./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e7bb482b Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 88f09ec5af0f641c9edfe2f7047937341e46c7f8baabeed0fd38f069cd3b5278 --- Real Ultimate output --- This is Ultimate 0.2.3-dev-e7bb482 [2023-11-06 23:03:07,688 INFO L188 SettingsManager]: Resetting all preferences to default values... [2023-11-06 23:03:07,808 INFO L114 SettingsManager]: Loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf [2023-11-06 23:03:07,819 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2023-11-06 23:03:07,820 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2023-11-06 23:03:07,865 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2023-11-06 23:03:07,866 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2023-11-06 23:03:07,867 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2023-11-06 23:03:07,868 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2023-11-06 23:03:07,873 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2023-11-06 23:03:07,874 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2023-11-06 23:03:07,875 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2023-11-06 23:03:07,875 INFO L153 SettingsManager]: * Use SBE=true [2023-11-06 23:03:07,877 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2023-11-06 23:03:07,878 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2023-11-06 23:03:07,878 INFO L153 SettingsManager]: * sizeof long=4 [2023-11-06 23:03:07,879 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2023-11-06 23:03:07,879 INFO L153 SettingsManager]: * sizeof POINTER=4 [2023-11-06 23:03:07,880 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2023-11-06 23:03:07,881 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2023-11-06 23:03:07,881 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2023-11-06 23:03:07,882 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2023-11-06 23:03:07,882 INFO L153 SettingsManager]: * sizeof long double=12 [2023-11-06 23:03:07,884 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2023-11-06 23:03:07,885 INFO L153 SettingsManager]: * Use constant arrays=true [2023-11-06 23:03:07,886 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2023-11-06 23:03:07,886 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2023-11-06 23:03:07,887 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2023-11-06 23:03:07,887 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 23:03:07,888 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2023-11-06 23:03:07,889 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2023-11-06 23:03:07,890 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2023-11-06 23:03:07,890 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2023-11-06 23:03:07,890 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2023-11-06 23:03:07,890 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2023-11-06 23:03:07,891 INFO L153 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2023-11-06 23:03:07,891 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2023-11-06 23:03:07,891 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2023-11-06 23:03:07,891 INFO L153 SettingsManager]: * Independence relation used for large block encoding in concurrent analysis=SYNTACTIC [2023-11-06 23:03:07,892 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 88f09ec5af0f641c9edfe2f7047937341e46c7f8baabeed0fd38f069cd3b5278 [2023-11-06 23:03:08,257 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2023-11-06 23:03:08,285 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2023-11-06 23:03:08,288 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2023-11-06 23:03:08,290 INFO L270 PluginConnector]: Initializing CDTParser... [2023-11-06 23:03:08,291 INFO L274 PluginConnector]: CDTParser initialized [2023-11-06 23:03:08,293 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c [2023-11-06 23:03:11,778 INFO L533 CDTParser]: Created temporary CDT project at NULL [2023-11-06 23:03:12,074 INFO L384 CDTParser]: Found 1 translation units. [2023-11-06 23:03:12,075 INFO L180 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c [2023-11-06 23:03:12,089 INFO L427 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/data/87be58cc6/7d419f6dddc54d7f8cb3c9da8c20c9b0/FLAG11d05d8d6 [2023-11-06 23:03:12,109 INFO L435 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/data/87be58cc6/7d419f6dddc54d7f8cb3c9da8c20c9b0 [2023-11-06 23:03:12,112 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2023-11-06 23:03:12,114 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2023-11-06 23:03:12,115 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2023-11-06 23:03:12,115 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2023-11-06 23:03:12,121 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2023-11-06 23:03:12,122 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,124 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1d7fa52d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12, skipping insertion in model container [2023-11-06 23:03:12,124 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,178 INFO L177 MainTranslator]: Built tables and reachable declarations [2023-11-06 23:03:12,356 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c[3971,3984] [2023-11-06 23:03:12,480 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 23:03:12,498 INFO L202 MainTranslator]: Completed pre-run [2023-11-06 23:03:12,514 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [49] [2023-11-06 23:03:12,516 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [101] [2023-11-06 23:03:12,517 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [211] [2023-11-06 23:03:12,517 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [220] [2023-11-06 23:03:12,517 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [323] [2023-11-06 23:03:12,518 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [560] [2023-11-06 23:03:12,518 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [627] [2023-11-06 23:03:12,518 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [662] [2023-11-06 23:03:12,550 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c[3971,3984] [2023-11-06 23:03:12,615 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 23:03:12,636 INFO L206 MainTranslator]: Completed translation [2023-11-06 23:03:12,636 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12 WrapperNode [2023-11-06 23:03:12,637 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2023-11-06 23:03:12,638 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2023-11-06 23:03:12,638 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2023-11-06 23:03:12,638 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2023-11-06 23:03:12,646 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,661 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,699 INFO L138 Inliner]: procedures = 59, calls = 106, calls flagged for inlining = 26, calls inlined = 23, statements flattened = 236 [2023-11-06 23:03:12,700 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2023-11-06 23:03:12,701 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2023-11-06 23:03:12,701 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2023-11-06 23:03:12,701 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2023-11-06 23:03:12,710 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,710 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,723 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,727 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,734 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,753 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,755 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,757 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,773 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2023-11-06 23:03:12,774 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2023-11-06 23:03:12,774 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2023-11-06 23:03:12,775 INFO L274 PluginConnector]: RCFGBuilder initialized [2023-11-06 23:03:12,776 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (1/1) ... [2023-11-06 23:03:12,783 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 23:03:12,795 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 23:03:12,810 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2023-11-06 23:03:12,825 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2023-11-06 23:03:12,856 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2023-11-06 23:03:12,857 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2023-11-06 23:03:12,858 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2023-11-06 23:03:12,858 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2023-11-06 23:03:12,860 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2023-11-06 23:03:12,860 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2023-11-06 23:03:12,860 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2023-11-06 23:03:12,861 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 23:03:12,861 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 23:03:12,861 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2023-11-06 23:03:12,861 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2023-11-06 23:03:12,861 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2023-11-06 23:03:12,862 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2023-11-06 23:03:12,862 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2023-11-06 23:03:12,862 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2023-11-06 23:03:12,863 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2023-11-06 23:03:12,863 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2023-11-06 23:03:12,870 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2023-11-06 23:03:12,870 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2023-11-06 23:03:12,870 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2023-11-06 23:03:12,871 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2023-11-06 23:03:12,871 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2023-11-06 23:03:12,952 INFO L236 CfgBuilder]: Building ICFG [2023-11-06 23:03:12,954 INFO L262 CfgBuilder]: Building CFG for each procedure with an implementation [2023-11-06 23:03:13,362 INFO L277 CfgBuilder]: Performing block encoding [2023-11-06 23:03:13,373 INFO L297 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2023-11-06 23:03:13,373 INFO L302 CfgBuilder]: Removed 2 assume(true) statements. [2023-11-06 23:03:13,376 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 11:03:13 BoogieIcfgContainer [2023-11-06 23:03:13,376 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2023-11-06 23:03:13,382 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2023-11-06 23:03:13,383 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2023-11-06 23:03:13,387 INFO L274 PluginConnector]: TraceAbstraction initialized [2023-11-06 23:03:13,388 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 06.11 11:03:12" (1/3) ... [2023-11-06 23:03:13,389 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1ccc3331 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 11:03:13, skipping insertion in model container [2023-11-06 23:03:13,389 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:03:12" (2/3) ... [2023-11-06 23:03:13,390 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1ccc3331 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 11:03:13, skipping insertion in model container [2023-11-06 23:03:13,390 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 11:03:13" (3/3) ... [2023-11-06 23:03:13,392 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product54.cil.c [2023-11-06 23:03:13,418 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2023-11-06 23:03:13,419 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2023-11-06 23:03:13,504 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2023-11-06 23:03:13,515 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@5cd888eb, mLbeIndependenceSettings=[IndependenceType=SYNTACTIC, AbstractionType=NONE, UseConditional=, UseSemiCommutativity=, Solver=, SolverTimeout=] [2023-11-06 23:03:13,516 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2023-11-06 23:03:13,522 INFO L276 IsEmpty]: Start isEmpty. Operand has 106 states, 79 states have (on average 1.3670886075949367) internal successors, (108), 89 states have internal predecessors, (108), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2023-11-06 23:03:13,544 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2023-11-06 23:03:13,544 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:13,545 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:13,546 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:13,554 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:13,555 INFO L85 PathProgramCache]: Analyzing trace with hash -17930075, now seen corresponding path program 1 times [2023-11-06 23:03:13,568 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:13,569 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2018320233] [2023-11-06 23:03:13,570 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:13,570 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:13,787 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:13,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2023-11-06 23:03:13,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:13,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2023-11-06 23:03:13,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:13,983 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:03:13,984 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:13,985 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2018320233] [2023-11-06 23:03:13,985 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2018320233] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:13,986 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:13,986 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2023-11-06 23:03:13,988 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1171067731] [2023-11-06 23:03:13,989 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:13,995 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2023-11-06 23:03:13,996 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:14,060 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2023-11-06 23:03:14,062 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 23:03:14,067 INFO L87 Difference]: Start difference. First operand has 106 states, 79 states have (on average 1.3670886075949367) internal successors, (108), 89 states have internal predecessors, (108), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 23:03:14,133 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:14,134 INFO L93 Difference]: Finished difference Result 203 states and 274 transitions. [2023-11-06 23:03:14,136 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2023-11-06 23:03:14,138 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2023-11-06 23:03:14,138 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:14,158 INFO L225 Difference]: With dead ends: 203 [2023-11-06 23:03:14,158 INFO L226 Difference]: Without dead ends: 97 [2023-11-06 23:03:14,164 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 23:03:14,169 INFO L413 NwaCegarLoop]: 134 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 134 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:14,170 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 134 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 23:03:14,190 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 97 states. [2023-11-06 23:03:14,225 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 97 to 97. [2023-11-06 23:03:14,227 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 97 states, 72 states have (on average 1.3055555555555556) internal successors, (94), 81 states have internal predecessors, (94), 16 states have call successors, (16), 9 states have call predecessors, (16), 8 states have return successors, (15), 10 states have call predecessors, (15), 15 states have call successors, (15) [2023-11-06 23:03:14,231 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 97 states to 97 states and 125 transitions. [2023-11-06 23:03:14,238 INFO L78 Accepts]: Start accepts. Automaton has 97 states and 125 transitions. Word has length 32 [2023-11-06 23:03:14,239 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:14,239 INFO L495 AbstractCegarLoop]: Abstraction has 97 states and 125 transitions. [2023-11-06 23:03:14,241 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 23:03:14,242 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 125 transitions. [2023-11-06 23:03:14,245 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2023-11-06 23:03:14,249 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:14,250 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:14,250 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2023-11-06 23:03:14,250 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:14,252 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:14,253 INFO L85 PathProgramCache]: Analyzing trace with hash 1323382524, now seen corresponding path program 1 times [2023-11-06 23:03:14,253 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:14,254 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [891445579] [2023-11-06 23:03:14,254 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:14,255 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:14,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:14,500 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2023-11-06 23:03:14,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:14,506 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2023-11-06 23:03:14,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:14,512 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:03:14,513 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:14,513 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [891445579] [2023-11-06 23:03:14,514 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [891445579] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:14,514 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:14,514 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2023-11-06 23:03:14,515 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1808994842] [2023-11-06 23:03:14,515 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:14,517 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2023-11-06 23:03:14,517 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:14,518 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2023-11-06 23:03:14,519 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 23:03:14,519 INFO L87 Difference]: Start difference. First operand 97 states and 125 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 23:03:14,548 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:14,548 INFO L93 Difference]: Finished difference Result 158 states and 204 transitions. [2023-11-06 23:03:14,549 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2023-11-06 23:03:14,550 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2023-11-06 23:03:14,550 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:14,552 INFO L225 Difference]: With dead ends: 158 [2023-11-06 23:03:14,553 INFO L226 Difference]: Without dead ends: 88 [2023-11-06 23:03:14,554 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 23:03:14,557 INFO L413 NwaCegarLoop]: 112 mSDtfsCounter, 13 mSDsluCounter, 95 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 16 SdHoareTripleChecker+Valid, 207 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:14,558 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [16 Valid, 207 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 23:03:14,559 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 88 states. [2023-11-06 23:03:14,575 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 88 to 88. [2023-11-06 23:03:14,576 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 88 states, 66 states have (on average 1.3181818181818181) internal successors, (87), 75 states have internal predecessors, (87), 13 states have call successors, (13), 8 states have call predecessors, (13), 8 states have return successors, (13), 8 states have call predecessors, (13), 13 states have call successors, (13) [2023-11-06 23:03:14,578 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 88 states to 88 states and 113 transitions. [2023-11-06 23:03:14,579 INFO L78 Accepts]: Start accepts. Automaton has 88 states and 113 transitions. Word has length 33 [2023-11-06 23:03:14,579 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:14,580 INFO L495 AbstractCegarLoop]: Abstraction has 88 states and 113 transitions. [2023-11-06 23:03:14,580 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 23:03:14,580 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 113 transitions. [2023-11-06 23:03:14,583 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2023-11-06 23:03:14,583 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:14,583 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:14,584 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2023-11-06 23:03:14,584 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:14,585 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:14,585 INFO L85 PathProgramCache]: Analyzing trace with hash 951919944, now seen corresponding path program 1 times [2023-11-06 23:03:14,586 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:14,586 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1131647227] [2023-11-06 23:03:14,587 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:14,587 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:14,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:14,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 23:03:14,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:14,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2023-11-06 23:03:14,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:14,719 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:03:14,721 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:14,721 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1131647227] [2023-11-06 23:03:14,722 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1131647227] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:14,724 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:14,724 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2023-11-06 23:03:14,725 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [307769797] [2023-11-06 23:03:14,725 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:14,726 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2023-11-06 23:03:14,727 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:14,728 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2023-11-06 23:03:14,728 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 23:03:14,729 INFO L87 Difference]: Start difference. First operand 88 states and 113 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 23:03:14,803 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:14,806 INFO L93 Difference]: Finished difference Result 168 states and 219 transitions. [2023-11-06 23:03:14,807 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2023-11-06 23:03:14,808 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2023-11-06 23:03:14,809 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:14,817 INFO L225 Difference]: With dead ends: 168 [2023-11-06 23:03:14,818 INFO L226 Difference]: Without dead ends: 88 [2023-11-06 23:03:14,820 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 23:03:14,822 INFO L413 NwaCegarLoop]: 111 mSDtfsCounter, 103 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 103 SdHoareTripleChecker+Valid, 111 SdHoareTripleChecker+Invalid, 2 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:14,823 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [103 Valid, 111 Invalid, 2 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 23:03:14,825 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 88 states. [2023-11-06 23:03:14,864 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 88 to 88. [2023-11-06 23:03:14,866 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 88 states, 66 states have (on average 1.303030303030303) internal successors, (86), 75 states have internal predecessors, (86), 13 states have call successors, (13), 8 states have call predecessors, (13), 8 states have return successors, (13), 8 states have call predecessors, (13), 13 states have call successors, (13) [2023-11-06 23:03:14,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 88 states to 88 states and 112 transitions. [2023-11-06 23:03:14,872 INFO L78 Accepts]: Start accepts. Automaton has 88 states and 112 transitions. Word has length 38 [2023-11-06 23:03:14,875 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:14,875 INFO L495 AbstractCegarLoop]: Abstraction has 88 states and 112 transitions. [2023-11-06 23:03:14,878 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 23:03:14,878 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 112 transitions. [2023-11-06 23:03:14,882 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2023-11-06 23:03:14,890 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:14,890 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:14,890 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2023-11-06 23:03:14,891 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:14,892 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:14,893 INFO L85 PathProgramCache]: Analyzing trace with hash 43096146, now seen corresponding path program 1 times [2023-11-06 23:03:14,893 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:14,893 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1994355630] [2023-11-06 23:03:14,894 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:14,894 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:14,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,060 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 23:03:15,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2023-11-06 23:03:15,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2023-11-06 23:03:15,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,083 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:03:15,083 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:15,083 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1994355630] [2023-11-06 23:03:15,084 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1994355630] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:15,084 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:15,085 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2023-11-06 23:03:15,085 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1732519299] [2023-11-06 23:03:15,085 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:15,086 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2023-11-06 23:03:15,086 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:15,087 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2023-11-06 23:03:15,088 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2023-11-06 23:03:15,088 INFO L87 Difference]: Start difference. First operand 88 states and 112 transitions. Second operand has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 23:03:15,402 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:15,402 INFO L93 Difference]: Finished difference Result 252 states and 327 transitions. [2023-11-06 23:03:15,402 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2023-11-06 23:03:15,403 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 47 [2023-11-06 23:03:15,403 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:15,407 INFO L225 Difference]: With dead ends: 252 [2023-11-06 23:03:15,407 INFO L226 Difference]: Without dead ends: 172 [2023-11-06 23:03:15,408 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2023-11-06 23:03:15,410 INFO L413 NwaCegarLoop]: 104 mSDtfsCounter, 158 mSDsluCounter, 125 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 44 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 164 SdHoareTripleChecker+Valid, 229 SdHoareTripleChecker+Invalid, 119 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 44 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:15,411 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [164 Valid, 229 Invalid, 119 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [44 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 23:03:15,412 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 172 states. [2023-11-06 23:03:15,442 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 172 to 166. [2023-11-06 23:03:15,442 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 166 states, 125 states have (on average 1.28) internal successors, (160), 133 states have internal predecessors, (160), 20 states have call successors, (20), 15 states have call predecessors, (20), 20 states have return successors, (31), 22 states have call predecessors, (31), 20 states have call successors, (31) [2023-11-06 23:03:15,445 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 166 states to 166 states and 211 transitions. [2023-11-06 23:03:15,445 INFO L78 Accepts]: Start accepts. Automaton has 166 states and 211 transitions. Word has length 47 [2023-11-06 23:03:15,445 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:15,446 INFO L495 AbstractCegarLoop]: Abstraction has 166 states and 211 transitions. [2023-11-06 23:03:15,446 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 23:03:15,446 INFO L276 IsEmpty]: Start isEmpty. Operand 166 states and 211 transitions. [2023-11-06 23:03:15,448 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2023-11-06 23:03:15,449 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:15,449 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:15,449 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2023-11-06 23:03:15,449 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:15,450 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:15,450 INFO L85 PathProgramCache]: Analyzing trace with hash 934824757, now seen corresponding path program 1 times [2023-11-06 23:03:15,450 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:15,450 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1174010102] [2023-11-06 23:03:15,451 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:15,451 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:15,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 23:03:15,548 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,553 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2023-11-06 23:03:15,558 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,577 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:15,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,643 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2023-11-06 23:03:15,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:15,654 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:03:15,654 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:15,655 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1174010102] [2023-11-06 23:03:15,656 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1174010102] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:15,656 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:15,656 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 23:03:15,658 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1118450806] [2023-11-06 23:03:15,658 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:15,659 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 23:03:15,659 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:15,660 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 23:03:15,661 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 23:03:15,662 INFO L87 Difference]: Start difference. First operand 166 states and 211 transitions. Second operand has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 23:03:15,923 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:15,924 INFO L93 Difference]: Finished difference Result 332 states and 430 transitions. [2023-11-06 23:03:15,925 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 23:03:15,929 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 57 [2023-11-06 23:03:15,931 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:15,935 INFO L225 Difference]: With dead ends: 332 [2023-11-06 23:03:15,936 INFO L226 Difference]: Without dead ends: 174 [2023-11-06 23:03:15,937 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2023-11-06 23:03:15,938 INFO L413 NwaCegarLoop]: 104 mSDtfsCounter, 72 mSDsluCounter, 339 mSDsCounter, 0 mSdLazyCounter, 138 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 75 SdHoareTripleChecker+Valid, 443 SdHoareTripleChecker+Invalid, 161 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 138 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:15,939 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [75 Valid, 443 Invalid, 161 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 138 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 23:03:15,940 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 174 states. [2023-11-06 23:03:15,967 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 174 to 169. [2023-11-06 23:03:15,979 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 169 states, 128 states have (on average 1.2734375) internal successors, (163), 136 states have internal predecessors, (163), 20 states have call successors, (20), 15 states have call predecessors, (20), 20 states have return successors, (31), 22 states have call predecessors, (31), 20 states have call successors, (31) [2023-11-06 23:03:15,981 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 169 states to 169 states and 214 transitions. [2023-11-06 23:03:15,982 INFO L78 Accepts]: Start accepts. Automaton has 169 states and 214 transitions. Word has length 57 [2023-11-06 23:03:15,982 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:15,982 INFO L495 AbstractCegarLoop]: Abstraction has 169 states and 214 transitions. [2023-11-06 23:03:15,983 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 23:03:15,983 INFO L276 IsEmpty]: Start isEmpty. Operand 169 states and 214 transitions. [2023-11-06 23:03:15,989 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2023-11-06 23:03:15,990 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:15,990 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:15,990 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2023-11-06 23:03:15,990 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:15,991 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:15,991 INFO L85 PathProgramCache]: Analyzing trace with hash 1357526583, now seen corresponding path program 1 times [2023-11-06 23:03:15,991 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:15,991 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1701651345] [2023-11-06 23:03:15,992 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:15,992 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:16,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,084 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 23:03:16,085 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2023-11-06 23:03:16,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:16,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,177 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2023-11-06 23:03:16,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,187 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:03:16,187 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:16,188 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1701651345] [2023-11-06 23:03:16,188 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1701651345] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:16,188 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:16,188 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 23:03:16,188 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [6136650] [2023-11-06 23:03:16,188 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:16,189 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 23:03:16,189 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:16,190 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 23:03:16,190 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 23:03:16,190 INFO L87 Difference]: Start difference. First operand 169 states and 214 transitions. Second operand has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 23:03:16,360 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:16,360 INFO L93 Difference]: Finished difference Result 340 states and 444 transitions. [2023-11-06 23:03:16,361 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2023-11-06 23:03:16,361 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 57 [2023-11-06 23:03:16,361 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:16,363 INFO L225 Difference]: With dead ends: 340 [2023-11-06 23:03:16,363 INFO L226 Difference]: Without dead ends: 179 [2023-11-06 23:03:16,364 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2023-11-06 23:03:16,366 INFO L413 NwaCegarLoop]: 106 mSDtfsCounter, 73 mSDsluCounter, 241 mSDsCounter, 0 mSdLazyCounter, 110 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 77 SdHoareTripleChecker+Valid, 347 SdHoareTripleChecker+Invalid, 127 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 110 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:16,366 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [77 Valid, 347 Invalid, 127 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 110 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2023-11-06 23:03:16,367 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 179 states. [2023-11-06 23:03:16,389 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 179 to 171. [2023-11-06 23:03:16,389 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 130 states have (on average 1.2692307692307692) internal successors, (165), 138 states have internal predecessors, (165), 20 states have call successors, (20), 15 states have call predecessors, (20), 20 states have return successors, (31), 22 states have call predecessors, (31), 20 states have call successors, (31) [2023-11-06 23:03:16,391 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 216 transitions. [2023-11-06 23:03:16,391 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 216 transitions. Word has length 57 [2023-11-06 23:03:16,392 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:16,392 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 216 transitions. [2023-11-06 23:03:16,392 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 23:03:16,392 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 216 transitions. [2023-11-06 23:03:16,393 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2023-11-06 23:03:16,393 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:16,393 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:16,394 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2023-11-06 23:03:16,394 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:16,394 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:16,394 INFO L85 PathProgramCache]: Analyzing trace with hash -447911751, now seen corresponding path program 1 times [2023-11-06 23:03:16,394 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:16,395 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1582256032] [2023-11-06 23:03:16,395 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:16,395 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:16,411 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,506 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 23:03:16,507 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,514 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2023-11-06 23:03:16,518 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:16,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2023-11-06 23:03:16,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:16,574 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:03:16,578 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:16,578 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1582256032] [2023-11-06 23:03:16,579 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1582256032] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:16,579 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:16,579 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 23:03:16,579 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [112071662] [2023-11-06 23:03:16,580 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:16,580 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 23:03:16,581 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:16,582 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 23:03:16,583 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 23:03:16,584 INFO L87 Difference]: Start difference. First operand 171 states and 216 transitions. Second operand has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 23:03:16,896 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:16,896 INFO L93 Difference]: Finished difference Result 484 states and 633 transitions. [2023-11-06 23:03:16,896 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 23:03:16,897 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 57 [2023-11-06 23:03:16,898 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:16,903 INFO L225 Difference]: With dead ends: 484 [2023-11-06 23:03:16,903 INFO L226 Difference]: Without dead ends: 321 [2023-11-06 23:03:16,905 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 12 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2023-11-06 23:03:16,909 INFO L413 NwaCegarLoop]: 150 mSDtfsCounter, 235 mSDsluCounter, 198 mSDsCounter, 0 mSdLazyCounter, 158 mSolverCounterSat, 69 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 242 SdHoareTripleChecker+Valid, 348 SdHoareTripleChecker+Invalid, 227 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 69 IncrementalHoareTripleChecker+Valid, 158 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:16,910 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [242 Valid, 348 Invalid, 227 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [69 Valid, 158 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 23:03:16,913 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 321 states. [2023-11-06 23:03:16,957 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 321 to 313. [2023-11-06 23:03:16,958 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 313 states, 236 states have (on average 1.2415254237288136) internal successors, (293), 248 states have internal predecessors, (293), 40 states have call successors, (40), 33 states have call predecessors, (40), 36 states have return successors, (66), 41 states have call predecessors, (66), 40 states have call successors, (66) [2023-11-06 23:03:16,963 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 313 states to 313 states and 399 transitions. [2023-11-06 23:03:16,963 INFO L78 Accepts]: Start accepts. Automaton has 313 states and 399 transitions. Word has length 57 [2023-11-06 23:03:16,964 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:16,964 INFO L495 AbstractCegarLoop]: Abstraction has 313 states and 399 transitions. [2023-11-06 23:03:16,964 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 23:03:16,964 INFO L276 IsEmpty]: Start isEmpty. Operand 313 states and 399 transitions. [2023-11-06 23:03:16,966 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 60 [2023-11-06 23:03:16,967 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:16,967 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:16,967 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2023-11-06 23:03:16,967 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:16,968 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:16,969 INFO L85 PathProgramCache]: Analyzing trace with hash 16145041, now seen corresponding path program 1 times [2023-11-06 23:03:16,971 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:16,972 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2047073185] [2023-11-06 23:03:16,972 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:16,972 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:16,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,098 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 23:03:17,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2023-11-06 23:03:17,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:17,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,129 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 23:03:17,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,132 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 51 [2023-11-06 23:03:17,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,147 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2023-11-06 23:03:17,147 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:17,147 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2047073185] [2023-11-06 23:03:17,147 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2047073185] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:17,148 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:17,148 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2023-11-06 23:03:17,148 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [796891568] [2023-11-06 23:03:17,148 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:17,148 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2023-11-06 23:03:17,148 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:17,149 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2023-11-06 23:03:17,149 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2023-11-06 23:03:17,149 INFO L87 Difference]: Start difference. First operand 313 states and 399 transitions. Second operand has 7 states, 7 states have (on average 6.857142857142857) internal successors, (48), 5 states have internal predecessors, (48), 2 states have call successors, (6), 3 states have call predecessors, (6), 3 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 23:03:17,541 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:17,542 INFO L93 Difference]: Finished difference Result 622 states and 799 transitions. [2023-11-06 23:03:17,542 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2023-11-06 23:03:17,543 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.857142857142857) internal successors, (48), 5 states have internal predecessors, (48), 2 states have call successors, (6), 3 states have call predecessors, (6), 3 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) Word has length 59 [2023-11-06 23:03:17,544 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:17,548 INFO L225 Difference]: With dead ends: 622 [2023-11-06 23:03:17,549 INFO L226 Difference]: Without dead ends: 317 [2023-11-06 23:03:17,551 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 14 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=53, Invalid=157, Unknown=0, NotChecked=0, Total=210 [2023-11-06 23:03:17,553 INFO L413 NwaCegarLoop]: 91 mSDtfsCounter, 126 mSDsluCounter, 361 mSDsCounter, 0 mSdLazyCounter, 204 mSolverCounterSat, 38 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 132 SdHoareTripleChecker+Valid, 452 SdHoareTripleChecker+Invalid, 242 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 38 IncrementalHoareTripleChecker+Valid, 204 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:17,556 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [132 Valid, 452 Invalid, 242 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [38 Valid, 204 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 23:03:17,559 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 317 states. [2023-11-06 23:03:17,606 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 317 to 309. [2023-11-06 23:03:17,607 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 309 states, 232 states have (on average 1.2112068965517242) internal successors, (281), 244 states have internal predecessors, (281), 40 states have call successors, (40), 33 states have call predecessors, (40), 36 states have return successors, (66), 41 states have call predecessors, (66), 40 states have call successors, (66) [2023-11-06 23:03:17,611 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 309 states to 309 states and 387 transitions. [2023-11-06 23:03:17,611 INFO L78 Accepts]: Start accepts. Automaton has 309 states and 387 transitions. Word has length 59 [2023-11-06 23:03:17,612 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:17,612 INFO L495 AbstractCegarLoop]: Abstraction has 309 states and 387 transitions. [2023-11-06 23:03:17,612 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.857142857142857) internal successors, (48), 5 states have internal predecessors, (48), 2 states have call successors, (6), 3 states have call predecessors, (6), 3 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 23:03:17,612 INFO L276 IsEmpty]: Start isEmpty. Operand 309 states and 387 transitions. [2023-11-06 23:03:17,613 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 62 [2023-11-06 23:03:17,614 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:17,614 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:17,614 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2023-11-06 23:03:17,614 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:17,615 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:17,615 INFO L85 PathProgramCache]: Analyzing trace with hash 1464730591, now seen corresponding path program 1 times [2023-11-06 23:03:17,615 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:17,615 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [345812981] [2023-11-06 23:03:17,615 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:17,616 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:17,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,850 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2023-11-06 23:03:17,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,927 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 23:03:17,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,940 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2023-11-06 23:03:17,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:17,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2023-11-06 23:03:17,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:17,958 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:03:17,958 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:17,959 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [345812981] [2023-11-06 23:03:17,959 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [345812981] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:03:17,959 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:03:17,959 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2023-11-06 23:03:17,959 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [210351114] [2023-11-06 23:03:17,959 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:03:17,960 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2023-11-06 23:03:17,960 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:17,960 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2023-11-06 23:03:17,961 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=56, Unknown=0, NotChecked=0, Total=72 [2023-11-06 23:03:17,961 INFO L87 Difference]: Start difference. First operand 309 states and 387 transitions. Second operand has 9 states, 9 states have (on average 5.333333333333333) internal successors, (48), 7 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2023-11-06 23:03:18,982 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:18,983 INFO L93 Difference]: Finished difference Result 935 states and 1218 transitions. [2023-11-06 23:03:18,984 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2023-11-06 23:03:18,984 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 5.333333333333333) internal successors, (48), 7 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) Word has length 61 [2023-11-06 23:03:18,985 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:18,992 INFO L225 Difference]: With dead ends: 935 [2023-11-06 23:03:18,992 INFO L226 Difference]: Without dead ends: 690 [2023-11-06 23:03:18,995 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 14 SyntacticMatches, 0 SemanticMatches, 25 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 145 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=153, Invalid=549, Unknown=0, NotChecked=0, Total=702 [2023-11-06 23:03:18,998 INFO L413 NwaCegarLoop]: 102 mSDtfsCounter, 471 mSDsluCounter, 437 mSDsCounter, 0 mSdLazyCounter, 543 mSolverCounterSat, 161 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 476 SdHoareTripleChecker+Valid, 539 SdHoareTripleChecker+Invalid, 704 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 161 IncrementalHoareTripleChecker+Valid, 543 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:18,999 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [476 Valid, 539 Invalid, 704 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [161 Valid, 543 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2023-11-06 23:03:19,001 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 690 states. [2023-11-06 23:03:19,114 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 690 to 594. [2023-11-06 23:03:19,116 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 446 states have (on average 1.210762331838565) internal successors, (540), 472 states have internal predecessors, (540), 77 states have call successors, (77), 58 states have call predecessors, (77), 70 states have return successors, (127), 79 states have call predecessors, (127), 77 states have call successors, (127) [2023-11-06 23:03:19,123 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 744 transitions. [2023-11-06 23:03:19,124 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 744 transitions. Word has length 61 [2023-11-06 23:03:19,125 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:19,125 INFO L495 AbstractCegarLoop]: Abstraction has 594 states and 744 transitions. [2023-11-06 23:03:19,125 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 5.333333333333333) internal successors, (48), 7 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2023-11-06 23:03:19,125 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 744 transitions. [2023-11-06 23:03:19,131 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2023-11-06 23:03:19,131 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:19,132 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:19,132 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2023-11-06 23:03:19,132 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:19,133 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:19,133 INFO L85 PathProgramCache]: Analyzing trace with hash -2028217141, now seen corresponding path program 1 times [2023-11-06 23:03:19,133 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:19,133 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [63108476] [2023-11-06 23:03:19,133 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:19,134 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:19,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2023-11-06 23:03:19,342 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,358 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2023-11-06 23:03:19,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,392 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 23:03:19,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,407 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2023-11-06 23:03:19,411 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:19,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,433 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2023-11-06 23:03:19,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2023-11-06 23:03:19,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2023-11-06 23:03:19,497 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,499 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:19,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2023-11-06 23:03:19,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,505 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 16 proven. 13 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2023-11-06 23:03:19,506 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:19,506 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [63108476] [2023-11-06 23:03:19,506 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [63108476] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 23:03:19,506 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1609421155] [2023-11-06 23:03:19,507 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:19,507 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 23:03:19,509 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 23:03:19,513 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 23:03:19,551 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2023-11-06 23:03:19,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:19,680 INFO L262 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 8 conjunts are in the unsatisfiable core [2023-11-06 23:03:19,694 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 23:03:19,951 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 27 proven. 11 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 23:03:19,952 INFO L327 TraceCheckSpWp]: Computing backward predicates... [2023-11-06 23:03:20,230 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 10 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2023-11-06 23:03:20,230 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1609421155] provided 0 perfect and 2 imperfect interpolant sequences [2023-11-06 23:03:20,230 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2023-11-06 23:03:20,231 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2023-11-06 23:03:20,231 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [338626350] [2023-11-06 23:03:20,231 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2023-11-06 23:03:20,232 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2023-11-06 23:03:20,232 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:20,233 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2023-11-06 23:03:20,233 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2023-11-06 23:03:20,234 INFO L87 Difference]: Start difference. First operand 594 states and 744 transitions. Second operand has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) [2023-11-06 23:03:21,945 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:21,945 INFO L93 Difference]: Finished difference Result 1267 states and 1626 transitions. [2023-11-06 23:03:21,945 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 32 states. [2023-11-06 23:03:21,946 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) Word has length 111 [2023-11-06 23:03:21,946 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:21,951 INFO L225 Difference]: With dead ends: 1267 [2023-11-06 23:03:21,952 INFO L226 Difference]: Without dead ends: 735 [2023-11-06 23:03:21,955 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 295 GetRequests, 249 SyntacticMatches, 4 SemanticMatches, 42 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 462 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=441, Invalid=1451, Unknown=0, NotChecked=0, Total=1892 [2023-11-06 23:03:21,956 INFO L413 NwaCegarLoop]: 168 mSDtfsCounter, 419 mSDsluCounter, 1084 mSDsCounter, 0 mSdLazyCounter, 1084 mSolverCounterSat, 142 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 424 SdHoareTripleChecker+Valid, 1252 SdHoareTripleChecker+Invalid, 1226 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 142 IncrementalHoareTripleChecker+Valid, 1084 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:21,957 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [424 Valid, 1252 Invalid, 1226 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [142 Valid, 1084 Invalid, 0 Unknown, 0 Unchecked, 1.0s Time] [2023-11-06 23:03:21,959 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 735 states. [2023-11-06 23:03:22,046 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 735 to 659. [2023-11-06 23:03:22,048 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 659 states, 490 states have (on average 1.1959183673469387) internal successors, (586), 524 states have internal predecessors, (586), 87 states have call successors, (87), 72 states have call predecessors, (87), 81 states have return successors, (119), 84 states have call predecessors, (119), 87 states have call successors, (119) [2023-11-06 23:03:22,052 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 659 states to 659 states and 792 transitions. [2023-11-06 23:03:22,053 INFO L78 Accepts]: Start accepts. Automaton has 659 states and 792 transitions. Word has length 111 [2023-11-06 23:03:22,055 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:22,055 INFO L495 AbstractCegarLoop]: Abstraction has 659 states and 792 transitions. [2023-11-06 23:03:22,055 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) [2023-11-06 23:03:22,055 INFO L276 IsEmpty]: Start isEmpty. Operand 659 states and 792 transitions. [2023-11-06 23:03:22,060 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 196 [2023-11-06 23:03:22,061 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:03:22,061 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:22,074 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2023-11-06 23:03:22,267 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2023-11-06 23:03:22,267 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:03:22,267 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:03:22,268 INFO L85 PathProgramCache]: Analyzing trace with hash -1234484317, now seen corresponding path program 1 times [2023-11-06 23:03:22,268 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:03:22,268 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [43697561] [2023-11-06 23:03:22,268 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:22,268 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:03:22,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,516 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2023-11-06 23:03:22,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2023-11-06 23:03:22,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 23:03:22,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2023-11-06 23:03:22,546 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,549 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:22,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,553 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2023-11-06 23:03:22,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 23:03:22,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2023-11-06 23:03:22,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2023-11-06 23:03:22,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,572 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:22,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,574 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2023-11-06 23:03:22,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 23:03:22,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2023-11-06 23:03:22,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,655 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 146 [2023-11-06 23:03:22,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,662 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2023-11-06 23:03:22,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 166 [2023-11-06 23:03:22,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:03:22,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,678 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 187 [2023-11-06 23:03:22,680 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,682 INFO L134 CoverageAnalysis]: Checked inductivity of 207 backedges. 72 proven. 5 refuted. 0 times theorem prover too weak. 130 trivial. 0 not checked. [2023-11-06 23:03:22,682 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:03:22,683 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [43697561] [2023-11-06 23:03:22,683 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [43697561] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 23:03:22,683 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [451460729] [2023-11-06 23:03:22,683 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:03:22,683 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 23:03:22,684 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 23:03:22,685 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 23:03:22,725 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2023-11-06 23:03:22,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:03:22,861 INFO L262 TraceCheckSpWp]: Trace formula consists of 588 conjuncts, 13 conjunts are in the unsatisfiable core [2023-11-06 23:03:22,868 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 23:03:23,135 INFO L134 CoverageAnalysis]: Checked inductivity of 207 backedges. 151 proven. 4 refuted. 0 times theorem prover too weak. 52 trivial. 0 not checked. [2023-11-06 23:03:23,135 INFO L327 TraceCheckSpWp]: Computing backward predicates... [2023-11-06 23:03:23,767 INFO L134 CoverageAnalysis]: Checked inductivity of 207 backedges. 82 proven. 42 refuted. 0 times theorem prover too weak. 83 trivial. 0 not checked. [2023-11-06 23:03:23,767 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [451460729] provided 0 perfect and 2 imperfect interpolant sequences [2023-11-06 23:03:23,768 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2023-11-06 23:03:23,768 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 10, 11] total 25 [2023-11-06 23:03:23,768 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [585930328] [2023-11-06 23:03:23,768 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2023-11-06 23:03:23,770 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 25 states [2023-11-06 23:03:23,770 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:03:23,771 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 25 interpolants. [2023-11-06 23:03:23,772 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=481, Unknown=0, NotChecked=0, Total=600 [2023-11-06 23:03:23,772 INFO L87 Difference]: Start difference. First operand 659 states and 792 transitions. Second operand has 25 states, 25 states have (on average 9.04) internal successors, (226), 22 states have internal predecessors, (226), 9 states have call successors, (38), 9 states have call predecessors, (38), 10 states have return successors, (37), 8 states have call predecessors, (37), 9 states have call successors, (37) [2023-11-06 23:03:25,433 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:03:25,433 INFO L93 Difference]: Finished difference Result 1370 states and 1699 transitions. [2023-11-06 23:03:25,434 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2023-11-06 23:03:25,434 INFO L78 Accepts]: Start accepts. Automaton has has 25 states, 25 states have (on average 9.04) internal successors, (226), 22 states have internal predecessors, (226), 9 states have call successors, (38), 9 states have call predecessors, (38), 10 states have return successors, (37), 8 states have call predecessors, (37), 9 states have call successors, (37) Word has length 195 [2023-11-06 23:03:25,435 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:03:25,436 INFO L225 Difference]: With dead ends: 1370 [2023-11-06 23:03:25,436 INFO L226 Difference]: Without dead ends: 0 [2023-11-06 23:03:25,441 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 466 GetRequests, 417 SyntacticMatches, 3 SemanticMatches, 46 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 437 ImplicationChecksByTransitivity, 0.8s TimeCoverageRelationStatistics Valid=487, Invalid=1769, Unknown=0, NotChecked=0, Total=2256 [2023-11-06 23:03:25,442 INFO L413 NwaCegarLoop]: 97 mSDtfsCounter, 458 mSDsluCounter, 748 mSDsCounter, 0 mSdLazyCounter, 1253 mSolverCounterSat, 143 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 461 SdHoareTripleChecker+Valid, 845 SdHoareTripleChecker+Invalid, 1396 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 143 IncrementalHoareTripleChecker+Valid, 1253 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2023-11-06 23:03:25,443 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [461 Valid, 845 Invalid, 1396 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [143 Valid, 1253 Invalid, 0 Unknown, 0 Unchecked, 1.0s Time] [2023-11-06 23:03:25,443 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2023-11-06 23:03:25,444 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2023-11-06 23:03:25,444 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2023-11-06 23:03:25,444 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2023-11-06 23:03:25,444 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 195 [2023-11-06 23:03:25,444 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:03:25,445 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2023-11-06 23:03:25,445 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 25 states, 25 states have (on average 9.04) internal successors, (226), 22 states have internal predecessors, (226), 9 states have call successors, (38), 9 states have call predecessors, (38), 10 states have return successors, (37), 8 states have call predecessors, (37), 9 states have call successors, (37) [2023-11-06 23:03:25,445 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2023-11-06 23:03:25,445 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2023-11-06 23:03:25,448 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2023-11-06 23:03:25,461 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2023-11-06 23:03:25,656 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2023-11-06 23:03:25,658 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2023-11-06 23:03:34,618 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 450 457) no Hoare annotation was computed. [2023-11-06 23:03:34,618 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 450 457) the Hoare annotation is: (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (= 1 ~systemActive~0)) (< 1 ~waterLevel~0) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)) [2023-11-06 23:03:34,619 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 450 457) no Hoare annotation was computed. [2023-11-06 23:03:34,619 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 357 363) no Hoare annotation was computed. [2023-11-06 23:03:34,619 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 357 363) the Hoare annotation is: true [2023-11-06 23:03:34,619 INFO L899 garLoopResultBuilder]: For program point L139-1(lines 135 146) no Hoare annotation was computed. [2023-11-06 23:03:34,619 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 135 146) the Hoare annotation is: true [2023-11-06 23:03:34,619 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 135 146) no Hoare annotation was computed. [2023-11-06 23:03:34,619 INFO L899 garLoopResultBuilder]: For program point L85(lines 85 91) no Hoare annotation was computed. [2023-11-06 23:03:34,620 INFO L895 garLoopResultBuilder]: At program point L436(line 436) the Hoare annotation is: (let ((.cse1 (not (= |old(~waterLevel~0)| 2))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 0)) (.cse5 (< 1 |old(~waterLevel~0)|)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (< |old(~pumpRunning~0)| 1))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse0 (and .cse4 (= 2 ~waterLevel~0)) .cse1) (or .cse5 .cse3 (and .cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0) (or .cse5 (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse2))) [2023-11-06 23:03:34,620 INFO L895 garLoopResultBuilder]: At program point L436-1(lines 417 441) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (= ~pumpRunning~0 0)) (.cse12 (<= ~waterLevel~0 1)) (.cse11 (= 1 ~systemActive~0)) (.cse13 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse5 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse7 (and .cse1 .cse12 .cse11 .cse13 .cse5)) (.cse9 (and .cse4 .cse12 .cse11 .cse13 .cse5)) (.cse3 (not .cse11)) (.cse0 (= |old(~waterLevel~0)| 2)) (.cse8 (< |old(~pumpRunning~0)| 1))) (and (or (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0) .cse0) (not (= |old(~pumpRunning~0)| 0)) (and .cse1 .cse2) .cse3 (< 2 |old(~waterLevel~0)|)) (or (< 1 |old(~waterLevel~0)|) (and .cse4 .cse2 .cse5) .cse6 .cse3 .cse7 .cse8 (and .cse1 .cse2 .cse5) .cse9) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse3 .cse7 .cse8 .cse9) (let ((.cse10 (= ~waterLevel~0 1))) (or .cse3 (and .cse4 .cse10 .cse5) (not .cse0) .cse8 (and .cse1 .cse10 .cse5)))))) [2023-11-06 23:03:34,620 INFO L899 garLoopResultBuilder]: For program point L337(lines 337 343) no Hoare annotation was computed. [2023-11-06 23:03:34,620 INFO L899 garLoopResultBuilder]: For program point L337-2(lines 333 355) no Hoare annotation was computed. [2023-11-06 23:03:34,621 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 330 356) no Hoare annotation was computed. [2023-11-06 23:03:34,621 INFO L895 garLoopResultBuilder]: At program point getWaterLevel_returnLabel#1(lines 179 187) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse16 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse6 (= ~pumpRunning~0 0)) (.cse12 (<= ~waterLevel~0 1)) (.cse18 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse17 (= 1 ~systemActive~0)) (.cse15 (= |old(~waterLevel~0)| 2))) (let ((.cse3 (not .cse15)) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse11 (< 2 |old(~waterLevel~0)|)) (.cse5 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse0 (not .cse17)) (.cse1 (and .cse16 .cse6 .cse12 .cse17 .cse18 .cse8)) (.cse2 (and .cse10 .cse16 .cse12 .cse17 .cse18 .cse8)) (.cse4 (< |old(~pumpRunning~0)| 1))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse3 .cse4 (= ~waterLevel~0 1)) (or .cse5 .cse0 .cse1 .cse2 (and .cse6 .cse7 .cse8 .cse9) (and .cse10 .cse7 .cse8 .cse9) .cse4 .cse11) (let ((.cse13 (= 2 ~waterLevel~0)) (.cse14 (= 2 |timeShift_getWaterLevel_#res#1|))) (or (and .cse6 .cse12 .cse7 .cse9) (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse6 .cse13 .cse14 .cse15) (and (<= 1 ~pumpRunning~0) .cse13 .cse14 .cse15) .cse11)) (or (not (= |old(~waterLevel~0)| 1)) .cse5 .cse0 .cse1 .cse2 .cse4)))) [2023-11-06 23:03:34,621 INFO L899 garLoopResultBuilder]: For program point L115(lines 115 119) no Hoare annotation was computed. [2023-11-06 23:03:34,622 INFO L895 garLoopResultBuilder]: At program point L82(line 82) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse8 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse9 (= ~pumpRunning~0 0)) (.cse16 (<= ~waterLevel~0 1)) (.cse18 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse10 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse17 (= 1 ~systemActive~0))) (let ((.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse6 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 1)) (.cse7 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse13 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse1 (not .cse17)) (.cse14 (and .cse8 .cse9 .cse16 .cse17 .cse18 .cse10 .cse5)) (.cse15 (and .cse3 .cse8 .cse16 .cse17 .cse18 .cse10 .cse5)) (.cse11 (< |old(~pumpRunning~0)| 1))) (and (or .cse0 .cse1 .cse2) (let ((.cse4 (= ~waterLevel~0 1))) (or .cse1 (and .cse3 .cse4 .cse5 .cse6 .cse7) (and .cse8 .cse9 .cse10 .cse4 .cse5) .cse2 .cse11)) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1 (and .cse9 .cse12 .cse6 .cse7)) (or (and .cse9 .cse12 .cse5 .cse6 .cse7) .cse13 .cse1 .cse14 .cse15 (and .cse3 .cse12 .cse5 .cse6 .cse7) .cse11 (< 2 |old(~waterLevel~0)|)) (or (not (= |old(~waterLevel~0)| 1)) .cse13 .cse1 .cse14 .cse15 .cse11)))) [2023-11-06 23:03:34,622 INFO L895 garLoopResultBuilder]: At program point L115-2(lines 111 122) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= 1 ~systemActive~0)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse4 (< |old(~pumpRunning~0)| 1)) (.cse7 (and .cse1 (<= ~waterLevel~0 1) .cse9 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (< 1 |old(~waterLevel~0)|)) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not .cse9))) (and (or .cse0 (and .cse1 (= ~waterLevel~0 1) .cse2) .cse3 .cse4) (or .cse5 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse6 .cse0 .cse4 .cse7) (or .cse8 .cse0 .cse3) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse0 .cse4 .cse7) (or .cse5 .cse8 .cse0)))) [2023-11-06 23:03:34,623 INFO L899 garLoopResultBuilder]: For program point L82-1(line 82) no Hoare annotation was computed. [2023-11-06 23:03:34,623 INFO L899 garLoopResultBuilder]: For program point L425(lines 425 433) no Hoare annotation was computed. [2023-11-06 23:03:34,623 INFO L899 garLoopResultBuilder]: For program point L421(lines 421 438) no Hoare annotation was computed. [2023-11-06 23:03:34,633 INFO L895 garLoopResultBuilder]: At program point __automaton_fail_returnLabel#1(lines 212 219) the Hoare annotation is: (let ((.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse3 (< |old(~pumpRunning~0)| 1)) (.cse4 (< 1 |old(~waterLevel~0)|)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2) (or .cse1 .cse2 .cse3) (or .cse4 (< |old(~switchedOnBeforeTS~0)| 1) .cse1 .cse3) (or .cse4 .cse0 .cse1))) [2023-11-06 23:03:34,634 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 330 356) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (< 2 |old(~waterLevel~0)|)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (< |old(~pumpRunning~0)| 1))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5) (or (and (= ~pumpRunning~0 0) .cse3 .cse4) (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse5) (or .cse0 (and .cse2 (= 2 ~waterLevel~0) .cse3) (not (= |old(~waterLevel~0)| 2)) .cse1))) [2023-11-06 23:03:34,634 INFO L895 garLoopResultBuilder]: At program point L67(line 67) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (< 2 |old(~waterLevel~0)|)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (< |old(~pumpRunning~0)| 1))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5) (or (and (= ~pumpRunning~0 0) .cse3 .cse4) (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse5) (or .cse0 (and .cse2 (= 2 ~waterLevel~0) .cse3) (not (= |old(~waterLevel~0)| 2)) .cse1))) [2023-11-06 23:03:34,634 INFO L899 garLoopResultBuilder]: For program point L67-1(line 67) no Hoare annotation was computed. [2023-11-06 23:03:34,635 INFO L899 garLoopResultBuilder]: For program point L216(line 216) no Hoare annotation was computed. [2023-11-06 23:03:34,635 INFO L899 garLoopResultBuilder]: For program point L344-1(lines 344 350) no Hoare annotation was computed. [2023-11-06 23:03:34,635 INFO L899 garLoopResultBuilder]: For program point L84(lines 84 94) no Hoare annotation was computed. [2023-11-06 23:03:34,636 INFO L895 garLoopResultBuilder]: At program point __utac_acc__Specification5_spec__2_returnLabel#1(lines 62 71) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (< |old(~pumpRunning~0)| 1)) (.cse5 (= 2 ~waterLevel~0)) (.cse6 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (= ~pumpRunning~0 0)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (= 1 ~systemActive~0)))) (and (or (and .cse0 .cse1 .cse2) (< |old(~switchedOnBeforeTS~0)| 1) .cse3 .cse4 (< 2 |old(~waterLevel~0)|)) (or .cse3 (and .cse0 .cse5 .cse2) .cse6 .cse4) (or .cse7 .cse3 (and .cse8 .cse5) .cse6) (or (< 1 |old(~waterLevel~0)|) .cse7 (and .cse8 .cse1) .cse3))) [2023-11-06 23:03:34,636 INFO L899 garLoopResultBuilder]: For program point L80(lines 80 97) no Hoare annotation was computed. [2023-11-06 23:03:34,636 INFO L895 garLoopResultBuilder]: At program point L431(line 431) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= 1 ~systemActive~0)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse4 (< |old(~pumpRunning~0)| 1)) (.cse7 (and .cse1 (<= ~waterLevel~0 1) .cse9 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (< 1 |old(~waterLevel~0)|)) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not .cse9))) (and (or .cse0 (and .cse1 (= ~waterLevel~0 1) .cse2) .cse3 .cse4) (or .cse5 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse6 .cse0 .cse4 .cse7) (or .cse8 .cse0 .cse3) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse0 .cse4 .cse7) (or .cse5 .cse8 .cse0)))) [2023-11-06 23:03:34,637 INFO L895 garLoopResultBuilder]: At program point L80-1(lines 72 100) the Hoare annotation is: (let ((.cse11 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse14 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 0)) (.cse20 (<= ~waterLevel~0 1)) (.cse22 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse15 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse13 (<= 1 ~switchedOnBeforeTS~0)) (.cse21 (= 1 ~systemActive~0)) (.cse3 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not .cse3)) (.cse10 (not (= |old(~waterLevel~0)| 2))) (.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 1)) (.cse6 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse17 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse1 (not .cse21)) (.cse18 (and .cse14 .cse2 .cse20 .cse21 .cse22 .cse15 .cse13)) (.cse19 (and .cse11 .cse14 .cse20 .cse21 .cse22 .cse15 .cse13)) (.cse16 (< |old(~pumpRunning~0)| 1))) (and (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1 (and .cse2 .cse3 .cse4 .cse5 .cse6)) (let ((.cse7 (= 2 ~waterLevel~0)) (.cse8 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse9 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2))) (or .cse0 (and (<= 1 ~pumpRunning~0) .cse7 .cse8 .cse9) .cse1 .cse10 (and .cse2 .cse7 .cse8 .cse3 .cse9))) (let ((.cse12 (= ~waterLevel~0 1))) (or .cse1 (and .cse11 .cse12 .cse13 .cse5 .cse6) (and .cse14 .cse2 .cse15 .cse12 .cse13) .cse10 .cse16)) (or (and .cse2 .cse4 .cse13 .cse5 .cse6) .cse17 .cse1 .cse18 .cse19 (and .cse11 .cse4 .cse13 .cse5 .cse6) .cse16 (< 2 |old(~waterLevel~0)|)) (or (not (= |old(~waterLevel~0)| 1)) .cse17 .cse1 .cse18 .cse19 .cse16)))) [2023-11-06 23:03:34,637 INFO L895 garLoopResultBuilder]: At program point isMethaneLevelCritical_returnLabel#1(lines 147 155) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= 1 ~systemActive~0)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse4 (< |old(~pumpRunning~0)| 1)) (.cse7 (and .cse1 (<= ~waterLevel~0 1) .cse9 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (< 1 |old(~waterLevel~0)|)) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not .cse9))) (and (or .cse0 (and .cse1 (= ~waterLevel~0 1) .cse2) .cse3 .cse4) (or .cse5 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse6 .cse0 .cse4 .cse7) (or .cse8 .cse0 .cse3) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse0 .cse4 .cse7) (or .cse5 .cse8 .cse0)))) [2023-11-06 23:03:34,638 INFO L895 garLoopResultBuilder]: At program point L427(line 427) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= 1 ~systemActive~0)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse4 (< |old(~pumpRunning~0)| 1)) (.cse7 (and .cse1 (<= ~waterLevel~0 1) .cse9 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (< 1 |old(~waterLevel~0)|)) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not .cse9))) (and (or .cse0 (and .cse1 (= ~waterLevel~0 1) .cse2) .cse3 .cse4) (or .cse5 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse6 .cse0 .cse4 .cse7) (or .cse8 .cse0 .cse3) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse0 .cse4 .cse7) (or .cse5 .cse8 .cse0)))) [2023-11-06 23:03:34,643 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 330 356) no Hoare annotation was computed. [2023-11-06 23:03:34,644 INFO L895 garLoopResultBuilder]: At program point isMethaneAlarm_returnLabel#1(lines 458 468) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= 1 ~systemActive~0)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse6 (< |old(~switchedOnBeforeTS~0)| 1)) (.cse4 (< |old(~pumpRunning~0)| 1)) (.cse7 (and .cse1 (<= ~waterLevel~0 1) .cse9 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (< 1 |old(~waterLevel~0)|)) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not .cse9))) (and (or .cse0 (and .cse1 (= ~waterLevel~0 1) .cse2) .cse3 .cse4) (or .cse5 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse6 .cse0 .cse4 .cse7) (or .cse8 .cse0 .cse3) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse0 .cse4 .cse7) (or .cse5 .cse8 .cse0)))) [2023-11-06 23:03:34,644 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 216) no Hoare annotation was computed. [2023-11-06 23:03:34,644 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 223 252) no Hoare annotation was computed. [2023-11-06 23:03:34,645 INFO L902 garLoopResultBuilder]: At program point L248(lines 223 252) the Hoare annotation is: true [2023-11-06 23:03:34,645 INFO L899 garLoopResultBuilder]: For program point L244(line 244) no Hoare annotation was computed. [2023-11-06 23:03:34,645 INFO L899 garLoopResultBuilder]: For program point L237(lines 237 241) no Hoare annotation was computed. [2023-11-06 23:03:34,645 INFO L902 garLoopResultBuilder]: At program point L237-1(lines 237 241) the Hoare annotation is: true [2023-11-06 23:03:34,645 INFO L899 garLoopResultBuilder]: For program point L234(line 234) no Hoare annotation was computed. [2023-11-06 23:03:34,646 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 223 252) the Hoare annotation is: true [2023-11-06 23:03:34,646 INFO L902 garLoopResultBuilder]: At program point L233-2(lines 233 247) the Hoare annotation is: true [2023-11-06 23:03:34,646 INFO L902 garLoopResultBuilder]: At program point L229(line 229) the Hoare annotation is: true [2023-11-06 23:03:34,647 INFO L899 garLoopResultBuilder]: For program point L229-1(line 229) no Hoare annotation was computed. [2023-11-06 23:03:34,647 INFO L899 garLoopResultBuilder]: For program point L609(lines 609 613) no Hoare annotation was computed. [2023-11-06 23:03:34,647 INFO L895 garLoopResultBuilder]: At program point L609-2(lines 601 614) the Hoare annotation is: (let ((.cse1 (= 2 ~waterLevel~0)) (.cse4 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (<= ~waterLevel~0 2) (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 (<= ~waterLevel~0 1) .cse2 .cse3))) [2023-11-06 23:03:34,654 INFO L899 garLoopResultBuilder]: For program point L572(lines 571 618) no Hoare annotation was computed. [2023-11-06 23:03:34,654 INFO L895 garLoopResultBuilder]: At program point startSystem_returnLabel#1(lines 552 559) the Hoare annotation is: (let ((.cse1 (= 2 ~waterLevel~0)) (.cse4 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (<= ~waterLevel~0 2) (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 (<= ~waterLevel~0 1) .cse2 .cse3))) [2023-11-06 23:03:34,654 INFO L899 garLoopResultBuilder]: For program point L601(lines 601 614) no Hoare annotation was computed. [2023-11-06 23:03:34,654 INFO L895 garLoopResultBuilder]: At program point L593(line 593) the Hoare annotation is: (let ((.cse1 (= 2 ~waterLevel~0)) (.cse4 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (<= ~waterLevel~0 2) (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 (<= ~waterLevel~0 1) .cse2 .cse3))) [2023-11-06 23:03:34,655 INFO L902 garLoopResultBuilder]: At program point runTest_returnLabel#1(lines 286 296) the Hoare annotation is: true [2023-11-06 23:03:34,655 INFO L902 garLoopResultBuilder]: At program point L622(lines 561 626) the Hoare annotation is: true [2023-11-06 23:03:34,655 INFO L895 garLoopResultBuilder]: At program point select_features_returnLabel#1(lines 639 645) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 23:03:34,656 INFO L902 garLoopResultBuilder]: At program point main_returnLabel#1(lines 300 322) the Hoare annotation is: true [2023-11-06 23:03:34,656 INFO L899 garLoopResultBuilder]: For program point L581(lines 581 587) no Hoare annotation was computed. [2023-11-06 23:03:34,656 INFO L899 garLoopResultBuilder]: For program point L581-1(lines 581 587) no Hoare annotation was computed. [2023-11-06 23:03:34,656 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2023-11-06 23:03:34,656 INFO L899 garLoopResultBuilder]: For program point L573(lines 573 577) no Hoare annotation was computed. [2023-11-06 23:03:34,657 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2023-11-06 23:03:34,657 INFO L895 garLoopResultBuilder]: At program point L619(lines 570 620) the Hoare annotation is: false [2023-11-06 23:03:34,657 INFO L895 garLoopResultBuilder]: At program point setup_returnLabel#1(lines 278 284) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 23:03:34,657 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2023-11-06 23:03:34,657 INFO L895 garLoopResultBuilder]: At program point __utac_acc__Specification5_spec__1_returnLabel#1(lines 54 61) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 23:03:34,658 INFO L899 garLoopResultBuilder]: For program point L310(lines 310 317) no Hoare annotation was computed. [2023-11-06 23:03:34,660 INFO L899 garLoopResultBuilder]: For program point L310-2(lines 310 317) no Hoare annotation was computed. [2023-11-06 23:03:34,660 INFO L899 garLoopResultBuilder]: For program point L591(lines 591 597) no Hoare annotation was computed. [2023-11-06 23:03:34,661 INFO L899 garLoopResultBuilder]: For program point L591-1(lines 591 597) no Hoare annotation was computed. [2023-11-06 23:03:34,661 INFO L899 garLoopResultBuilder]: For program point $Ultimate##0(line -1) no Hoare annotation was computed. [2023-11-06 23:03:34,661 INFO L895 garLoopResultBuilder]: At program point select_helpers_returnLabel#1(lines 646 652) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 23:03:34,661 INFO L895 garLoopResultBuilder]: At program point L616(lines 571 618) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= 2 ~waterLevel~0)) (.cse4 (= ~pumpRunning~0 0)) (.cse1 (<= ~waterLevel~0 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)) (and .cse4 .cse5 .cse2 .cse3) (and .cse0 .cse5 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3))) [2023-11-06 23:03:34,661 INFO L895 garLoopResultBuilder]: At program point L583(line 583) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= 2 ~waterLevel~0)) (.cse4 (= ~pumpRunning~0 0)) (.cse1 (<= ~waterLevel~0 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)) (and .cse4 .cse5 .cse2 .cse3) (and .cse0 .cse5 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3))) [2023-11-06 23:03:34,662 INFO L895 garLoopResultBuilder]: At program point valid_product_returnLabel#1(lines 653 661) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 23:03:34,662 INFO L899 garLoopResultBuilder]: For program point L192(lines 192 198) no Hoare annotation was computed. [2023-11-06 23:03:34,662 INFO L895 garLoopResultBuilder]: At program point L384(line 384) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (not (= 2 ~waterLevel~0))) (or .cse0 .cse1 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse2 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,662 INFO L899 garLoopResultBuilder]: For program point L384-1(lines 365 389) no Hoare annotation was computed. [2023-11-06 23:03:34,662 INFO L895 garLoopResultBuilder]: At program point activatePump_returnLabel#1(lines 442 449) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (< 1 ~waterLevel~0))) (and (or (<= 1 ~pumpRunning~0) .cse0 .cse1 (not (= 2 ~waterLevel~0))) (or .cse0 .cse1 .cse2) (or .cse1 .cse2 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,663 INFO L899 garLoopResultBuilder]: For program point L523(lines 523 527) no Hoare annotation was computed. [2023-11-06 23:03:34,663 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 365 389) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (< 1 ~waterLevel~0) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,663 INFO L899 garLoopResultBuilder]: For program point L523-2(lines 523 527) no Hoare annotation was computed. [2023-11-06 23:03:34,663 INFO L895 garLoopResultBuilder]: At program point isHighWaterSensorDry_returnLabel#1(lines 188 201) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (= ~pumpRunning~0 0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (and .cse2 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 1)) .cse3) (or .cse0 .cse2 .cse1 (not (= 2 ~waterLevel~0))) (or .cse1 .cse3 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,663 INFO L895 garLoopResultBuilder]: At program point isHighWaterLevel_returnLabel#1(lines 514 532) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (= ~pumpRunning~0 0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 (and .cse3 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0))) (or .cse0 .cse3 .cse1 (not (= 2 ~waterLevel~0))) (or .cse1 .cse2 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,664 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 365 389) no Hoare annotation was computed. [2023-11-06 23:03:34,675 INFO L895 garLoopResultBuilder]: At program point L379(line 379) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (not (= 2 ~waterLevel~0)) .cse2) (or .cse0 .cse1 .cse3 .cse2) (or .cse1 .cse3 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,676 INFO L899 garLoopResultBuilder]: For program point L373(lines 373 381) no Hoare annotation was computed. [2023-11-06 23:03:34,676 INFO L899 garLoopResultBuilder]: For program point L369(lines 369 386) no Hoare annotation was computed. [2023-11-06 23:03:34,676 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 123 134) no Hoare annotation was computed. [2023-11-06 23:03:34,676 INFO L899 garLoopResultBuilder]: For program point L127-1(lines 123 134) no Hoare annotation was computed. [2023-11-06 23:03:34,676 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 123 134) the Hoare annotation is: (let ((.cse1 (= 2 ~waterLevel~0)) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse0 (< ~pumpRunning~0 1)) (.cse5 (< 1 |old(~waterLevel~0)|)) (.cse4 (not (= ~pumpRunning~0 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse1 .cse2 .cse3) (or .cse5 .cse0 .cse2 (< ~switchedOnBeforeTS~0 1) .cse6) (or .cse5 .cse4 .cse2 .cse6))) [2023-11-06 23:03:34,677 INFO L895 garLoopResultBuilder]: At program point L405(line 405) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (not (= 2 ~waterLevel~0))) (or .cse0 .cse1 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse2 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,677 INFO L895 garLoopResultBuilder]: At program point L401(line 401) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (not (= 2 ~waterLevel~0))) (or .cse0 .cse1 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse2 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,677 INFO L899 garLoopResultBuilder]: For program point L399(lines 399 407) no Hoare annotation was computed. [2023-11-06 23:03:34,677 INFO L895 garLoopResultBuilder]: At program point isLowWaterSensorDry_returnLabel#1(lines 202 210) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (not (= 2 ~waterLevel~0))) (or .cse0 .cse1 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse2 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,678 INFO L899 garLoopResultBuilder]: For program point L395(lines 395 412) no Hoare annotation was computed. [2023-11-06 23:03:34,678 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 391 415) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (< 1 ~waterLevel~0) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,678 INFO L899 garLoopResultBuilder]: For program point L542(lines 542 546) no Hoare annotation was computed. [2023-11-06 23:03:34,678 INFO L895 garLoopResultBuilder]: At program point isLowWaterLevel_returnLabel#1(lines 533 551) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (not (= 2 ~waterLevel~0))) (or .cse0 .cse1 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse2 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,678 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 391 415) no Hoare annotation was computed. [2023-11-06 23:03:34,679 INFO L899 garLoopResultBuilder]: For program point L542-2(lines 542 546) no Hoare annotation was computed. [2023-11-06 23:03:34,679 INFO L895 garLoopResultBuilder]: At program point L410(line 410) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0) (or .cse0 (< 1 ~waterLevel~0) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 23:03:34,682 INFO L899 garLoopResultBuilder]: For program point L410-1(lines 391 415) no Hoare annotation was computed. [2023-11-06 23:03:34,682 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 469 477) no Hoare annotation was computed. [2023-11-06 23:03:34,682 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 469 477) no Hoare annotation was computed. [2023-11-06 23:03:34,682 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 469 477) the Hoare annotation is: true [2023-11-06 23:03:34,685 INFO L445 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:03:34,688 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2023-11-06 23:03:34,823 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 06.11 11:03:34 BoogieIcfgContainer [2023-11-06 23:03:34,823 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2023-11-06 23:03:34,824 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2023-11-06 23:03:34,825 INFO L270 PluginConnector]: Initializing Witness Printer... [2023-11-06 23:03:34,826 INFO L274 PluginConnector]: Witness Printer initialized [2023-11-06 23:03:34,826 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 11:03:13" (3/4) ... [2023-11-06 23:03:34,829 INFO L137 WitnessPrinter]: Generating witness for correct program [2023-11-06 23:03:34,834 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2023-11-06 23:03:34,834 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2023-11-06 23:03:34,834 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2023-11-06 23:03:34,834 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2023-11-06 23:03:34,834 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2023-11-06 23:03:34,835 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 23:03:34,835 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2023-11-06 23:03:34,835 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2023-11-06 23:03:34,835 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2023-11-06 23:03:34,855 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 19 nodes and edges [2023-11-06 23:03:34,856 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2023-11-06 23:03:34,857 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2023-11-06 23:03:34,858 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 23:03:34,859 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 23:03:34,900 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && (((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((pumpRunning == 0) && (2 == waterLevel))) || !((\old(waterLevel) == 2)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive)))) [2023-11-06 23:03:34,901 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 23:03:34,903 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((pumpRunning == 0) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)) && (tmp <= 1)) && (\result <= 1))) && ((((!((\old(pumpRunning) == 0)) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (tmp == 2))) || !((1 == systemActive))) || !((\old(waterLevel) == 2))) || (((((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result)) && (\old(pumpRunning) == 0)) && (tmp == 2)))) && ((((!((1 == systemActive)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1))) || (((((\result <= waterLevel) && (pumpRunning == 0)) && (tmp <= waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && ((((((((((((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,904 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\old(waterLevel) == 2)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 23:03:34,904 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2))) && ((!((1 == systemActive)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && ((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 23:03:34,905 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((1 == systemActive)) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && (((!((1 == systemActive)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (waterLevel == 1))) && ((((((((\old(switchedOnBeforeTS) < 1) || !((1 == systemActive))) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (\result <= 1))) || ((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((((((((pumpRunning == 0) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result)) && (\old(waterLevel) == 2))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,905 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 23:03:34,906 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((pumpRunning == \old(pumpRunning)) || !((1 == systemActive))) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,906 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 23:03:34,907 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 1))) || (1 < waterLevel)) && (((!((\old(pumpRunning) == 0)) || (pumpRunning == 0)) || !((1 == systemActive))) || !((2 == waterLevel)))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,911 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((pumpRunning == \old(pumpRunning)) || !((1 == systemActive))) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,914 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) && (((!((\old(pumpRunning) == 0)) || (pumpRunning == 0)) || !((1 == systemActive))) || !((2 == waterLevel)))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,916 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((1 <= pumpRunning) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,989 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && (((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((pumpRunning == 0) && (2 == waterLevel))) || !((\old(waterLevel) == 2)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive)))) [2023-11-06 23:03:34,990 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 23:03:34,991 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((pumpRunning == 0) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)) && (tmp <= 1)) && (\result <= 1))) && ((((!((\old(pumpRunning) == 0)) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (tmp == 2))) || !((1 == systemActive))) || !((\old(waterLevel) == 2))) || (((((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result)) && (\old(pumpRunning) == 0)) && (tmp == 2)))) && ((((!((1 == systemActive)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1))) || (((((\result <= waterLevel) && (pumpRunning == 0)) && (tmp <= waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && ((((((((((((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,992 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\old(waterLevel) == 2)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 23:03:34,992 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2))) && ((!((1 == systemActive)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && ((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 23:03:34,992 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((1 == systemActive)) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && (((!((1 == systemActive)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (waterLevel == 1))) && ((((((((\old(switchedOnBeforeTS) < 1) || !((1 == systemActive))) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (\result <= 1))) || ((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((((((((pumpRunning == 0) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result)) && (\old(waterLevel) == 2))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,993 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 23:03:34,993 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((pumpRunning == \old(pumpRunning)) || !((1 == systemActive))) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,993 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 23:03:34,994 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 1))) || (1 < waterLevel)) && (((!((\old(pumpRunning) == 0)) || (pumpRunning == 0)) || !((1 == systemActive))) || !((2 == waterLevel)))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,996 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((pumpRunning == \old(pumpRunning)) || !((1 == systemActive))) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,996 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) && (((!((\old(pumpRunning) == 0)) || (pumpRunning == 0)) || !((1 == systemActive))) || !((2 == waterLevel)))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:34,999 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((1 <= pumpRunning) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) [2023-11-06 23:03:35,044 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.graphml [2023-11-06 23:03:35,045 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.yaml [2023-11-06 23:03:35,045 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2023-11-06 23:03:35,046 INFO L158 Benchmark]: Toolchain (without parser) took 22931.97ms. Allocated memory was 144.7MB in the beginning and 243.3MB in the end (delta: 98.6MB). Free memory was 105.9MB in the beginning and 137.5MB in the end (delta: -31.7MB). Peak memory consumption was 70.5MB. Max. memory is 16.1GB. [2023-11-06 23:03:35,046 INFO L158 Benchmark]: CDTParser took 0.36ms. Allocated memory is still 144.7MB. Free memory is still 117.4MB. There was no memory consumed. Max. memory is 16.1GB. [2023-11-06 23:03:35,047 INFO L158 Benchmark]: CACSL2BoogieTranslator took 521.82ms. Allocated memory is still 144.7MB. Free memory was 105.3MB in the beginning and 85.9MB in the end (delta: 19.4MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. [2023-11-06 23:03:35,047 INFO L158 Benchmark]: Boogie Procedure Inliner took 62.23ms. Allocated memory is still 144.7MB. Free memory was 85.9MB in the beginning and 83.3MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 23:03:35,047 INFO L158 Benchmark]: Boogie Preprocessor took 72.92ms. Allocated memory is still 144.7MB. Free memory was 83.3MB in the beginning and 81.7MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 23:03:35,049 INFO L158 Benchmark]: RCFGBuilder took 601.99ms. Allocated memory is still 144.7MB. Free memory was 81.7MB in the beginning and 63.9MB in the end (delta: 17.8MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2023-11-06 23:03:35,050 INFO L158 Benchmark]: TraceAbstraction took 21440.78ms. Allocated memory was 144.7MB in the beginning and 243.3MB in the end (delta: 98.6MB). Free memory was 63.4MB in the beginning and 147.0MB in the end (delta: -83.6MB). Peak memory consumption was 100.1MB. Max. memory is 16.1GB. [2023-11-06 23:03:35,050 INFO L158 Benchmark]: Witness Printer took 221.33ms. Allocated memory is still 243.3MB. Free memory was 147.0MB in the beginning and 137.5MB in the end (delta: 9.4MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2023-11-06 23:03:35,053 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.36ms. Allocated memory is still 144.7MB. Free memory is still 117.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 521.82ms. Allocated memory is still 144.7MB. Free memory was 105.3MB in the beginning and 85.9MB in the end (delta: 19.4MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 62.23ms. Allocated memory is still 144.7MB. Free memory was 85.9MB in the beginning and 83.3MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 72.92ms. Allocated memory is still 144.7MB. Free memory was 83.3MB in the beginning and 81.7MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 601.99ms. Allocated memory is still 144.7MB. Free memory was 81.7MB in the beginning and 63.9MB in the end (delta: 17.8MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 21440.78ms. Allocated memory was 144.7MB in the beginning and 243.3MB in the end (delta: 98.6MB). Free memory was 63.4MB in the beginning and 147.0MB in the end (delta: -83.6MB). Peak memory consumption was 100.1MB. Max. memory is 16.1GB. * Witness Printer took 221.33ms. Allocated memory is still 243.3MB. Free memory was 147.0MB in the beginning and 137.5MB in the end (delta: 9.4MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [49] - GenericResultAtLocation [Line: 101]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [101] - GenericResultAtLocation [Line: 211]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [211] - GenericResultAtLocation [Line: 220]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [220] - GenericResultAtLocation [Line: 323]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [323] - GenericResultAtLocation [Line: 560]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [560] - GenericResultAtLocation [Line: 627]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [627] - GenericResultAtLocation [Line: 662]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [662] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 216]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 106 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 21.2s, OverallIterations: 11, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 6.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 9.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2170 SdHoareTripleChecker+Valid, 3.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2128 mSDsluCounter, 4907 SdHoareTripleChecker+Invalid, 2.9s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3628 mSDsCounter, 638 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 3567 IncrementalHoareTripleChecker+Invalid, 4205 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 638 mSolverCounterUnsat, 1279 mSDtfsCounter, 3567 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 911 GetRequests, 754 SyntacticMatches, 8 SemanticMatches, 149 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1075 ImplicationChecksByTransitivity, 2.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=659occurred in iteration=10, InterpolantAutomatonStates: 130, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 11 MinimizatonAttempts, 207 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 50 LocationsWithAnnotation, 1685 PreInvPairs, 1956 NumberOfFragments, 2846 HoareAnnotationTreeSize, 1685 FomulaSimplifications, 7670 FormulaSimplificationTreeSizeReduction, 0.7s HoareSimplificationTime, 50 FomulaSimplificationsInter, 14464 FormulaSimplificationTreeSizeReductionInter, 8.1s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 3.8s InterpolantComputationTime, 1053 NumberOfCodeBlocks, 1053 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 1344 ConstructedInterpolants, 0 QuantifiedInterpolants, 2639 SizeOfPredicates, 6 NumberOfNonLiveVariables, 958 ConjunctsInSsa, 21 ConjunctsInUnsatCore, 15 InterpolantComputations, 9 PerfectInterpolantSequences, 677/762 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 417]: Loop Invariant Derived loop invariant: ((((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\old(waterLevel) == 2)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) - InvariantResult [Line: 278]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 202]: Loop Invariant Derived loop invariant: ((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((pumpRunning == \old(pumpRunning)) || !((1 == systemActive))) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) - InvariantResult [Line: 571]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (1 <= switchedOnBeforeTS)) || ((((pumpRunning == 0) && (2 == waterLevel)) && (1 == systemActive)) && (splverifierCounter == 0))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) && (splverifierCounter == 0))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0))) - InvariantResult [Line: 639]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 442]: Loop Invariant Derived loop invariant: ((((((1 <= pumpRunning) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) - InvariantResult [Line: 147]: Loop Invariant Derived loop invariant: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 458]: Loop Invariant Derived loop invariant: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 570]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 111]: Loop Invariant Derived loop invariant: (((((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && ((((((1 < \old(waterLevel)) || (((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2)))) && ((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 188]: Loop Invariant Derived loop invariant: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 1))) || (1 < waterLevel)) && (((!((\old(pumpRunning) == 0)) || (pumpRunning == 0)) || !((1 == systemActive))) || !((2 == waterLevel)))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) - InvariantResult [Line: 514]: Loop Invariant Derived loop invariant: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) && (((!((\old(pumpRunning) == 0)) || (pumpRunning == 0)) || !((1 == systemActive))) || !((2 == waterLevel)))) && (((!((1 == systemActive)) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) - InvariantResult [Line: 286]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 233]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 54]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 223]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 533]: Loop Invariant Derived loop invariant: ((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((2 == waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((pumpRunning == \old(pumpRunning)) || !((1 == systemActive))) || (1 < waterLevel)) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1))) - InvariantResult [Line: 552]: Loop Invariant Derived loop invariant: (((((((pumpRunning == 0) && (2 == waterLevel)) && (1 == systemActive)) && (splverifierCounter == 0)) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) && (splverifierCounter == 0))) || (((((1 <= pumpRunning) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0))) - InvariantResult [Line: 212]: Loop Invariant Derived loop invariant: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((\old(waterLevel) == 2))) && ((!((1 == systemActive)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && ((((1 < \old(waterLevel)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 179]: Loop Invariant Derived loop invariant: ((((((((!((1 == systemActive)) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) && (((!((1 == systemActive)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (waterLevel == 1))) && ((((((((\old(switchedOnBeforeTS) < 1) || !((1 == systemActive))) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (\result <= 1))) || ((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((((((((pumpRunning == 0) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result)) && (\old(waterLevel) == 2))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || ((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || ((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1))) - InvariantResult [Line: 653]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 72]: Loop Invariant Derived loop invariant: ((((((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((pumpRunning == 0) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)) && (tmp <= 1)) && (\result <= 1))) && ((((!((\old(pumpRunning) == 0)) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (2 == \result)) && (tmp == 2))) || !((1 == systemActive))) || !((\old(waterLevel) == 2))) || (((((pumpRunning == 0) && (2 == waterLevel)) && (2 == \result)) && (\old(pumpRunning) == 0)) && (tmp == 2)))) && ((((!((1 == systemActive)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1))) || (((((\result <= waterLevel) && (pumpRunning == 0)) && (tmp <= waterLevel)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && ((((((((((((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) && (tmp <= 1)) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((((!((\old(waterLevel) == 1)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (((((((\result <= waterLevel) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (((((((pumpRunning == \old(pumpRunning)) && (\result <= waterLevel)) && (waterLevel <= 1)) && (1 == systemActive)) && ((waterLevel + 1) <= \old(waterLevel))) && (tmp <= waterLevel)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1))) - InvariantResult [Line: 646]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 62]: Loop Invariant Derived loop invariant: ((((((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && (((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1))) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((pumpRunning == 0) && (2 == waterLevel))) || !((\old(waterLevel) == 2)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive)))) - InvariantResult [Line: 300]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 561]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2023-11-06 23:03:35,139 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9317307c-482d-4d16-9730-3f34c0f72da4/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE