare annotation was computed. [2023-11-06 22:56:52,797 INFO L899 garLoopResultBuilder]: For program point L596(lines 596 609) no Hoare annotation was computed. [2023-11-06 22:56:52,797 INFO L895 garLoopResultBuilder]: At program point L596-1(lines 581 613) the Hoare annotation is: (let ((.cse1 (= |timeShift___utac_acc__Specification3_spec__1_~tmp~8#1| 0)) (.cse14 (= ~methaneLevelCritical~0 0))) (let ((.cse12 (< 1 |old(~waterLevel~0)|)) (.cse9 (<= |timeShift___utac_acc__Specification3_spec__1_~tmp___0~3#1| 1)) (.cse10 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse5 (not .cse14)) (.cse3 (= ~pumpRunning~0 1)) (.cse6 (= ~pumpRunning~0 0)) (.cse7 (<= ~waterLevel~0 1)) (.cse11 (not (= |old(~pumpRunning~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse13 (not .cse1)) (.cse8 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (and .cse1 .cse2 .cse3) .cse4 .cse5 (and .cse1 .cse6 .cse7 .cse2) .cse8) (or (and .cse1 .cse6 .cse7 .cse9 .cse10) .cse4 .cse5 .cse11 (and .cse1 .cse7 .cse9 .cse10 .cse3) .cse8) (or .cse12 .cse4 .cse11 (<= ~waterLevel~0 |old(~waterLevel~0)|)) (or .cse12 .cse0 .cse4 (and .cse9 .cse10) .cse5) (or (and .cse7 .cse13 .cse3) .cse14 .cse4 (and .cse6 .cse7 .cse13) .cse11 .cse8) (or .cse0 .cse14 .cse4 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse2 .cse13) .cse8)))) [2023-11-06 22:56:52,797 INFO L895 garLoopResultBuilder]: At program point L588(line 588) the Hoare annotation is: (let ((.cse0 (<= ~waterLevel~0 1)) (.cse2 (= ~pumpRunning~0 1)) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 0)) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (= ~methaneLevelCritical~0 0)) (.cse3 (not (= 1 ~systemActive~0))) (.cse5 (< 2 |old(~waterLevel~0)|))) (and (let ((.cse1 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or (and .cse0 .cse1 .cse2) .cse3 (not (= |old(~pumpRunning~0)| 1)) (and .cse4 .cse0 .cse1) .cse5)) (or (and .cse4 .cse0 .cse6) .cse7 .cse3 (not .cse8) .cse5 (and .cse6 .cse2)) (or .cse7 (and .cse4 .cse6) .cse8 .cse3 .cse5))) [2023-11-06 22:56:52,798 INFO L899 garLoopResultBuilder]: For program point L588-1(line 588) no Hoare annotation was computed. [2023-11-06 22:56:52,798 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 132 155) no Hoare annotation was computed. [2023-11-06 22:56:52,798 INFO L895 garLoopResultBuilder]: At program point isPumpRunning_returnLabel#1(lines 285 293) the Hoare annotation is: (let ((.cse2 (< 2 |old(~waterLevel~0)|)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (and (= |timeShift___utac_acc__Specification3_spec__1_~tmp~8#1| 0) (= |timeShift_isPumpRunning_#res#1| 1) (= |old(~waterLevel~0)| ~waterLevel~0) (= ~pumpRunning~0 1)) .cse2) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2) (or .cse0 (= ~methaneLevelCritical~0 0) .cse1 .cse2) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1))) [2023-11-06 22:56:52,798 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 477) no Hoare annotation was computed. [2023-11-06 22:56:52,798 INFO L902 garLoopResultBuilder]: At program point runTest_returnLabel#1(lines 544 553) the Hoare annotation is: true [2023-11-06 22:56:52,798 INFO L895 garLoopResultBuilder]: At program point L110(lines 63 111) the Hoare annotation is: false [2023-11-06 22:56:52,799 INFO L895 garLoopResultBuilder]: At program point select_features_returnLabel#1(lines 626 632) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 22:56:52,799 INFO L902 garLoopResultBuilder]: At program point main_returnLabel#1(lines 557 579) the Hoare annotation is: true [2023-11-06 22:56:52,799 INFO L899 garLoopResultBuilder]: For program point L65(lines 64 109) no Hoare annotation was computed. [2023-11-06 22:56:52,799 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2023-11-06 22:56:52,799 INFO L899 garLoopResultBuilder]: For program point L94(lines 94 105) no Hoare annotation was computed. [2023-11-06 22:56:52,799 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2023-11-06 22:56:52,800 INFO L895 garLoopResultBuilder]: At program point L86(line 86) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_main_~tmp~7#1| 1)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (= ~pumpRunning~0 1)) (and .cse0 (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 .cse4))) [2023-11-06 22:56:52,800 INFO L895 garLoopResultBuilder]: At program point L107(lines 64 109) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0)) (.cse4 (= ~methaneLevelCritical~0 0)) (.cse6 (<= ~waterLevel~0 2)) (.cse0 (= |ULTIMATE.start_main_~tmp~7#1| 1)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse7 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse5 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse8 (= ~pumpRunning~0 1))) (or (and .cse0 .cse1 .cse2 .cse3 (not .cse4) .cse5 .cse6) (and .cse0 .cse1 .cse2 .cse7 .cse3 .cse5) (and .cse0 .cse4 .cse2 .cse3 .cse5 .cse6 .cse8) (and .cse0 .cse2 .cse7 .cse3 .cse5 .cse8))) [2023-11-06 22:56:52,800 INFO L899 garLoopResultBuilder]: For program point L74(lines 74 80) no Hoare annotation was computed. [2023-11-06 22:56:52,800 INFO L895 garLoopResultBuilder]: At program point setup_returnLabel#1(lines 537 543) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 22:56:52,800 INFO L899 garLoopResultBuilder]: For program point L74-1(lines 74 80) no Hoare annotation was computed. [2023-11-06 22:56:52,800 INFO L899 garLoopResultBuilder]: For program point L66(lines 66 70) no Hoare annotation was computed. [2023-11-06 22:56:52,800 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2023-11-06 22:56:52,801 INFO L899 garLoopResultBuilder]: For program point $Ultimate##0(line -1) no Hoare annotation was computed. [2023-11-06 22:56:52,801 INFO L895 garLoopResultBuilder]: At program point select_helpers_returnLabel#1(lines 633 639) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 22:56:52,801 INFO L899 garLoopResultBuilder]: For program point L100(lines 100 104) no Hoare annotation was computed. [2023-11-06 22:56:52,801 INFO L895 garLoopResultBuilder]: At program point L100-2(lines 94 105) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_main_~tmp~7#1| 1)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (= ~pumpRunning~0 1)) (and .cse0 (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 .cse4))) [2023-11-06 22:56:52,801 INFO L899 garLoopResultBuilder]: For program point L567(lines 567 574) no Hoare annotation was computed. [2023-11-06 22:56:52,801 INFO L899 garLoopResultBuilder]: For program point L567-2(lines 567 574) no Hoare annotation was computed. [2023-11-06 22:56:52,801 INFO L899 garLoopResultBuilder]: For program point L84(lines 84 90) no Hoare annotation was computed. [2023-11-06 22:56:52,802 INFO L899 garLoopResultBuilder]: For program point L84-1(lines 84 90) no Hoare annotation was computed. [2023-11-06 22:56:52,802 INFO L902 garLoopResultBuilder]: At program point L113(lines 54 117) the Hoare annotation is: true [2023-11-06 22:56:52,802 INFO L895 garLoopResultBuilder]: At program point L76(line 76) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0)) (.cse4 (= ~methaneLevelCritical~0 0)) (.cse6 (<= ~waterLevel~0 2)) (.cse0 (= |ULTIMATE.start_main_~tmp~7#1| 1)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse7 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse5 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse8 (= ~pumpRunning~0 1))) (or (and .cse0 .cse1 .cse2 .cse3 (not .cse4) .cse5 .cse6) (and .cse0 .cse1 .cse2 .cse7 .cse3 .cse5) (and .cse0 .cse4 .cse2 .cse3 .cse5 .cse6 .cse8) (and .cse0 .cse2 .cse7 .cse3 .cse5 .cse8))) [2023-11-06 22:56:52,802 INFO L895 garLoopResultBuilder]: At program point valid_product_returnLabel#1(lines 640 648) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 22:56:52,802 INFO L899 garLoopResultBuilder]: For program point L256(lines 256 262) no Hoare annotation was computed. [2023-11-06 22:56:52,803 INFO L895 garLoopResultBuilder]: At program point L254(line 254) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1))) (let ((.cse1 (= ~pumpRunning~0 0))) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1|) (<= 1 |processEnvironment__wrappee__highWaterSensor_~tmp~1#1|) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)) (and .cse1 (<= ~waterLevel~0 1)))))) [2023-11-06 22:56:52,804 INFO L895 garLoopResultBuilder]: At program point L256-2(lines 249 265) the Hoare annotation is: (let ((.cse1 (< 2 ~waterLevel~0)) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse3 (= ~methaneLevelCritical~0 0)) (.cse9 (<= ~waterLevel~0 1)) (.cse5 (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1|)) (.cse7 (<= 1 |processEnvironment__wrappee__highWaterSensor_~tmp~1#1|)) (.cse8 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1))) (let ((.cse4 (= ~pumpRunning~0 0)) (.cse6 (= ~methaneLevelCritical~0 |processEnvironment__wrappee__highWaterSensor_activatePump_~tmp~4#1|))) (or .cse1 .cse2 .cse3 .cse0 (and .cse4 .cse5 .cse6 .cse7 .cse8) (and .cse4 .cse9 .cse6))) (let ((.cse10 (= 0 |processEnvironment__wrappee__highWaterSensor_activatePump_~tmp~4#1|)) (.cse11 (= ~pumpRunning~0 1))) (or .cse1 .cse2 .cse0 (not .cse3) (and .cse9 .cse10 .cse11) (and .cse10 .cse5 .cse7 .cse8 .cse11))))) [2023-11-06 22:56:52,805 INFO L899 garLoopResultBuilder]: For program point L254-1(line 254) no Hoare annotation was computed. [2023-11-06 22:56:52,805 INFO L899 garLoopResultBuilder]: For program point L339(lines 339 343) no Hoare annotation was computed. [2023-11-06 22:56:52,805 INFO L895 garLoopResultBuilder]: At program point L178(line 178) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1))) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (= ~pumpRunning~0 0) (<= ~waterLevel~0 1))))) [2023-11-06 22:56:52,805 INFO L899 garLoopResultBuilder]: For program point L339-2(lines 339 343) no Hoare annotation was computed. [2023-11-06 22:56:52,806 INFO L899 garLoopResultBuilder]: For program point L172(lines 172 180) no Hoare annotation was computed. [2023-11-06 22:56:52,807 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 164 188) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0))) [2023-11-06 22:56:52,807 INFO L899 garLoopResultBuilder]: For program point L168(lines 168 185) no Hoare annotation was computed. [2023-11-06 22:56:52,807 INFO L899 garLoopResultBuilder]: For program point L453(lines 453 459) no Hoare annotation was computed. [2023-11-06 22:56:52,807 INFO L895 garLoopResultBuilder]: At program point isHighWaterSensorDry_returnLabel#1(lines 449 462) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (let ((.cse1 (= ~pumpRunning~0 0))) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)) (and .cse1 (<= ~waterLevel~0 1)))) (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1))))) [2023-11-06 22:56:52,807 INFO L895 garLoopResultBuilder]: At program point isHighWaterLevel_returnLabel#1(lines 330 348) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1))) (let ((.cse1 (= ~pumpRunning~0 0))) (or (and .cse1 (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1|) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~5#1| 0) (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1|) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)) (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (<= ~waterLevel~0 1)))))) [2023-11-06 22:56:52,808 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 164 188) no Hoare annotation was computed. [2023-11-06 22:56:52,808 INFO L895 garLoopResultBuilder]: At program point L183(line 183) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0))) [2023-11-06 22:56:52,808 INFO L899 garLoopResultBuilder]: For program point L183-1(lines 164 188) no Hoare annotation was computed. [2023-11-06 22:56:52,808 INFO L895 garLoopResultBuilder]: At program point activatePump__wrappee__lowWaterSensor_returnLabel#1(lines 241 248) the Hoare annotation is: (let ((.cse1 (< 2 ~waterLevel~0)) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1))) (let ((.cse3 (= 0 |processEnvironment__wrappee__highWaterSensor_activatePump_~tmp~4#1|)) (.cse4 (= ~pumpRunning~0 1))) (or .cse1 .cse2 .cse0 (and (<= ~waterLevel~0 1) .cse3 .cse4) (and .cse3 (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1|) (<= 1 |processEnvironment__wrappee__highWaterSensor_~tmp~1#1|) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0) .cse4))) (or .cse1 .cse2 (= ~methaneLevelCritical~0 0) .cse0))) [2023-11-06 22:56:52,809 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 384 395) no Hoare annotation was computed. [2023-11-06 22:56:52,809 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 384 395) the Hoare annotation is: (let ((.cse5 (< 1 |old(~waterLevel~0)|)) (.cse2 (not (= ~pumpRunning~0 1))) (.cse6 (not (= ~pumpRunning~0 0))) (.cse1 (= ~methaneLevelCritical~0 0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not .cse1) .cse2 .cse3 .cse4) (or .cse5 .cse6 .cse0 .cse3) (or .cse5 .cse0 .cse2 .cse3) (or .cse6 .cse1 .cse0 .cse3 .cse4))) [2023-11-06 22:56:52,809 INFO L899 garLoopResultBuilder]: For program point L388-1(lines 384 395) no Hoare annotation was computed. [2023-11-06 22:56:52,810 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmEXIT(lines 274 284) no Hoare annotation was computed. [2023-11-06 22:56:52,811 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 274 284) the Hoare annotation is: true [2023-11-06 22:56:52,811 INFO L902 garLoopResultBuilder]: At program point L279(line 279) the Hoare annotation is: true [2023-11-06 22:56:52,811 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmFINAL(lines 274 284) no Hoare annotation was computed. [2023-11-06 22:56:52,811 INFO L899 garLoopResultBuilder]: For program point L279-1(line 279) no Hoare annotation was computed. [2023-11-06 22:56:52,814 INFO L445 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:56:52,817 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2023-11-06 22:56:52,889 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 06.11 10:56:52 BoogieIcfgContainer [2023-11-06 22:56:52,903 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2023-11-06 22:56:52,904 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2023-11-06 22:56:52,904 INFO L270 PluginConnector]: Initializing Witness Printer... [2023-11-06 22:56:52,904 INFO L274 PluginConnector]: Witness Printer initialized [2023-11-06 22:56:52,905 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:56:34" (3/4) ... [2023-11-06 22:56:52,907 INFO L137 WitnessPrinter]: Generating witness for correct program [2023-11-06 22:56:52,911 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2023-11-06 22:56:52,911 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2023-11-06 22:56:52,912 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2023-11-06 22:56:52,912 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2023-11-06 22:56:52,912 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2023-11-06 22:56:52,912 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2023-11-06 22:56:52,913 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 22:56:52,913 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2023-11-06 22:56:52,913 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__methaneQuery [2023-11-06 22:56:52,913 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneAlarm [2023-11-06 22:56:52,930 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 18 nodes and edges [2023-11-06 22:56:52,931 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2023-11-06 22:56:52,932 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2023-11-06 22:56:52,933 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 22:56:52,934 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 22:56:52,970 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 22:56:52,970 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((tmp == 1) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 22:56:52,970 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((tmp == 1) && (pumpRunning == 0)) && (\result == 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (splverifierCounter == 0)) && (waterLevel <= 2)) || ((((((tmp == 1) && (pumpRunning == 0)) && (\result == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0))) || (((((((tmp == 1) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (pumpRunning == 1))) || ((((((tmp == 1) && (\result == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (pumpRunning == 1))) [2023-11-06 22:56:52,972 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:52,973 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (2 < \old(waterLevel))) || ((\old(waterLevel) == waterLevel) && (pumpRunning == 1)))) && ((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:52,976 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((!((\old(pumpRunning) == 0)) || (((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) && ((((((((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (\result <= 1)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || !((\old(pumpRunning) == 1))) || (((((tmp == 0) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (\result <= 1)) && (pumpRunning == 1))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (waterLevel <= \old(waterLevel)))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((tmp___0 <= 1) && (\result <= 1))) || !((methaneLevelCritical == 0)))) && ((((((((waterLevel <= 1) && !((tmp == 0))) && (pumpRunning == 1)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == 0) && (waterLevel <= 1)) && !((tmp == 0)))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && ((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && !((tmp == 0)))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:52,977 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((methaneLevelCritical == 0) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (\result <= 1))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && ((((!((\old(pumpRunning) == 0)) || (((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || !((1 == systemActive))) || ((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel)))) && ((((!((1 == systemActive)) || (((((tmp == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || (((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:52,977 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (1 <= \result)) && (methaneLevelCritical == tmp)) && (1 <= tmp)) && (\result == 0))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (methaneLevelCritical == tmp)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (((waterLevel <= 1) && (0 == tmp)) && (pumpRunning == 1))) || (((((0 == tmp) && (1 <= \result)) && (1 <= tmp)) && (\result == 0)) && (pumpRunning == 1)))) [2023-11-06 22:56:52,978 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((waterLevel <= 1) && (0 == tmp)) && (pumpRunning == 1))) || (((((0 == tmp) && (1 <= \result)) && (1 <= tmp)) && (\result == 0)) && (pumpRunning == 1)))) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive)))) [2023-11-06 22:56:52,978 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) || (pumpRunning == 1)) && (((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 22:56:52,979 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 0))) || ((pumpRunning == 0) && (waterLevel <= 1))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) [2023-11-06 22:56:52,983 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) || (pumpRunning == 1)) && (((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 22:56:52,983 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((tmp == 0) && (\result == 1)) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 22:56:52,983 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((((((pumpRunning == 0) && (1 <= \result)) && (tmp == 0)) && (1 <= tmp___0)) && (\result == 0)) || (2 < waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (waterLevel <= 1)))) [2023-11-06 22:56:52,986 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:53,054 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 22:56:53,054 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((tmp == 1) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 22:56:53,054 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((tmp == 1) && (pumpRunning == 0)) && (\result == 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (splverifierCounter == 0)) && (waterLevel <= 2)) || ((((((tmp == 1) && (pumpRunning == 0)) && (\result == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0))) || (((((((tmp == 1) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (pumpRunning == 1))) || ((((((tmp == 1) && (\result == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (pumpRunning == 1))) [2023-11-06 22:56:53,055 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:53,055 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (2 < \old(waterLevel))) || ((\old(waterLevel) == waterLevel) && (pumpRunning == 1)))) && ((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:53,056 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((!((\old(pumpRunning) == 0)) || (((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) && ((((((((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (\result <= 1)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || !((\old(pumpRunning) == 1))) || (((((tmp == 0) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (\result <= 1)) && (pumpRunning == 1))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (waterLevel <= \old(waterLevel)))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((tmp___0 <= 1) && (\result <= 1))) || !((methaneLevelCritical == 0)))) && ((((((((waterLevel <= 1) && !((tmp == 0))) && (pumpRunning == 1)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == 0) && (waterLevel <= 1)) && !((tmp == 0)))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && ((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && !((tmp == 0)))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:53,056 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((methaneLevelCritical == 0) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (\result <= 1))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && ((((!((\old(pumpRunning) == 0)) || (((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || !((1 == systemActive))) || ((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel)))) && ((((!((1 == systemActive)) || (((((tmp == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || (((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:53,057 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (1 <= \result)) && (methaneLevelCritical == tmp)) && (1 <= tmp)) && (\result == 0))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (methaneLevelCritical == tmp)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (((waterLevel <= 1) && (0 == tmp)) && (pumpRunning == 1))) || (((((0 == tmp) && (1 <= \result)) && (1 <= tmp)) && (\result == 0)) && (pumpRunning == 1)))) [2023-11-06 22:56:53,057 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((waterLevel <= 1) && (0 == tmp)) && (pumpRunning == 1))) || (((((0 == tmp) && (1 <= \result)) && (1 <= tmp)) && (\result == 0)) && (pumpRunning == 1)))) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive)))) [2023-11-06 22:56:53,057 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) || (pumpRunning == 1)) && (((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 22:56:53,057 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 0))) || ((pumpRunning == 0) && (waterLevel <= 1))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) [2023-11-06 22:56:53,058 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) || (pumpRunning == 1)) && (((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 22:56:53,058 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((tmp == 0) && (\result == 1)) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 22:56:53,058 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((((((pumpRunning == 0) && (1 <= \result)) && (tmp == 0)) && (1 <= tmp___0)) && (\result == 0)) || (2 < waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (waterLevel <= 1)))) [2023-11-06 22:56:53,058 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:56:53,075 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.graphml [2023-11-06 22:56:53,076 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.yaml [2023-11-06 22:56:53,076 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2023-11-06 22:56:53,077 INFO L158 Benchmark]: Toolchain (without parser) took 19457.40ms. Allocated memory was 151.0MB in the beginning and 264.2MB in the end (delta: 113.2MB). Free memory was 84.6MB in the beginning and 156.5MB in the end (delta: -71.9MB). Peak memory consumption was 43.8MB. Max. memory is 16.1GB. [2023-11-06 22:56:53,077 INFO L158 Benchmark]: CDTParser took 0.27ms. Allocated memory is still 151.0MB. Free memory is still 125.2MB. There was no memory consumed. Max. memory is 16.1GB. [2023-11-06 22:56:53,078 INFO L158 Benchmark]: CACSL2BoogieTranslator took 625.39ms. Allocated memory is still 151.0MB. Free memory was 84.2MB in the beginning and 104.4MB in the end (delta: -20.1MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2023-11-06 22:56:53,078 INFO L158 Benchmark]: Boogie Procedure Inliner took 61.09ms. Allocated memory is still 151.0MB. Free memory was 104.4MB in the beginning and 102.3MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 22:56:53,079 INFO L158 Benchmark]: Boogie Preprocessor took 50.17ms. Allocated memory is still 151.0MB. Free memory was 102.3MB in the beginning and 100.7MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 22:56:53,079 INFO L158 Benchmark]: RCFGBuilder took 596.42ms. Allocated memory is still 151.0MB. Free memory was 100.7MB in the beginning and 82.4MB in the end (delta: 18.3MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2023-11-06 22:56:53,080 INFO L158 Benchmark]: TraceAbstraction took 17943.60ms. Allocated memory was 151.0MB in the beginning and 264.2MB in the end (delta: 113.2MB). Free memory was 81.3MB in the beginning and 164.8MB in the end (delta: -83.5MB). Peak memory consumption was 119.2MB. Max. memory is 16.1GB. [2023-11-06 22:56:53,080 INFO L158 Benchmark]: Witness Printer took 172.70ms. Allocated memory is still 264.2MB. Free memory was 164.8MB in the beginning and 156.5MB in the end (delta: 8.4MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2023-11-06 22:56:53,082 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.27ms. Allocated memory is still 151.0MB. Free memory is still 125.2MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 625.39ms. Allocated memory is still 151.0MB. Free memory was 84.2MB in the beginning and 104.4MB in the end (delta: -20.1MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 61.09ms. Allocated memory is still 151.0MB. Free memory was 104.4MB in the beginning and 102.3MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 50.17ms. Allocated memory is still 151.0MB. Free memory was 102.3MB in the beginning and 100.7MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 596.42ms. Allocated memory is still 151.0MB. Free memory was 100.7MB in the beginning and 82.4MB in the end (delta: 18.3MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 17943.60ms. Allocated memory was 151.0MB in the beginning and 264.2MB in the end (delta: 113.2MB). Free memory was 81.3MB in the beginning and 164.8MB in the end (delta: -83.5MB). Peak memory consumption was 119.2MB. Max. memory is 16.1GB. * Witness Printer took 172.70ms. Allocated memory is still 264.2MB. Free memory was 164.8MB in the beginning and 156.5MB in the end (delta: 8.4MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [49] - GenericResultAtLocation [Line: 118]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [118] - GenericResultAtLocation [Line: 368]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [368] - GenericResultAtLocation [Line: 472]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [472] - GenericResultAtLocation [Line: 481]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [481] - GenericResultAtLocation [Line: 580]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification3_spec.i","") [580] - GenericResultAtLocation [Line: 614]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [614] - GenericResultAtLocation [Line: 649]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [649] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 477]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 11 procedures, 110 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 17.8s, OverallIterations: 11, TraceHistogramMax: 4, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 7.2s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 6.3s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 3238 SdHoareTripleChecker+Valid, 4.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 3204 mSDsluCounter, 4251 SdHoareTripleChecker+Invalid, 3.5s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3178 mSDsCounter, 1219 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 4488 IncrementalHoareTripleChecker+Invalid, 5707 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1219 mSolverCounterUnsat, 1073 mSDtfsCounter, 4488 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 532 GetRequests, 338 SyntacticMatches, 7 SemanticMatches, 187 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2030 ImplicationChecksByTransitivity, 2.2s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=862occurred in iteration=9, InterpolantAutomatonStates: 169, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.6s AutomataMinimizationTime, 11 MinimizatonAttempts, 109 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 50 LocationsWithAnnotation, 2205 PreInvPairs, 2518 NumberOfFragments, 1843 HoareAnnotationTreeSize, 2205 FomulaSimplifications, 5289 FormulaSimplificationTreeSizeReduction, 0.5s HoareSimplificationTime, 50 FomulaSimplificationsInter, 11578 FormulaSimplificationTreeSizeReductionInter, 5.7s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 2.6s InterpolantComputationTime, 681 NumberOfCodeBlocks, 681 NumberOfCodeBlocksAsserted, 12 NumberOfCheckSat, 773 ConstructedInterpolants, 0 QuantifiedInterpolants, 1453 SizeOfPredicates, 4 NumberOfNonLiveVariables, 344 ConjunctsInSsa, 13 ConjunctsInUnsatCore, 13 InterpolantComputations, 10 PerfectInterpolantSequences, 99/126 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 63]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 537]: Loop Invariant Derived loop invariant: ((((((tmp == 1) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 483]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 216]: Loop Invariant Derived loop invariant: (((((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (2 < \old(waterLevel))) || ((\old(waterLevel) == waterLevel) && (pumpRunning == 1)))) && ((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 241]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((waterLevel <= 1) && (0 == tmp)) && (pumpRunning == 1))) || (((((0 == tmp) && (1 <= \result)) && (1 <= tmp)) && (\result == 0)) && (pumpRunning == 1)))) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive)))) - InvariantResult [Line: 473]: Loop Invariant Derived loop invariant: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 493]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 626]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 440]: Loop Invariant Derived loop invariant: ((((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((methaneLevelCritical == 0) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (\result <= 1))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && ((((!((\old(pumpRunning) == 0)) || (((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || !((1 == systemActive))) || ((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel)))) && ((((!((1 == systemActive)) || (((((tmp == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || (((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 640]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 633]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 64]: Loop Invariant Derived loop invariant: ((((((((((tmp == 1) && (pumpRunning == 0)) && (\result == 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (splverifierCounter == 0)) && (waterLevel <= 2)) || ((((((tmp == 1) && (pumpRunning == 0)) && (\result == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0))) || (((((((tmp == 1) && (methaneLevelCritical == 0)) && (\result == 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (pumpRunning == 1))) || ((((((tmp == 1) && (\result == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (pumpRunning == 1))) - InvariantResult [Line: 349]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) || (pumpRunning == 1)) && (((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 463]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) || (pumpRunning == 1)) && (((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 557]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 54]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 285]: Loop Invariant Derived loop invariant: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((tmp == 0) && (\result == 1)) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 449]: Loop Invariant Derived loop invariant: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 0))) || ((pumpRunning == 0) && (waterLevel <= 1))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) - InvariantResult [Line: 249]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (1 <= \result)) && (methaneLevelCritical == tmp)) && (1 <= tmp)) && (\result == 0))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (methaneLevelCritical == tmp)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (((waterLevel <= 1) && (0 == tmp)) && (pumpRunning == 1))) || (((((0 == tmp) && (1 <= \result)) && (1 <= tmp)) && (\result == 0)) && (pumpRunning == 1)))) - InvariantResult [Line: 581]: Loop Invariant Derived loop invariant: ((((((((((!((\old(pumpRunning) == 0)) || (((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) && ((((((((((tmp == 0) && (pumpRunning == 0)) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (\result <= 1)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || !((\old(pumpRunning) == 1))) || (((((tmp == 0) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (\result <= 1)) && (pumpRunning == 1))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (waterLevel <= \old(waterLevel)))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((tmp___0 <= 1) && (\result <= 1))) || !((methaneLevelCritical == 0)))) && ((((((((waterLevel <= 1) && !((tmp == 0))) && (pumpRunning == 1)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == 0) && (waterLevel <= 1)) && !((tmp == 0)))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && ((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && !((tmp == 0)))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 372]: Loop Invariant Derived loop invariant: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 330]: Loop Invariant Derived loop invariant: (((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((((((pumpRunning == 0) && (1 <= \result)) && (tmp == 0)) && (1 <= tmp___0)) && (\result == 0)) || (2 < waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (waterLevel <= 1)))) - InvariantResult [Line: 544]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2023-11-06 22:56:53,126 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_490739ca-3e0a-4696-b726-29e4e61bbe99/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE