./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product38.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e7bb482b Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product38.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 68c6d60a43782147acd714b0904a144255717c2aa47fb6b6f8991672a1483369 --- Real Ultimate output --- This is Ultimate 0.2.3-dev-e7bb482 [2023-11-06 22:08:39,175 INFO L188 SettingsManager]: Resetting all preferences to default values... [2023-11-06 22:08:39,244 INFO L114 SettingsManager]: Loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf [2023-11-06 22:08:39,254 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2023-11-06 22:08:39,258 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2023-11-06 22:08:39,302 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2023-11-06 22:08:39,306 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2023-11-06 22:08:39,307 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2023-11-06 22:08:39,308 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2023-11-06 22:08:39,310 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2023-11-06 22:08:39,311 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2023-11-06 22:08:39,311 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2023-11-06 22:08:39,312 INFO L153 SettingsManager]: * Use SBE=true [2023-11-06 22:08:39,315 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2023-11-06 22:08:39,316 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2023-11-06 22:08:39,317 INFO L153 SettingsManager]: * sizeof long=4 [2023-11-06 22:08:39,318 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2023-11-06 22:08:39,323 INFO L153 SettingsManager]: * sizeof POINTER=4 [2023-11-06 22:08:39,324 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2023-11-06 22:08:39,325 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2023-11-06 22:08:39,325 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2023-11-06 22:08:39,326 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2023-11-06 22:08:39,326 INFO L153 SettingsManager]: * sizeof long double=12 [2023-11-06 22:08:39,326 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2023-11-06 22:08:39,327 INFO L153 SettingsManager]: * Use constant arrays=true [2023-11-06 22:08:39,327 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2023-11-06 22:08:39,328 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2023-11-06 22:08:39,329 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2023-11-06 22:08:39,329 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 22:08:39,330 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2023-11-06 22:08:39,330 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2023-11-06 22:08:39,331 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2023-11-06 22:08:39,332 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2023-11-06 22:08:39,332 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2023-11-06 22:08:39,332 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2023-11-06 22:08:39,332 INFO L153 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2023-11-06 22:08:39,333 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2023-11-06 22:08:39,333 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2023-11-06 22:08:39,333 INFO L153 SettingsManager]: * Independence relation used for large block encoding in concurrent analysis=SYNTACTIC [2023-11-06 22:08:39,333 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 68c6d60a43782147acd714b0904a144255717c2aa47fb6b6f8991672a1483369 [2023-11-06 22:08:39,721 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2023-11-06 22:08:39,758 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2023-11-06 22:08:39,761 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2023-11-06 22:08:39,762 INFO L270 PluginConnector]: Initializing CDTParser... [2023-11-06 22:08:39,763 INFO L274 PluginConnector]: CDTParser initialized [2023-11-06 22:08:39,765 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/../../sv-benchmarks/c/product-lines/minepump_spec5_product38.cil.c [2023-11-06 22:08:42,775 INFO L533 CDTParser]: Created temporary CDT project at NULL [2023-11-06 22:08:43,056 INFO L384 CDTParser]: Found 1 translation units. [2023-11-06 22:08:43,057 INFO L180 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/sv-benchmarks/c/product-lines/minepump_spec5_product38.cil.c [2023-11-06 22:08:43,072 INFO L427 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/data/bbbc5964e/bbddd65deba64b9ab3b5825e4f6f86e7/FLAG68a6a84a6 [2023-11-06 22:08:43,087 INFO L435 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/data/bbbc5964e/bbddd65deba64b9ab3b5825e4f6f86e7 [2023-11-06 22:08:43,090 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2023-11-06 22:08:43,091 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2023-11-06 22:08:43,093 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2023-11-06 22:08:43,093 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2023-11-06 22:08:43,102 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2023-11-06 22:08:43,102 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,104 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@36f69bd and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43, skipping insertion in model container [2023-11-06 22:08:43,105 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,179 INFO L177 MainTranslator]: Built tables and reachable declarations [2023-11-06 22:08:43,380 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/sv-benchmarks/c/product-lines/minepump_spec5_product38.cil.c[1605,1618] [2023-11-06 22:08:43,650 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 22:08:43,669 INFO L202 MainTranslator]: Completed pre-run [2023-11-06 22:08:43,680 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [49] [2023-11-06 22:08:43,682 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [58] [2023-11-06 22:08:43,682 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [164] [2023-11-06 22:08:43,682 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [215] [2023-11-06 22:08:43,683 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [581] [2023-11-06 22:08:43,683 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [679] [2023-11-06 22:08:43,683 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [871] [2023-11-06 22:08:43,683 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [906] [2023-11-06 22:08:43,692 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/sv-benchmarks/c/product-lines/minepump_spec5_product38.cil.c[1605,1618] [2023-11-06 22:08:43,771 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 22:08:43,792 INFO L206 MainTranslator]: Completed translation [2023-11-06 22:08:43,792 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43 WrapperNode [2023-11-06 22:08:43,792 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2023-11-06 22:08:43,794 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2023-11-06 22:08:43,794 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2023-11-06 22:08:43,794 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2023-11-06 22:08:43,802 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,819 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,848 INFO L138 Inliner]: procedures = 56, calls = 101, calls flagged for inlining = 25, calls inlined = 22, statements flattened = 206 [2023-11-06 22:08:43,848 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2023-11-06 22:08:43,849 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2023-11-06 22:08:43,852 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2023-11-06 22:08:43,852 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2023-11-06 22:08:43,862 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,862 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,865 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,865 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,873 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,878 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,880 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,881 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,885 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2023-11-06 22:08:43,886 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2023-11-06 22:08:43,886 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2023-11-06 22:08:43,886 INFO L274 PluginConnector]: RCFGBuilder initialized [2023-11-06 22:08:43,887 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (1/1) ... [2023-11-06 22:08:43,924 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 22:08:43,940 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 22:08:43,966 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2023-11-06 22:08:44,014 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2023-11-06 22:08:44,026 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2023-11-06 22:08:44,026 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2023-11-06 22:08:44,026 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2023-11-06 22:08:44,026 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2023-11-06 22:08:44,028 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2023-11-06 22:08:44,028 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2023-11-06 22:08:44,029 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2023-11-06 22:08:44,029 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 22:08:44,029 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 22:08:44,030 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2023-11-06 22:08:44,030 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2023-11-06 22:08:44,030 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2023-11-06 22:08:44,030 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2023-11-06 22:08:44,030 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2023-11-06 22:08:44,031 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2023-11-06 22:08:44,031 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2023-11-06 22:08:44,032 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2023-11-06 22:08:44,032 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2023-11-06 22:08:44,162 INFO L236 CfgBuilder]: Building ICFG [2023-11-06 22:08:44,167 INFO L262 CfgBuilder]: Building CFG for each procedure with an implementation [2023-11-06 22:08:44,528 INFO L277 CfgBuilder]: Performing block encoding [2023-11-06 22:08:44,536 INFO L297 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2023-11-06 22:08:44,536 INFO L302 CfgBuilder]: Removed 2 assume(true) statements. [2023-11-06 22:08:44,539 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:08:44 BoogieIcfgContainer [2023-11-06 22:08:44,539 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2023-11-06 22:08:44,542 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2023-11-06 22:08:44,542 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2023-11-06 22:08:44,546 INFO L274 PluginConnector]: TraceAbstraction initialized [2023-11-06 22:08:44,546 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 06.11 10:08:43" (1/3) ... [2023-11-06 22:08:44,547 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1c9b0cf4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 10:08:44, skipping insertion in model container [2023-11-06 22:08:44,547 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:08:43" (2/3) ... [2023-11-06 22:08:44,547 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1c9b0cf4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 10:08:44, skipping insertion in model container [2023-11-06 22:08:44,547 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:08:44" (3/3) ... [2023-11-06 22:08:44,549 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product38.cil.c [2023-11-06 22:08:44,569 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2023-11-06 22:08:44,570 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2023-11-06 22:08:44,643 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2023-11-06 22:08:44,651 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@24af1f53, mLbeIndependenceSettings=[IndependenceType=SYNTACTIC, AbstractionType=NONE, UseConditional=, UseSemiCommutativity=, Solver=, SolverTimeout=] [2023-11-06 22:08:44,652 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2023-11-06 22:08:44,657 INFO L276 IsEmpty]: Start isEmpty. Operand has 91 states, 70 states have (on average 1.3714285714285714) internal successors, (96), 78 states have internal predecessors, (96), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2023-11-06 22:08:44,671 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2023-11-06 22:08:44,671 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:44,672 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:44,673 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:44,679 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:44,680 INFO L85 PathProgramCache]: Analyzing trace with hash 849031785, now seen corresponding path program 1 times [2023-11-06 22:08:44,690 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:44,690 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [499450750] [2023-11-06 22:08:44,691 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:44,691 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:44,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:44,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2023-11-06 22:08:44,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:44,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2023-11-06 22:08:44,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,010 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:08:45,011 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:45,011 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [499450750] [2023-11-06 22:08:45,012 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [499450750] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:45,012 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:45,012 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2023-11-06 22:08:45,014 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1069323903] [2023-11-06 22:08:45,015 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:45,019 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2023-11-06 22:08:45,019 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:45,050 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2023-11-06 22:08:45,051 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 22:08:45,055 INFO L87 Difference]: Start difference. First operand has 91 states, 70 states have (on average 1.3714285714285714) internal successors, (96), 78 states have internal predecessors, (96), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 22:08:45,094 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:45,094 INFO L93 Difference]: Finished difference Result 173 states and 234 transitions. [2023-11-06 22:08:45,095 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2023-11-06 22:08:45,097 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2023-11-06 22:08:45,097 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:45,107 INFO L225 Difference]: With dead ends: 173 [2023-11-06 22:08:45,108 INFO L226 Difference]: Without dead ends: 82 [2023-11-06 22:08:45,112 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 22:08:45,117 INFO L413 NwaCegarLoop]: 114 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 114 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:45,118 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 114 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:08:45,138 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2023-11-06 22:08:45,165 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 82. [2023-11-06 22:08:45,167 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 82 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 70 states have internal predecessors, (82), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2023-11-06 22:08:45,170 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 82 states to 82 states and 105 transitions. [2023-11-06 22:08:45,172 INFO L78 Accepts]: Start accepts. Automaton has 82 states and 105 transitions. Word has length 32 [2023-11-06 22:08:45,172 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:45,173 INFO L495 AbstractCegarLoop]: Abstraction has 82 states and 105 transitions. [2023-11-06 22:08:45,173 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 22:08:45,173 INFO L276 IsEmpty]: Start isEmpty. Operand 82 states and 105 transitions. [2023-11-06 22:08:45,177 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2023-11-06 22:08:45,177 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:45,178 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:45,178 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2023-11-06 22:08:45,178 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:45,179 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:45,179 INFO L85 PathProgramCache]: Analyzing trace with hash 79054015, now seen corresponding path program 1 times [2023-11-06 22:08:45,180 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:45,180 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1536237641] [2023-11-06 22:08:45,180 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:45,181 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:45,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2023-11-06 22:08:45,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2023-11-06 22:08:45,319 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,322 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:08:45,323 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:45,323 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1536237641] [2023-11-06 22:08:45,323 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1536237641] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:45,323 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:45,324 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2023-11-06 22:08:45,324 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [807040293] [2023-11-06 22:08:45,324 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:45,326 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2023-11-06 22:08:45,326 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:45,327 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2023-11-06 22:08:45,327 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:08:45,328 INFO L87 Difference]: Start difference. First operand 82 states and 105 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 22:08:45,368 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:45,368 INFO L93 Difference]: Finished difference Result 128 states and 164 transitions. [2023-11-06 22:08:45,373 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2023-11-06 22:08:45,374 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2023-11-06 22:08:45,374 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:45,376 INFO L225 Difference]: With dead ends: 128 [2023-11-06 22:08:45,379 INFO L226 Difference]: Without dead ends: 73 [2023-11-06 22:08:45,380 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:08:45,382 INFO L413 NwaCegarLoop]: 92 mSDtfsCounter, 13 mSDsluCounter, 75 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 16 SdHoareTripleChecker+Valid, 167 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:45,385 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [16 Valid, 167 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:08:45,389 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2023-11-06 22:08:45,402 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 73. [2023-11-06 22:08:45,402 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 73 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2023-11-06 22:08:45,404 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 73 states to 73 states and 93 transitions. [2023-11-06 22:08:45,404 INFO L78 Accepts]: Start accepts. Automaton has 73 states and 93 transitions. Word has length 33 [2023-11-06 22:08:45,405 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:45,405 INFO L495 AbstractCegarLoop]: Abstraction has 73 states and 93 transitions. [2023-11-06 22:08:45,405 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 22:08:45,405 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 93 transitions. [2023-11-06 22:08:45,407 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2023-11-06 22:08:45,407 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:45,408 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:45,411 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2023-11-06 22:08:45,412 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:45,412 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:45,413 INFO L85 PathProgramCache]: Analyzing trace with hash 321911882, now seen corresponding path program 1 times [2023-11-06 22:08:45,413 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:45,415 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [589612735] [2023-11-06 22:08:45,416 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:45,420 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:45,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,641 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:08:45,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2023-11-06 22:08:45,650 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,653 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:08:45,653 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:45,653 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [589612735] [2023-11-06 22:08:45,653 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [589612735] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:45,654 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:45,654 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 22:08:45,654 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2017278195] [2023-11-06 22:08:45,654 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:45,659 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 22:08:45,659 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:45,660 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 22:08:45,661 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 22:08:45,661 INFO L87 Difference]: Start difference. First operand 73 states and 93 transitions. Second operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 22:08:45,796 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:45,796 INFO L93 Difference]: Finished difference Result 138 states and 179 transitions. [2023-11-06 22:08:45,801 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2023-11-06 22:08:45,801 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2023-11-06 22:08:45,802 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:45,803 INFO L225 Difference]: With dead ends: 138 [2023-11-06 22:08:45,803 INFO L226 Difference]: Without dead ends: 73 [2023-11-06 22:08:45,805 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2023-11-06 22:08:45,806 INFO L413 NwaCegarLoop]: 86 mSDtfsCounter, 116 mSDsluCounter, 138 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 116 SdHoareTripleChecker+Valid, 224 SdHoareTripleChecker+Invalid, 18 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:45,807 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [116 Valid, 224 Invalid, 18 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:08:45,808 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2023-11-06 22:08:45,823 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 73. [2023-11-06 22:08:45,832 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 73 states, 57 states have (on average 1.2982456140350878) internal successors, (74), 64 states have internal predecessors, (74), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2023-11-06 22:08:45,834 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 73 states to 73 states and 92 transitions. [2023-11-06 22:08:45,834 INFO L78 Accepts]: Start accepts. Automaton has 73 states and 92 transitions. Word has length 38 [2023-11-06 22:08:45,836 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:45,836 INFO L495 AbstractCegarLoop]: Abstraction has 73 states and 92 transitions. [2023-11-06 22:08:45,836 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 22:08:45,837 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 92 transitions. [2023-11-06 22:08:45,843 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2023-11-06 22:08:45,844 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:45,844 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:45,844 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2023-11-06 22:08:45,845 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:45,845 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:45,845 INFO L85 PathProgramCache]: Analyzing trace with hash 1433797075, now seen corresponding path program 1 times [2023-11-06 22:08:45,846 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:45,846 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1501175399] [2023-11-06 22:08:45,846 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:45,846 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:45,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:08:45,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,919 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2023-11-06 22:08:45,921 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:45,923 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:08:45,924 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:45,924 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1501175399] [2023-11-06 22:08:45,924 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1501175399] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:45,925 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:45,925 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2023-11-06 22:08:45,925 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1216481191] [2023-11-06 22:08:45,925 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:45,926 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2023-11-06 22:08:45,926 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:45,927 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2023-11-06 22:08:45,927 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:08:45,927 INFO L87 Difference]: Start difference. First operand 73 states and 92 transitions. Second operand has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 22:08:45,970 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:45,970 INFO L93 Difference]: Finished difference Result 186 states and 241 transitions. [2023-11-06 22:08:45,971 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2023-11-06 22:08:45,971 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 44 [2023-11-06 22:08:45,971 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:45,973 INFO L225 Difference]: With dead ends: 186 [2023-11-06 22:08:45,973 INFO L226 Difference]: Without dead ends: 121 [2023-11-06 22:08:45,974 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:08:45,976 INFO L413 NwaCegarLoop]: 107 mSDtfsCounter, 75 mSDsluCounter, 63 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 75 SdHoareTripleChecker+Valid, 170 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:45,976 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [75 Valid, 170 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:08:45,977 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 121 states. [2023-11-06 22:08:45,997 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 121 to 119. [2023-11-06 22:08:45,998 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 119 states, 92 states have (on average 1.2826086956521738) internal successors, (118), 99 states have internal predecessors, (118), 14 states have call successors, (14), 12 states have call predecessors, (14), 12 states have return successors, (18), 14 states have call predecessors, (18), 14 states have call successors, (18) [2023-11-06 22:08:46,000 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 119 states to 119 states and 150 transitions. [2023-11-06 22:08:46,000 INFO L78 Accepts]: Start accepts. Automaton has 119 states and 150 transitions. Word has length 44 [2023-11-06 22:08:46,001 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:46,001 INFO L495 AbstractCegarLoop]: Abstraction has 119 states and 150 transitions. [2023-11-06 22:08:46,001 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 22:08:46,001 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 150 transitions. [2023-11-06 22:08:46,003 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2023-11-06 22:08:46,003 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:46,004 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:46,004 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2023-11-06 22:08:46,004 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:46,004 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:46,005 INFO L85 PathProgramCache]: Analyzing trace with hash -464428248, now seen corresponding path program 1 times [2023-11-06 22:08:46,005 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:46,005 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1093271463] [2023-11-06 22:08:46,005 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:46,006 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:46,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:46,172 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:08:46,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:46,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2023-11-06 22:08:46,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:46,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2023-11-06 22:08:46,262 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:46,267 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:08:46,267 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:46,268 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1093271463] [2023-11-06 22:08:46,268 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1093271463] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:46,268 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:46,268 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 22:08:46,269 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1164421534] [2023-11-06 22:08:46,269 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:46,269 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 22:08:46,270 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:46,270 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 22:08:46,271 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 22:08:46,273 INFO L87 Difference]: Start difference. First operand 119 states and 150 transitions. Second operand has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 22:08:46,458 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:46,458 INFO L93 Difference]: Finished difference Result 262 states and 338 transitions. [2023-11-06 22:08:46,459 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 22:08:46,459 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2023-11-06 22:08:46,460 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:46,462 INFO L225 Difference]: With dead ends: 262 [2023-11-06 22:08:46,462 INFO L226 Difference]: Without dead ends: 151 [2023-11-06 22:08:46,464 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2023-11-06 22:08:46,465 INFO L413 NwaCegarLoop]: 86 mSDtfsCounter, 60 mSDsluCounter, 284 mSDsCounter, 0 mSdLazyCounter, 118 mSolverCounterSat, 18 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 63 SdHoareTripleChecker+Valid, 370 SdHoareTripleChecker+Invalid, 136 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 18 IncrementalHoareTripleChecker+Valid, 118 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:46,466 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [63 Valid, 370 Invalid, 136 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [18 Valid, 118 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2023-11-06 22:08:46,467 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 151 states. [2023-11-06 22:08:46,493 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 151 to 146. [2023-11-06 22:08:46,493 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 146 states, 114 states have (on average 1.280701754385965) internal successors, (146), 121 states have internal predecessors, (146), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2023-11-06 22:08:46,495 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 146 states to 146 states and 185 transitions. [2023-11-06 22:08:46,496 INFO L78 Accepts]: Start accepts. Automaton has 146 states and 185 transitions. Word has length 52 [2023-11-06 22:08:46,496 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:46,496 INFO L495 AbstractCegarLoop]: Abstraction has 146 states and 185 transitions. [2023-11-06 22:08:46,497 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 22:08:46,497 INFO L276 IsEmpty]: Start isEmpty. Operand 146 states and 185 transitions. [2023-11-06 22:08:46,499 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2023-11-06 22:08:46,499 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:46,499 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:46,500 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2023-11-06 22:08:46,500 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:46,500 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:46,501 INFO L85 PathProgramCache]: Analyzing trace with hash 2141595306, now seen corresponding path program 1 times [2023-11-06 22:08:46,501 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:46,501 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1648302974] [2023-11-06 22:08:46,501 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:46,502 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:46,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:46,619 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:08:46,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:46,638 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2023-11-06 22:08:46,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:46,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2023-11-06 22:08:46,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:46,690 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:08:46,691 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:46,691 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1648302974] [2023-11-06 22:08:46,691 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1648302974] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:46,692 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:46,692 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 22:08:46,692 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [479655978] [2023-11-06 22:08:46,692 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:46,693 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 22:08:46,695 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:46,695 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 22:08:46,696 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 22:08:46,696 INFO L87 Difference]: Start difference. First operand 146 states and 185 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 22:08:46,875 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:46,876 INFO L93 Difference]: Finished difference Result 294 states and 382 transitions. [2023-11-06 22:08:46,876 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2023-11-06 22:08:46,877 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2023-11-06 22:08:46,877 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:46,882 INFO L225 Difference]: With dead ends: 294 [2023-11-06 22:08:46,883 INFO L226 Difference]: Without dead ends: 156 [2023-11-06 22:08:46,888 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2023-11-06 22:08:46,895 INFO L413 NwaCegarLoop]: 87 mSDtfsCounter, 62 mSDsluCounter, 203 mSDsCounter, 0 mSdLazyCounter, 89 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 66 SdHoareTripleChecker+Valid, 290 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 89 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:46,900 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [66 Valid, 290 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 89 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2023-11-06 22:08:46,904 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 156 states. [2023-11-06 22:08:46,939 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 156 to 148. [2023-11-06 22:08:46,940 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 148 states, 116 states have (on average 1.2758620689655173) internal successors, (148), 123 states have internal predecessors, (148), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2023-11-06 22:08:46,942 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 148 states to 148 states and 187 transitions. [2023-11-06 22:08:46,942 INFO L78 Accepts]: Start accepts. Automaton has 148 states and 187 transitions. Word has length 52 [2023-11-06 22:08:46,946 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:46,946 INFO L495 AbstractCegarLoop]: Abstraction has 148 states and 187 transitions. [2023-11-06 22:08:46,948 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 22:08:46,948 INFO L276 IsEmpty]: Start isEmpty. Operand 148 states and 187 transitions. [2023-11-06 22:08:46,953 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2023-11-06 22:08:46,957 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:46,958 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:46,958 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2023-11-06 22:08:46,959 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:46,959 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:46,959 INFO L85 PathProgramCache]: Analyzing trace with hash -1730670164, now seen corresponding path program 1 times [2023-11-06 22:08:46,959 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:46,960 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [939114515] [2023-11-06 22:08:46,960 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:46,960 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:46,983 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:08:47,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,093 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2023-11-06 22:08:47,096 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2023-11-06 22:08:47,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,145 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:08:47,145 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:47,145 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [939114515] [2023-11-06 22:08:47,146 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [939114515] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:47,146 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:47,146 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 22:08:47,146 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1018296334] [2023-11-06 22:08:47,146 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:47,147 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 22:08:47,147 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:47,147 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 22:08:47,147 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 22:08:47,148 INFO L87 Difference]: Start difference. First operand 148 states and 187 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 22:08:47,403 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:47,403 INFO L93 Difference]: Finished difference Result 428 states and 559 transitions. [2023-11-06 22:08:47,404 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 22:08:47,404 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2023-11-06 22:08:47,404 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:47,408 INFO L225 Difference]: With dead ends: 428 [2023-11-06 22:08:47,408 INFO L226 Difference]: Without dead ends: 288 [2023-11-06 22:08:47,409 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2023-11-06 22:08:47,410 INFO L413 NwaCegarLoop]: 130 mSDtfsCounter, 211 mSDsluCounter, 166 mSDsCounter, 0 mSdLazyCounter, 133 mSolverCounterSat, 58 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 218 SdHoareTripleChecker+Valid, 296 SdHoareTripleChecker+Invalid, 191 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 58 IncrementalHoareTripleChecker+Valid, 133 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:47,411 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [218 Valid, 296 Invalid, 191 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [58 Valid, 133 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 22:08:47,412 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 288 states. [2023-11-06 22:08:47,466 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 288 to 280. [2023-11-06 22:08:47,467 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 280 states, 216 states have (on average 1.25) internal successors, (270), 227 states have internal predecessors, (270), 34 states have call successors, (34), 28 states have call predecessors, (34), 29 states have return successors, (53), 34 states have call predecessors, (53), 34 states have call successors, (53) [2023-11-06 22:08:47,471 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 280 states to 280 states and 357 transitions. [2023-11-06 22:08:47,472 INFO L78 Accepts]: Start accepts. Automaton has 280 states and 357 transitions. Word has length 52 [2023-11-06 22:08:47,472 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:47,472 INFO L495 AbstractCegarLoop]: Abstraction has 280 states and 357 transitions. [2023-11-06 22:08:47,472 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 22:08:47,472 INFO L276 IsEmpty]: Start isEmpty. Operand 280 states and 357 transitions. [2023-11-06 22:08:47,475 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2023-11-06 22:08:47,475 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:47,475 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:47,476 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2023-11-06 22:08:47,476 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:47,477 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:47,477 INFO L85 PathProgramCache]: Analyzing trace with hash 742025993, now seen corresponding path program 1 times [2023-11-06 22:08:47,478 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:47,478 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2145479256] [2023-11-06 22:08:47,478 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:47,478 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:47,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,590 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:08:47,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2023-11-06 22:08:47,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:08:47,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2023-11-06 22:08:47,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:47,641 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2023-11-06 22:08:47,641 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:47,641 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2145479256] [2023-11-06 22:08:47,641 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2145479256] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:47,642 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:47,642 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2023-11-06 22:08:47,642 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1712055190] [2023-11-06 22:08:47,642 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:47,642 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2023-11-06 22:08:47,642 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:47,643 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2023-11-06 22:08:47,643 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2023-11-06 22:08:47,643 INFO L87 Difference]: Start difference. First operand 280 states and 357 transitions. Second operand has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 22:08:47,930 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:47,930 INFO L93 Difference]: Finished difference Result 556 states and 715 transitions. [2023-11-06 22:08:47,932 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2023-11-06 22:08:47,932 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 54 [2023-11-06 22:08:47,932 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:47,935 INFO L225 Difference]: With dead ends: 556 [2023-11-06 22:08:47,935 INFO L226 Difference]: Without dead ends: 284 [2023-11-06 22:08:47,937 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=53, Invalid=157, Unknown=0, NotChecked=0, Total=210 [2023-11-06 22:08:47,938 INFO L413 NwaCegarLoop]: 75 mSDtfsCounter, 126 mSDsluCounter, 305 mSDsCounter, 0 mSdLazyCounter, 173 mSolverCounterSat, 30 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 132 SdHoareTripleChecker+Valid, 380 SdHoareTripleChecker+Invalid, 203 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 30 IncrementalHoareTripleChecker+Valid, 173 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:47,938 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [132 Valid, 380 Invalid, 203 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [30 Valid, 173 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 22:08:47,939 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 284 states. [2023-11-06 22:08:47,979 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 284 to 276. [2023-11-06 22:08:47,980 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 276 states, 212 states have (on average 1.2169811320754718) internal successors, (258), 223 states have internal predecessors, (258), 34 states have call successors, (34), 28 states have call predecessors, (34), 29 states have return successors, (53), 34 states have call predecessors, (53), 34 states have call successors, (53) [2023-11-06 22:08:47,982 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 276 states to 276 states and 345 transitions. [2023-11-06 22:08:47,983 INFO L78 Accepts]: Start accepts. Automaton has 276 states and 345 transitions. Word has length 54 [2023-11-06 22:08:47,983 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:47,983 INFO L495 AbstractCegarLoop]: Abstraction has 276 states and 345 transitions. [2023-11-06 22:08:47,983 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 22:08:47,984 INFO L276 IsEmpty]: Start isEmpty. Operand 276 states and 345 transitions. [2023-11-06 22:08:47,986 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2023-11-06 22:08:47,990 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:47,991 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:47,991 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2023-11-06 22:08:47,991 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:47,991 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:47,992 INFO L85 PathProgramCache]: Analyzing trace with hash -731489466, now seen corresponding path program 1 times [2023-11-06 22:08:47,992 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:47,992 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [185363806] [2023-11-06 22:08:47,992 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:47,992 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:48,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:48,175 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2023-11-06 22:08:48,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:48,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:08:48,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:48,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2023-11-06 22:08:48,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:48,251 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2023-11-06 22:08:48,252 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:48,256 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:08:48,256 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:48,256 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [185363806] [2023-11-06 22:08:48,256 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [185363806] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:08:48,257 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:08:48,257 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2023-11-06 22:08:48,257 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1001922036] [2023-11-06 22:08:48,257 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:08:48,259 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2023-11-06 22:08:48,259 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:48,260 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2023-11-06 22:08:48,260 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=56, Unknown=0, NotChecked=0, Total=72 [2023-11-06 22:08:48,261 INFO L87 Difference]: Start difference. First operand 276 states and 345 transitions. Second operand has 9 states, 9 states have (on average 5.0) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 22:08:48,980 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:48,981 INFO L93 Difference]: Finished difference Result 843 states and 1094 transitions. [2023-11-06 22:08:48,981 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 24 states. [2023-11-06 22:08:48,981 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 5.0) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 56 [2023-11-06 22:08:48,982 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:48,987 INFO L225 Difference]: With dead ends: 843 [2023-11-06 22:08:48,987 INFO L226 Difference]: Without dead ends: 626 [2023-11-06 22:08:48,989 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 24 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 127 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=147, Invalid=503, Unknown=0, NotChecked=0, Total=650 [2023-11-06 22:08:48,990 INFO L413 NwaCegarLoop]: 98 mSDtfsCounter, 401 mSDsluCounter, 423 mSDsCounter, 0 mSdLazyCounter, 403 mSolverCounterSat, 119 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 406 SdHoareTripleChecker+Valid, 521 SdHoareTripleChecker+Invalid, 522 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 119 IncrementalHoareTripleChecker+Valid, 403 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:48,990 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [406 Valid, 521 Invalid, 522 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [119 Valid, 403 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2023-11-06 22:08:48,992 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 626 states. [2023-11-06 22:08:49,069 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 626 to 533. [2023-11-06 22:08:49,070 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 533 states, 410 states have (on average 1.2146341463414634) internal successors, (498), 434 states have internal predecessors, (498), 65 states have call successors, (65), 49 states have call predecessors, (65), 57 states have return successors, (104), 67 states have call predecessors, (104), 65 states have call successors, (104) [2023-11-06 22:08:49,075 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 533 states to 533 states and 667 transitions. [2023-11-06 22:08:49,076 INFO L78 Accepts]: Start accepts. Automaton has 533 states and 667 transitions. Word has length 56 [2023-11-06 22:08:49,076 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:49,076 INFO L495 AbstractCegarLoop]: Abstraction has 533 states and 667 transitions. [2023-11-06 22:08:49,077 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 5.0) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 22:08:49,077 INFO L276 IsEmpty]: Start isEmpty. Operand 533 states and 667 transitions. [2023-11-06 22:08:49,078 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2023-11-06 22:08:49,078 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:49,079 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:49,079 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2023-11-06 22:08:49,079 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:49,079 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:49,080 INFO L85 PathProgramCache]: Analyzing trace with hash -981985599, now seen corresponding path program 1 times [2023-11-06 22:08:49,080 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:49,080 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [562336534] [2023-11-06 22:08:49,080 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:49,080 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:49,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2023-11-06 22:08:49,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2023-11-06 22:08:49,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:08:49,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,318 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2023-11-06 22:08:49,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2023-11-06 22:08:49,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,343 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2023-11-06 22:08:49,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,347 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:08:49,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,349 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2023-11-06 22:08:49,350 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,352 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 18 proven. 9 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2023-11-06 22:08:49,352 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:49,352 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [562336534] [2023-11-06 22:08:49,352 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [562336534] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 22:08:49,353 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1278944173] [2023-11-06 22:08:49,353 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:49,353 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:08:49,353 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 22:08:49,357 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 22:08:49,372 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2023-11-06 22:08:49,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:49,490 INFO L262 TraceCheckSpWp]: Trace formula consists of 330 conjuncts, 8 conjunts are in the unsatisfiable core [2023-11-06 22:08:49,499 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 22:08:49,712 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 25 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:08:49,712 INFO L327 TraceCheckSpWp]: Computing backward predicates... [2023-11-06 22:08:49,963 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2023-11-06 22:08:49,963 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1278944173] provided 0 perfect and 2 imperfect interpolant sequences [2023-11-06 22:08:49,963 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2023-11-06 22:08:49,963 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 6, 6] total 16 [2023-11-06 22:08:49,964 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [908525789] [2023-11-06 22:08:49,964 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2023-11-06 22:08:49,965 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 16 states [2023-11-06 22:08:49,965 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:49,966 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2023-11-06 22:08:49,967 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=38, Invalid=202, Unknown=0, NotChecked=0, Total=240 [2023-11-06 22:08:49,968 INFO L87 Difference]: Start difference. First operand 533 states and 667 transitions. Second operand has 16 states, 16 states have (on average 7.4375) internal successors, (119), 11 states have internal predecessors, (119), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2023-11-06 22:08:51,361 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:51,361 INFO L93 Difference]: Finished difference Result 1150 states and 1477 transitions. [2023-11-06 22:08:51,362 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2023-11-06 22:08:51,362 INFO L78 Accepts]: Start accepts. Automaton has has 16 states, 16 states have (on average 7.4375) internal successors, (119), 11 states have internal predecessors, (119), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) Word has length 96 [2023-11-06 22:08:51,363 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:51,367 INFO L225 Difference]: With dead ends: 1150 [2023-11-06 22:08:51,368 INFO L226 Difference]: Without dead ends: 674 [2023-11-06 22:08:51,371 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 261 GetRequests, 214 SyntacticMatches, 4 SemanticMatches, 43 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 472 ImplicationChecksByTransitivity, 0.6s TimeCoverageRelationStatistics Valid=349, Invalid=1631, Unknown=0, NotChecked=0, Total=1980 [2023-11-06 22:08:51,372 INFO L413 NwaCegarLoop]: 175 mSDtfsCounter, 374 mSDsluCounter, 1462 mSDsCounter, 0 mSdLazyCounter, 1173 mSolverCounterSat, 110 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 375 SdHoareTripleChecker+Valid, 1637 SdHoareTripleChecker+Invalid, 1283 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 110 IncrementalHoareTripleChecker+Valid, 1173 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:51,372 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [375 Valid, 1637 Invalid, 1283 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [110 Valid, 1173 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2023-11-06 22:08:51,374 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 674 states. [2023-11-06 22:08:51,495 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 674 to 598. [2023-11-06 22:08:51,497 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 598 states, 454 states have (on average 1.2026431718061674) internal successors, (546), 486 states have internal predecessors, (546), 75 states have call successors, (75), 63 states have call predecessors, (75), 68 states have return successors, (100), 70 states have call predecessors, (100), 75 states have call successors, (100) [2023-11-06 22:08:51,503 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 598 states to 598 states and 721 transitions. [2023-11-06 22:08:51,503 INFO L78 Accepts]: Start accepts. Automaton has 598 states and 721 transitions. Word has length 96 [2023-11-06 22:08:51,504 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:51,504 INFO L495 AbstractCegarLoop]: Abstraction has 598 states and 721 transitions. [2023-11-06 22:08:51,504 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 16 states, 16 states have (on average 7.4375) internal successors, (119), 11 states have internal predecessors, (119), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2023-11-06 22:08:51,505 INFO L276 IsEmpty]: Start isEmpty. Operand 598 states and 721 transitions. [2023-11-06 22:08:51,509 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 169 [2023-11-06 22:08:51,509 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:08:51,509 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:08:51,521 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2023-11-06 22:08:51,715 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2023-11-06 22:08:51,716 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:08:51,716 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:08:51,716 INFO L85 PathProgramCache]: Analyzing trace with hash -1684606529, now seen corresponding path program 1 times [2023-11-06 22:08:51,716 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:08:51,716 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1885447229] [2023-11-06 22:08:51,717 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:51,717 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:08:51,763 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:51,999 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2023-11-06 22:08:52,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2023-11-06 22:08:52,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,050 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:08:52,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,060 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2023-11-06 22:08:52,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2023-11-06 22:08:52,073 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,170 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:08:52,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2023-11-06 22:08:52,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,184 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:08:52,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2023-11-06 22:08:52,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,194 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:08:52,195 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2023-11-06 22:08:52,198 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2023-11-06 22:08:52,202 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,204 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2023-11-06 22:08:52,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,208 INFO L134 CoverageAnalysis]: Checked inductivity of 190 backedges. 92 proven. 28 refuted. 0 times theorem prover too weak. 70 trivial. 0 not checked. [2023-11-06 22:08:52,208 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:08:52,208 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1885447229] [2023-11-06 22:08:52,208 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1885447229] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 22:08:52,209 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [328179834] [2023-11-06 22:08:52,209 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:08:52,209 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:08:52,209 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 22:08:52,210 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 22:08:52,232 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2023-11-06 22:08:52,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:08:52,393 INFO L262 TraceCheckSpWp]: Trace formula consists of 525 conjuncts, 13 conjunts are in the unsatisfiable core [2023-11-06 22:08:52,413 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 22:08:52,719 INFO L134 CoverageAnalysis]: Checked inductivity of 190 backedges. 138 proven. 4 refuted. 0 times theorem prover too weak. 48 trivial. 0 not checked. [2023-11-06 22:08:52,719 INFO L327 TraceCheckSpWp]: Computing backward predicates... [2023-11-06 22:08:53,252 INFO L134 CoverageAnalysis]: Checked inductivity of 190 backedges. 81 proven. 39 refuted. 0 times theorem prover too weak. 70 trivial. 0 not checked. [2023-11-06 22:08:53,252 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [328179834] provided 0 perfect and 2 imperfect interpolant sequences [2023-11-06 22:08:53,253 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2023-11-06 22:08:53,253 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 10, 11] total 25 [2023-11-06 22:08:53,253 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1350798079] [2023-11-06 22:08:53,253 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2023-11-06 22:08:53,254 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 25 states [2023-11-06 22:08:53,255 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:08:53,256 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 25 interpolants. [2023-11-06 22:08:53,256 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=121, Invalid=479, Unknown=0, NotChecked=0, Total=600 [2023-11-06 22:08:53,257 INFO L87 Difference]: Start difference. First operand 598 states and 721 transitions. Second operand has 25 states, 25 states have (on average 8.0) internal successors, (200), 22 states have internal predecessors, (200), 10 states have call successors, (28), 8 states have call predecessors, (28), 9 states have return successors, (27), 9 states have call predecessors, (27), 10 states have call successors, (27) [2023-11-06 22:08:54,452 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:08:54,452 INFO L93 Difference]: Finished difference Result 1242 states and 1546 transitions. [2023-11-06 22:08:54,453 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2023-11-06 22:08:54,453 INFO L78 Accepts]: Start accepts. Automaton has has 25 states, 25 states have (on average 8.0) internal successors, (200), 22 states have internal predecessors, (200), 10 states have call successors, (28), 8 states have call predecessors, (28), 9 states have return successors, (27), 9 states have call predecessors, (27), 10 states have call successors, (27) Word has length 168 [2023-11-06 22:08:54,454 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:08:54,455 INFO L225 Difference]: With dead ends: 1242 [2023-11-06 22:08:54,455 INFO L226 Difference]: Without dead ends: 0 [2023-11-06 22:08:54,459 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 402 GetRequests, 352 SyntacticMatches, 4 SemanticMatches, 46 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 438 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=481, Invalid=1775, Unknown=0, NotChecked=0, Total=2256 [2023-11-06 22:08:54,460 INFO L413 NwaCegarLoop]: 97 mSDtfsCounter, 600 mSDsluCounter, 692 mSDsCounter, 0 mSdLazyCounter, 1012 mSolverCounterSat, 191 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 603 SdHoareTripleChecker+Valid, 789 SdHoareTripleChecker+Invalid, 1203 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 191 IncrementalHoareTripleChecker+Valid, 1012 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2023-11-06 22:08:54,460 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [603 Valid, 789 Invalid, 1203 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [191 Valid, 1012 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2023-11-06 22:08:54,461 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2023-11-06 22:08:54,461 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2023-11-06 22:08:54,461 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2023-11-06 22:08:54,461 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2023-11-06 22:08:54,462 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 168 [2023-11-06 22:08:54,462 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:08:54,462 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2023-11-06 22:08:54,462 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 25 states, 25 states have (on average 8.0) internal successors, (200), 22 states have internal predecessors, (200), 10 states have call successors, (28), 8 states have call predecessors, (28), 9 states have return successors, (27), 9 states have call predecessors, (27), 10 states have call successors, (27) [2023-11-06 22:08:54,463 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2023-11-06 22:08:54,463 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2023-11-06 22:08:54,465 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2023-11-06 22:08:54,473 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2023-11-06 22:08:54,672 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10,3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:08:54,674 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2023-11-06 22:09:01,756 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 713 719) no Hoare annotation was computed. [2023-11-06 22:09:01,756 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 713 719) the Hoare annotation is: true [2023-11-06 22:09:01,757 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 612 623) the Hoare annotation is: true [2023-11-06 22:09:01,757 INFO L899 garLoopResultBuilder]: For program point L616-1(lines 612 623) no Hoare annotation was computed. [2023-11-06 22:09:01,757 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 612 623) no Hoare annotation was computed. [2023-11-06 22:09:01,758 INFO L895 garLoopResultBuilder]: At program point L766(line 766) the Hoare annotation is: (let ((.cse1 (< |old(~pumpRunning~0)| 1)) (.cse0 (= 0 ~systemActive~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 (< 2 |old(~waterLevel~0)|)) (or (not (= |old(~waterLevel~0)| 2)) .cse1 .cse0) (or (< 1 |old(~waterLevel~0)|) (< |old(~switchedOnBeforeTS~0)| 1) .cse1 .cse0))) [2023-11-06 22:09:01,758 INFO L895 garLoopResultBuilder]: At program point L766-1(lines 747 771) the Hoare annotation is: (let ((.cse6 (= ~pumpRunning~0 0)) (.cse9 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse12 (<= ~waterLevel~0 1)) (.cse13 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse10 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse0 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse1 (and .cse9 .cse12 .cse13 .cse10)) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (< 2 |old(~waterLevel~0)|)) (.cse4 (and .cse6 .cse12 .cse13 .cse10)) (.cse5 (= |old(~waterLevel~0)| 2)) (.cse2 (< |old(~pumpRunning~0)| 1)) (.cse3 (= 0 ~systemActive~0))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3 .cse4) (or (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0) .cse5) (not (= |old(~pumpRunning~0)| 0)) (and .cse6 .cse7) .cse3 .cse8) (or (and .cse9 .cse7 .cse10) .cse0 .cse1 .cse2 (and .cse6 .cse7 .cse10) .cse3 .cse8 .cse4) (let ((.cse11 (= ~waterLevel~0 1))) (or (and .cse9 .cse11 .cse10) (not .cse5) .cse2 .cse3 (and .cse6 .cse11 .cse10)))))) [2023-11-06 22:09:01,758 INFO L899 garLoopResultBuilder]: For program point L700-1(lines 700 706) no Hoare annotation was computed. [2023-11-06 22:09:01,758 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 686 712) no Hoare annotation was computed. [2023-11-06 22:09:01,759 INFO L895 garLoopResultBuilder]: At program point getWaterLevel_returnLabel#1(lines 656 664) the Hoare annotation is: (let ((.cse9 (= ~pumpRunning~0 0)) (.cse16 (<= 1 ~pumpRunning~0)) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse10 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse17 (<= ~waterLevel~0 1)) (.cse18 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse8 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse11 (< 1 |old(~waterLevel~0)|)) (.cse0 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse1 (and .cse16 .cse6 .cse10 .cse17 .cse18 .cse8)) (.cse2 (and .cse9 .cse10 .cse17 .cse18 .cse8)) (.cse13 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (< |old(~pumpRunning~0)| 1)) (.cse12 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= |old(~waterLevel~0)| 2))) (.cse4 (= 0 ~systemActive~0))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3 .cse4) (let ((.cse7 (= ~waterLevel~0 1))) (or .cse5 .cse3 (and .cse6 .cse7 .cse8 (= |timeShift_getWaterLevel_#res#1| 1)) .cse4 (and .cse9 .cse10 .cse7 .cse8))) (or .cse11 .cse12 (and .cse9 .cse10 .cse13) .cse4) (or .cse11 .cse0 .cse1 .cse2 (and .cse9 .cse10 .cse13 .cse8) (and .cse6 .cse10 .cse13 .cse8) .cse3 .cse4) (let ((.cse14 (= 2 ~waterLevel~0)) (.cse15 (= 2 |timeShift_getWaterLevel_#res#1|))) (or .cse12 (and .cse9 .cse14 .cse15) .cse5 .cse4 (and .cse16 .cse14 .cse15)))))) [2023-11-06 22:09:01,759 INFO L895 garLoopResultBuilder]: At program point L181(line 181) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= 2 ~waterLevel~0)) (.cse3 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse7 (< |old(~pumpRunning~0)| 1)) (.cse5 (= 0 ~systemActive~0))) (and (or .cse0 (and .cse1 .cse2 .cse3) .cse4 .cse5) (or (< 1 |old(~waterLevel~0)|) (and .cse1 .cse3 .cse6) .cse0 .cse5) (or (< |old(~switchedOnBeforeTS~0)| 1) .cse7 .cse5 (and .cse8 .cse3 .cse6) (< 2 |old(~waterLevel~0)|)) (or (and .cse8 .cse2 .cse3) .cse4 .cse7 .cse5))) [2023-11-06 22:09:01,759 INFO L899 garLoopResultBuilder]: For program point L693(lines 693 699) no Hoare annotation was computed. [2023-11-06 22:09:01,760 INFO L899 garLoopResultBuilder]: For program point L181-1(line 181) no Hoare annotation was computed. [2023-11-06 22:09:01,760 INFO L899 garLoopResultBuilder]: For program point L693-2(lines 689 711) no Hoare annotation was computed. [2023-11-06 22:09:01,760 INFO L899 garLoopResultBuilder]: For program point L755(lines 755 763) no Hoare annotation was computed. [2023-11-06 22:09:01,760 INFO L899 garLoopResultBuilder]: For program point L751(lines 751 768) no Hoare annotation was computed. [2023-11-06 22:09:01,760 INFO L899 garLoopResultBuilder]: For program point L198(lines 198 208) no Hoare annotation was computed. [2023-11-06 22:09:01,760 INFO L899 garLoopResultBuilder]: For program point L194(lines 194 211) no Hoare annotation was computed. [2023-11-06 22:09:01,761 INFO L895 garLoopResultBuilder]: At program point L194-1(lines 186 214) the Hoare annotation is: (let ((.cse11 (= 0 ~systemActive~0))) (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse6 (= ~pumpRunning~0 0)) (.cse1 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse14 (<= ~waterLevel~0 1)) (.cse15 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse2 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~1#1| ~waterLevel~0)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse7 (not .cse11))) (let ((.cse5 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse8 (and .cse6 .cse1 .cse14 .cse15 .cse2 .cse4 .cse7)) (.cse9 (and .cse0 .cse1 .cse14 .cse15 .cse2 .cse4)) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse12 (= |old(~waterLevel~0)| 2)) (.cse10 (< |old(~pumpRunning~0)| 1))) (and (or (< 1 |old(~waterLevel~0)|) (and .cse0 .cse1 .cse2 .cse3 .cse4) .cse5 (and .cse6 .cse1 .cse2 .cse3 .cse4 .cse7) .cse8 .cse9 .cse10 .cse11) (or (not (= |old(~waterLevel~0)| 1)) .cse5 .cse8 .cse9 .cse10 .cse11) (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0) (= 2 |timeShift_getWaterLevel_#res#1|) (= |timeShift___utac_acc__Specification5_spec__3_~tmp~1#1| 2) .cse12) .cse11 (< 2 |old(~waterLevel~0)|) (and .cse6 .cse1 .cse2 .cse3)) (let ((.cse13 (= ~waterLevel~0 1))) (or (and .cse0 .cse1 .cse2 .cse13 .cse4) (not .cse12) .cse10 .cse11 (and .cse6 .cse1 .cse2 .cse13 .cse4 .cse7))))))) [2023-11-06 22:09:01,761 INFO L899 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2023-11-06 22:09:01,761 INFO L895 garLoopResultBuilder]: At program point __automaton_fail_returnLabel#1(lines 50 57) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= |old(~waterLevel~0)| 2))) (.cse3 (< 1 |old(~waterLevel~0)|)) (.cse4 (< |old(~pumpRunning~0)| 1)) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse0 .cse2) (or .cse1 .cse4 .cse2) (or .cse3 (< |old(~switchedOnBeforeTS~0)| 1) .cse4 .cse2))) [2023-11-06 22:09:01,761 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 686 712) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= 2 ~waterLevel~0)) (.cse3 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse7 (< |old(~pumpRunning~0)| 1)) (.cse5 (= 0 ~systemActive~0))) (and (or .cse0 (and .cse1 .cse2 .cse3) .cse4 .cse5) (or (< 1 |old(~waterLevel~0)|) (and .cse1 .cse3 .cse6) .cse0 .cse5) (or (< |old(~switchedOnBeforeTS~0)| 1) .cse7 .cse5 (and .cse8 .cse3 .cse6) (< 2 |old(~waterLevel~0)|)) (or (and .cse8 .cse2 .cse3) .cse4 .cse7 .cse5))) [2023-11-06 22:09:01,762 INFO L899 garLoopResultBuilder]: For program point L199(lines 199 205) no Hoare annotation was computed. [2023-11-06 22:09:01,762 INFO L895 garLoopResultBuilder]: At program point deactivatePump_returnLabel#1(lines 780 787) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 0)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse0 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (< 1 |old(~waterLevel~0)|)) (.cse5 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse1 (< |old(~pumpRunning~0)| 1)) (.cse2 (= 0 ~systemActive~0)) (.cse6 (and .cse3 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse4))) (and (or .cse0 .cse1 .cse2 (and .cse3 (= ~waterLevel~0 1) .cse4)) (or (not (= |old(~waterLevel~0)| 1)) .cse5 .cse1 .cse2 .cse6) (or .cse7 .cse0 .cse2) (or .cse8 .cse7 .cse2) (or .cse8 .cse5 .cse1 (and .cse3 (= |old(~waterLevel~0)| ~waterLevel~0) .cse4) .cse2 .cse6)))) [2023-11-06 22:09:01,762 INFO L895 garLoopResultBuilder]: At program point L761(line 761) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse7 (and .cse0 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1)) (.cse3 (< |old(~pumpRunning~0)| 1)) (.cse4 (= 0 ~systemActive~0))) (and (or (and .cse0 (= ~waterLevel~0 1) .cse1) .cse2 .cse3 .cse4) (or .cse5 .cse2 .cse4) (or (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) .cse6 .cse7 .cse3 .cse4 (< 2 |old(~waterLevel~0)|)) (or (< 1 |old(~waterLevel~0)|) .cse5 .cse4) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse7 .cse3 .cse4)))) [2023-11-06 22:09:01,762 INFO L895 garLoopResultBuilder]: At program point __utac_acc__Specification5_spec__2_returnLabel#1(lines 176 185) the Hoare annotation is: (let ((.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse0 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse0) .cse1 (< 2 |old(~waterLevel~0)|)) (or (and .cse2 (= 2 ~waterLevel~0) .cse3) (not (= |old(~waterLevel~0)| 2)) .cse4 .cse1) (or (< 1 |old(~waterLevel~0)|) (and .cse2 .cse0 .cse3) (< |old(~switchedOnBeforeTS~0)| 1) .cse4 .cse1))) [2023-11-06 22:09:01,763 INFO L899 garLoopResultBuilder]: For program point L592(lines 592 596) no Hoare annotation was computed. [2023-11-06 22:09:01,763 INFO L895 garLoopResultBuilder]: At program point L592-2(lines 588 599) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse7 (and .cse0 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1)) (.cse3 (< |old(~pumpRunning~0)| 1)) (.cse4 (= 0 ~systemActive~0))) (and (or (and .cse0 (= ~waterLevel~0 1) .cse1) .cse2 .cse3 .cse4) (or .cse5 .cse2 .cse4) (or (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) .cse6 .cse7 .cse3 .cse4 (< 2 |old(~waterLevel~0)|)) (or (< 1 |old(~waterLevel~0)|) .cse5 .cse4) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse7 .cse3 .cse4)))) [2023-11-06 22:09:01,763 INFO L895 garLoopResultBuilder]: At program point isMethaneLevelCritical_returnLabel#1(lines 624 632) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse7 (and .cse0 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1)) (.cse3 (< |old(~pumpRunning~0)| 1)) (.cse4 (= 0 ~systemActive~0))) (and (or (and .cse0 (= ~waterLevel~0 1) .cse1) .cse2 .cse3 .cse4) (or .cse5 .cse2 .cse4) (or (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) .cse6 .cse7 .cse3 .cse4 (< 2 |old(~waterLevel~0)|)) (or (< 1 |old(~waterLevel~0)|) .cse5 .cse4) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse7 .cse3 .cse4)))) [2023-11-06 22:09:01,763 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 686 712) no Hoare annotation was computed. [2023-11-06 22:09:01,764 INFO L895 garLoopResultBuilder]: At program point isMethaneAlarm_returnLabel#1(lines 788 798) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse7 (and .cse0 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1)) (.cse3 (< |old(~pumpRunning~0)| 1)) (.cse4 (= 0 ~systemActive~0))) (and (or (and .cse0 (= ~waterLevel~0 1) .cse1) .cse2 .cse3 .cse4) (or .cse5 .cse2 .cse4) (or (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) .cse6 .cse7 .cse3 .cse4 (< 2 |old(~waterLevel~0)|)) (or (< 1 |old(~waterLevel~0)|) .cse5 .cse4) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse7 .cse3 .cse4)))) [2023-11-06 22:09:01,764 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2023-11-06 22:09:01,764 INFO L895 garLoopResultBuilder]: At program point L196(line 196) the Hoare annotation is: (let ((.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse0 (= ~pumpRunning~0 0)) (.cse1 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse2 (<= ~waterLevel~0 1)) (.cse13 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse3 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~1#1| ~waterLevel~0)) (.cse7 (<= 1 ~switchedOnBeforeTS~0)) (.cse5 (= 0 ~systemActive~0))) (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse9 (and .cse0 .cse1 .cse2 .cse13 .cse3 .cse7 (not .cse5))) (.cse10 (and .cse6 .cse1 .cse2 .cse13 .cse3 .cse7)) (.cse11 (< |old(~pumpRunning~0)| 1))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and .cse0 .cse1 .cse2 .cse3 .cse4) .cse5 (< 2 |old(~waterLevel~0)|)) (or (< 1 |old(~waterLevel~0)|) (and .cse6 .cse1 .cse3 .cse4 .cse7) .cse8 (and .cse0 .cse1 .cse3 .cse4 .cse7) .cse9 .cse10 .cse11 .cse5) (let ((.cse12 (= ~waterLevel~0 1))) (or (and .cse6 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~1#1| 1) .cse12 .cse7 (= |timeShift_getWaterLevel_#res#1| 1)) (and .cse0 .cse1 .cse3 .cse12 .cse7) (not (= |old(~waterLevel~0)| 2)) .cse11 .cse5)) (or (not (= |old(~waterLevel~0)| 1)) .cse8 .cse9 .cse10 .cse11 .cse5)))) [2023-11-06 22:09:01,764 INFO L899 garLoopResultBuilder]: For program point L196-1(line 196) no Hoare annotation was computed. [2023-11-06 22:09:01,764 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 61 90) no Hoare annotation was computed. [2023-11-06 22:09:01,764 INFO L902 garLoopResultBuilder]: At program point L86(lines 61 90) the Hoare annotation is: true [2023-11-06 22:09:01,765 INFO L899 garLoopResultBuilder]: For program point L82(line 82) no Hoare annotation was computed. [2023-11-06 22:09:01,765 INFO L899 garLoopResultBuilder]: For program point L75(lines 75 79) no Hoare annotation was computed. [2023-11-06 22:09:01,765 INFO L902 garLoopResultBuilder]: At program point L75-1(lines 75 79) the Hoare annotation is: true [2023-11-06 22:09:01,765 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 61 90) the Hoare annotation is: true [2023-11-06 22:09:01,765 INFO L899 garLoopResultBuilder]: For program point L72(line 72) no Hoare annotation was computed. [2023-11-06 22:09:01,765 INFO L902 garLoopResultBuilder]: At program point L71-2(lines 71 85) the Hoare annotation is: true [2023-11-06 22:09:01,765 INFO L902 garLoopResultBuilder]: At program point L67(line 67) the Hoare annotation is: true [2023-11-06 22:09:01,765 INFO L899 garLoopResultBuilder]: For program point L67-1(line 67) no Hoare annotation was computed. [2023-11-06 22:09:01,765 INFO L899 garLoopResultBuilder]: For program point L927(lines 927 933) no Hoare annotation was computed. [2023-11-06 22:09:01,766 INFO L899 garLoopResultBuilder]: For program point L927-1(lines 927 933) no Hoare annotation was computed. [2023-11-06 22:09:01,766 INFO L895 garLoopResultBuilder]: At program point startSystem_returnLabel#1(lines 863 870) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse2 .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 (<= ~waterLevel~0 2) .cse4) (and .cse0 .cse1 .cse2 (<= ~waterLevel~0 1) .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4))) [2023-11-06 22:09:01,766 INFO L899 garLoopResultBuilder]: For program point L151(lines 151 158) no Hoare annotation was computed. [2023-11-06 22:09:01,766 INFO L899 garLoopResultBuilder]: For program point L919(lines 919 923) no Hoare annotation was computed. [2023-11-06 22:09:01,766 INFO L899 garLoopResultBuilder]: For program point L151-2(lines 151 158) no Hoare annotation was computed. [2023-11-06 22:09:01,766 INFO L902 garLoopResultBuilder]: At program point runTest_returnLabel#1(lines 127 137) the Hoare annotation is: true [2023-11-06 22:09:01,766 INFO L895 garLoopResultBuilder]: At program point select_features_returnLabel#1(lines 883 889) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2023-11-06 22:09:01,766 INFO L902 garLoopResultBuilder]: At program point main_returnLabel#1(lines 141 163) the Hoare annotation is: true [2023-11-06 22:09:01,766 INFO L895 garLoopResultBuilder]: At program point L965(lines 916 966) the Hoare annotation is: false [2023-11-06 22:09:01,766 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2023-11-06 22:09:01,766 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2023-11-06 22:09:01,767 INFO L895 garLoopResultBuilder]: At program point setup_returnLabel#1(lines 118 124) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~0#1| 1) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2023-11-06 22:09:01,767 INFO L899 garLoopResultBuilder]: For program point L937(lines 937 943) no Hoare annotation was computed. [2023-11-06 22:09:01,767 INFO L899 garLoopResultBuilder]: For program point L937-1(lines 937 943) no Hoare annotation was computed. [2023-11-06 22:09:01,767 INFO L895 garLoopResultBuilder]: At program point L962(lines 917 964) the Hoare annotation is: (let ((.cse6 (= ~pumpRunning~0 0)) (.cse1 (= 2 ~waterLevel~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse7 (<= ~waterLevel~0 1)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse2 .cse3 .cse7 .cse4 .cse5) (and .cse6 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse2 .cse3 .cse7 .cse4 (<= 1 ~switchedOnBeforeTS~0) .cse5))) [2023-11-06 22:09:01,767 INFO L895 garLoopResultBuilder]: At program point L929(line 929) the Hoare annotation is: (let ((.cse6 (= ~pumpRunning~0 0)) (.cse1 (= 2 ~waterLevel~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse7 (<= ~waterLevel~0 1)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse2 .cse3 .cse7 .cse4 .cse5) (and .cse6 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse2 .cse3 .cse7 .cse4 (<= 1 ~switchedOnBeforeTS~0) .cse5))) [2023-11-06 22:09:01,767 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2023-11-06 22:09:01,767 INFO L895 garLoopResultBuilder]: At program point __utac_acc__Specification5_spec__1_returnLabel#1(lines 168 175) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~0#1| 1) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2023-11-06 22:09:01,767 INFO L899 garLoopResultBuilder]: For program point $Ultimate##0(line -1) no Hoare annotation was computed. [2023-11-06 22:09:01,767 INFO L895 garLoopResultBuilder]: At program point select_helpers_returnLabel#1(lines 890 896) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2023-11-06 22:09:01,768 INFO L899 garLoopResultBuilder]: For program point L955(lines 955 959) no Hoare annotation was computed. [2023-11-06 22:09:01,768 INFO L895 garLoopResultBuilder]: At program point L955-2(lines 947 960) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse2 .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 (<= ~waterLevel~0 2) .cse4) (and .cse0 .cse1 .cse2 (<= ~waterLevel~0 1) .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4))) [2023-11-06 22:09:01,768 INFO L899 garLoopResultBuilder]: For program point L918(lines 917 964) no Hoare annotation was computed. [2023-11-06 22:09:01,768 INFO L899 garLoopResultBuilder]: For program point L947(lines 947 960) no Hoare annotation was computed. [2023-11-06 22:09:01,768 INFO L895 garLoopResultBuilder]: At program point valid_product_returnLabel#1(lines 897 905) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2023-11-06 22:09:01,768 INFO L895 garLoopResultBuilder]: At program point L939(line 939) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse2 .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 (<= ~waterLevel~0 2) .cse4) (and .cse0 .cse1 .cse2 (<= ~waterLevel~0 1) .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4))) [2023-11-06 22:09:01,768 INFO L902 garLoopResultBuilder]: At program point L968(lines 907 972) the Hoare annotation is: true [2023-11-06 22:09:01,768 INFO L895 garLoopResultBuilder]: At program point L735(line 735) the Hoare annotation is: (let ((.cse3 (= 0 ~systemActive~0))) (let ((.cse2 (< 1 ~waterLevel~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~5#1| 0) (not .cse3)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse3) (or .cse0 .cse1 (not (= 2 ~waterLevel~0)) .cse3)))) [2023-11-06 22:09:01,769 INFO L899 garLoopResultBuilder]: For program point L669(lines 669 675) no Hoare annotation was computed. [2023-11-06 22:09:01,769 INFO L895 garLoopResultBuilder]: At program point activatePump_returnLabel#1(lines 772 779) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (< 1 ~waterLevel~0) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse0) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0)) .cse0))) [2023-11-06 22:09:01,769 INFO L899 garLoopResultBuilder]: For program point L729(lines 729 737) no Hoare annotation was computed. [2023-11-06 22:09:01,769 INFO L899 garLoopResultBuilder]: For program point L725(lines 725 742) no Hoare annotation was computed. [2023-11-06 22:09:01,769 INFO L899 garLoopResultBuilder]: For program point L853(lines 853 857) no Hoare annotation was computed. [2023-11-06 22:09:01,770 INFO L899 garLoopResultBuilder]: For program point L853-2(lines 853 857) no Hoare annotation was computed. [2023-11-06 22:09:01,770 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 721 745) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse3 (< 1 ~waterLevel~0)) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 (not (= 2 ~waterLevel~0)) .cse2) (or .cse0 .cse1 .cse3 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse3 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse2))) [2023-11-06 22:09:01,770 INFO L895 garLoopResultBuilder]: At program point L740(line 740) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (< 1 ~waterLevel~0)) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2) (or .cse0 (not (= 2 ~waterLevel~0)) .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse2))) [2023-11-06 22:09:01,770 INFO L899 garLoopResultBuilder]: For program point L740-1(lines 721 745) no Hoare annotation was computed. [2023-11-06 22:09:01,770 INFO L895 garLoopResultBuilder]: At program point isHighWaterSensorDry_returnLabel#1(lines 665 678) the Hoare annotation is: (let ((.cse1 (= 0 ~systemActive~0))) (and (let ((.cse0 (= ~pumpRunning~0 0))) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (and .cse0 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 1)) (and .cse0 (= 2 ~waterLevel~0)) .cse1)) (or (< 1 ~waterLevel~0) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1))) [2023-11-06 22:09:01,771 INFO L895 garLoopResultBuilder]: At program point isHighWaterLevel_returnLabel#1(lines 844 862) the Hoare annotation is: (let ((.cse1 (= 0 ~systemActive~0))) (and (let ((.cse0 (= ~pumpRunning~0 0))) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (and .cse0 (= 2 ~waterLevel~0)) (and .cse0 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)) .cse1)) (or (< 1 ~waterLevel~0) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1))) [2023-11-06 22:09:01,771 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 721 745) no Hoare annotation was computed. [2023-11-06 22:09:01,771 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 600 611) no Hoare annotation was computed. [2023-11-06 22:09:01,771 INFO L899 garLoopResultBuilder]: For program point L604-1(lines 600 611) no Hoare annotation was computed. [2023-11-06 22:09:01,771 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 600 611) the Hoare annotation is: (let ((.cse1 (not (= ~pumpRunning~0 0))) (.cse5 (= 2 ~waterLevel~0)) (.cse6 (not (= |old(~waterLevel~0)| 2))) (.cse0 (< 1 |old(~waterLevel~0)|)) (.cse4 (< ~pumpRunning~0 1)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse5 .cse6 .cse3) (or .cse1 .cse5 .cse6 .cse3) (or .cse0 .cse4 (< ~switchedOnBeforeTS~0 1) .cse2 .cse3))) [2023-11-06 22:09:01,771 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 799 807) no Hoare annotation was computed. [2023-11-06 22:09:01,772 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 799 807) no Hoare annotation was computed. [2023-11-06 22:09:01,772 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 799 807) the Hoare annotation is: true [2023-11-06 22:09:01,774 INFO L445 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:09:01,776 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2023-11-06 22:09:01,835 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 06.11 10:09:01 BoogieIcfgContainer [2023-11-06 22:09:01,836 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2023-11-06 22:09:01,836 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2023-11-06 22:09:01,837 INFO L270 PluginConnector]: Initializing Witness Printer... [2023-11-06 22:09:01,837 INFO L274 PluginConnector]: Witness Printer initialized [2023-11-06 22:09:01,837 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:08:44" (3/4) ... [2023-11-06 22:09:01,840 INFO L137 WitnessPrinter]: Generating witness for correct program [2023-11-06 22:09:01,844 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2023-11-06 22:09:01,844 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2023-11-06 22:09:01,845 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2023-11-06 22:09:01,845 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2023-11-06 22:09:01,845 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 22:09:01,845 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2023-11-06 22:09:01,845 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2023-11-06 22:09:01,867 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 18 nodes and edges [2023-11-06 22:09:01,868 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2023-11-06 22:09:01,868 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2023-11-06 22:09:01,869 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 22:09:01,869 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 22:09:01,901 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0) && (\result == 1)) && (waterLevel == 1)) && !((0 == systemActive))) [2023-11-06 22:09:01,901 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel == 1)) && !((0 == systemActive))) [2023-11-06 22:09:01,902 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel == 1)) && !((0 == systemActive))) [2023-11-06 22:09:01,902 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive))) || ((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && !((0 == systemActive)))) || ((((((pumpRunning == 0) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive)))) || (((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) [2023-11-06 22:09:01,905 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (0 == systemActive)) || (2 < \old(waterLevel))) && ((((((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,905 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,907 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((1 < \old(waterLevel)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || ((((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (((((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || (((((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((!((\old(pumpRunning) == 0)) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (tmp == 2)) && (\old(waterLevel) == 2))) || (0 == systemActive)) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)))) && (((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (tmp == waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive))))) [2023-11-06 22:09:01,907 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive))) || ((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && !((0 == systemActive)))) || (((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) [2023-11-06 22:09:01,908 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) && (((((((1 <= pumpRunning) && (2 == waterLevel)) && (\old(waterLevel) == 2)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (0 == systemActive)) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 22:09:01,908 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive)) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,909 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && (\result == 1))) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (((pumpRunning == 0) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel))) || (0 == systemActive))) && ((((((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || ((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == 0) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((!((\old(pumpRunning) == 0)) || (((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result))) || !((\old(waterLevel) == 2))) || (0 == systemActive)) || (((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)))) [2023-11-06 22:09:01,909 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,910 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 1))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive)) && ((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,910 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,911 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) [2023-11-06 22:09:01,911 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) || (0 == systemActive)) && ((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,915 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 22:09:01,976 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0) && (\result == 1)) && (waterLevel == 1)) && !((0 == systemActive))) [2023-11-06 22:09:01,977 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel == 1)) && !((0 == systemActive))) [2023-11-06 22:09:01,977 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel == 1)) && !((0 == systemActive))) [2023-11-06 22:09:01,977 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive))) || ((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && !((0 == systemActive)))) || ((((((pumpRunning == 0) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive)))) || (((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) [2023-11-06 22:09:01,978 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (0 == systemActive)) || (2 < \old(waterLevel))) && ((((((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,979 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,979 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((1 < \old(waterLevel)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || ((((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (((((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || (((((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((!((\old(pumpRunning) == 0)) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (tmp == 2)) && (\old(waterLevel) == 2))) || (0 == systemActive)) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)))) && (((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (tmp == waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive))))) [2023-11-06 22:09:01,979 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive))) || ((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && !((0 == systemActive)))) || (((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) [2023-11-06 22:09:01,979 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) && (((((((1 <= pumpRunning) && (2 == waterLevel)) && (\old(waterLevel) == 2)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (0 == systemActive)) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 22:09:01,980 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive)) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,980 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && (\result == 1))) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (((pumpRunning == 0) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel))) || (0 == systemActive))) && ((((((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || ((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == 0) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((!((\old(pumpRunning) == 0)) || (((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result))) || !((\old(waterLevel) == 2))) || (0 == systemActive)) || (((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)))) [2023-11-06 22:09:01,980 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,980 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 1))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive)) && ((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,981 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,981 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) [2023-11-06 22:09:01,981 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) || (0 == systemActive)) && ((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 22:09:01,982 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 22:09:02,003 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.graphml [2023-11-06 22:09:02,003 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.yaml [2023-11-06 22:09:02,004 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2023-11-06 22:09:02,004 INFO L158 Benchmark]: Toolchain (without parser) took 18913.29ms. Allocated memory was 136.3MB in the beginning and 237.0MB in the end (delta: 100.7MB). Free memory was 95.7MB in the beginning and 152.0MB in the end (delta: -56.4MB). Peak memory consumption was 43.7MB. Max. memory is 16.1GB. [2023-11-06 22:09:02,005 INFO L158 Benchmark]: CDTParser took 0.33ms. Allocated memory is still 107.0MB. Free memory is still 78.5MB. There was no memory consumed. Max. memory is 16.1GB. [2023-11-06 22:09:02,005 INFO L158 Benchmark]: CACSL2BoogieTranslator took 700.29ms. Allocated memory is still 136.3MB. Free memory was 95.2MB in the beginning and 99.9MB in the end (delta: -4.7MB). Peak memory consumption was 12.6MB. Max. memory is 16.1GB. [2023-11-06 22:09:02,006 INFO L158 Benchmark]: Boogie Procedure Inliner took 54.85ms. Allocated memory is still 136.3MB. Free memory was 99.9MB in the beginning and 97.9MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 22:09:02,006 INFO L158 Benchmark]: Boogie Preprocessor took 36.29ms. Allocated memory is still 136.3MB. Free memory was 97.4MB in the beginning and 96.2MB in the end (delta: 1.2MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 22:09:02,007 INFO L158 Benchmark]: RCFGBuilder took 653.01ms. Allocated memory is still 136.3MB. Free memory was 96.2MB in the beginning and 78.2MB in the end (delta: 18.0MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2023-11-06 22:09:02,007 INFO L158 Benchmark]: TraceAbstraction took 17293.86ms. Allocated memory was 136.3MB in the beginning and 237.0MB in the end (delta: 100.7MB). Free memory was 77.8MB in the beginning and 159.4MB in the end (delta: -81.6MB). Peak memory consumption was 113.1MB. Max. memory is 16.1GB. [2023-11-06 22:09:02,008 INFO L158 Benchmark]: Witness Printer took 167.36ms. Allocated memory is still 237.0MB. Free memory was 159.4MB in the beginning and 152.0MB in the end (delta: 7.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2023-11-06 22:09:02,011 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.33ms. Allocated memory is still 107.0MB. Free memory is still 78.5MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 700.29ms. Allocated memory is still 136.3MB. Free memory was 95.2MB in the beginning and 99.9MB in the end (delta: -4.7MB). Peak memory consumption was 12.6MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 54.85ms. Allocated memory is still 136.3MB. Free memory was 99.9MB in the beginning and 97.9MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 36.29ms. Allocated memory is still 136.3MB. Free memory was 97.4MB in the beginning and 96.2MB in the end (delta: 1.2MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 653.01ms. Allocated memory is still 136.3MB. Free memory was 96.2MB in the beginning and 78.2MB in the end (delta: 18.0MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 17293.86ms. Allocated memory was 136.3MB in the beginning and 237.0MB in the end (delta: 100.7MB). Free memory was 77.8MB in the beginning and 159.4MB in the end (delta: -81.6MB). Peak memory consumption was 113.1MB. Max. memory is 16.1GB. * Witness Printer took 167.36ms. Allocated memory is still 237.0MB. Free memory was 159.4MB in the beginning and 152.0MB in the end (delta: 7.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [49] - GenericResultAtLocation [Line: 58]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [58] - GenericResultAtLocation [Line: 164]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [164] - GenericResultAtLocation [Line: 215]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [215] - GenericResultAtLocation [Line: 581]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [581] - GenericResultAtLocation [Line: 679]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [679] - GenericResultAtLocation [Line: 871]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [871] - GenericResultAtLocation [Line: 906]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [906] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 91 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 17.2s, OverallIterations: 11, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 4.7s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 7.1s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2070 SdHoareTripleChecker+Valid, 2.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2038 mSDsluCounter, 4958 SdHoareTripleChecker+Invalid, 2.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3811 mSDsCounter, 555 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 3120 IncrementalHoareTripleChecker+Invalid, 3675 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 555 mSolverCounterUnsat, 1147 mSDtfsCounter, 3120 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 799 GetRequests, 640 SyntacticMatches, 8 SemanticMatches, 151 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1068 ImplicationChecksByTransitivity, 1.8s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=598occurred in iteration=10, InterpolantAutomatonStates: 131, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 11 MinimizatonAttempts, 200 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 43 LocationsWithAnnotation, 1392 PreInvPairs, 1663 NumberOfFragments, 2504 HoareAnnotationTreeSize, 1392 FomulaSimplifications, 6186 FormulaSimplificationTreeSizeReduction, 0.6s HoareSimplificationTime, 43 FomulaSimplificationsInter, 14620 FormulaSimplificationTreeSizeReductionInter, 6.3s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 3.5s InterpolantComputationTime, 941 NumberOfCodeBlocks, 941 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 1190 ConstructedInterpolants, 0 QuantifiedInterpolants, 2363 SizeOfPredicates, 6 NumberOfNonLiveVariables, 855 ConjunctsInSsa, 21 ConjunctsInUnsatCore, 15 InterpolantComputations, 9 PerfectInterpolantSequences, 602/699 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 118]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel == 1)) && !((0 == systemActive))) - InvariantResult [Line: 588]: Loop Invariant Derived loop invariant: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 883]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (waterLevel == 1)) && !((0 == systemActive))) - InvariantResult [Line: 772]: Loop Invariant Derived loop invariant: (((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || (0 == systemActive))) - InvariantResult [Line: 624]: Loop Invariant Derived loop invariant: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 788]: Loop Invariant Derived loop invariant: ((((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && ((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 71]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 665]: Loop Invariant Derived loop invariant: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 1))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive)) && ((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 186]: Loop Invariant Derived loop invariant: (((((((((((1 < \old(waterLevel)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || ((((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (((((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || (((((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((!((\old(pumpRunning) == 0)) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (tmp == 2)) && (\old(waterLevel) == 2))) || (0 == systemActive)) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (\old(waterLevel) == waterLevel)))) && (((((((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (tmp == waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((((pumpRunning == 0) && (waterLevel == \result)) && (tmp == waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive))))) - InvariantResult [Line: 916]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 907]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 844]: Loop Invariant Derived loop invariant: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) || (0 == systemActive)) && ((((1 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 127]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 61]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 168]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel == 1)) && !((0 == systemActive))) - InvariantResult [Line: 863]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive))) || ((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && !((0 == systemActive)))) || (((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: (((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive)) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 656]: Loop Invariant Derived loop invariant: (((((((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && (\result == 1))) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (((pumpRunning == 0) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel))) || (0 == systemActive))) && ((((((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || ((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == 0) && (waterLevel == \result)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == 0) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel == \result)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((((!((\old(pumpRunning) == 0)) || (((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result))) || !((\old(waterLevel) == 2))) || (0 == systemActive)) || (((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)))) - InvariantResult [Line: 897]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (\result == 1)) && (waterLevel == 1)) && !((0 == systemActive))) - InvariantResult [Line: 747]: Loop Invariant Derived loop invariant: ((((((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) && (((((((1 <= pumpRunning) && (2 == waterLevel)) && (\old(waterLevel) == 2)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || ((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (0 == systemActive)) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) - InvariantResult [Line: 890]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (waterLevel == 1)) && !((0 == systemActive))) - InvariantResult [Line: 176]: Loop Invariant Derived loop invariant: (((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (0 == systemActive)) || (2 < \old(waterLevel))) && ((((((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 917]: Loop Invariant Derived loop invariant: (((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive))) || ((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && !((0 == systemActive)))) || ((((((pumpRunning == 0) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && (splverifierCounter == 0)) && !((0 == systemActive)))) || (((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (splverifierCounter == 0)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) - InvariantResult [Line: 141]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 780]: Loop Invariant Derived loop invariant: (((((((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || (0 == systemActive))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || (0 == systemActive))) && ((((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (0 == systemActive)) || ((((pumpRunning == 0) && (waterLevel <= 1)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) RESULT: Ultimate proved your program to be correct! [2023-11-06 22:09:02,102 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1b033769-b57a-4406-a286-90016b5cb876/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE