./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec7_product25.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e2fb8bed Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec7_product25.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 6fd6d1c71ba5dc2d3b9a29abb89e94ab4329c839d1f475ee44ea6eb34f32fbde --- Real Ultimate output --- This is Ultimate 0.3.0-?-e2fb8be-m [2025-03-08 05:35:54,265 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-03-08 05:35:54,323 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2025-03-08 05:35:54,326 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-03-08 05:35:54,326 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-03-08 05:35:54,343 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-03-08 05:35:54,345 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-03-08 05:35:54,345 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-03-08 05:35:54,346 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-03-08 05:35:54,346 INFO L153 SettingsManager]: * Use memory slicer=true [2025-03-08 05:35:54,346 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-03-08 05:35:54,347 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-03-08 05:35:54,347 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-03-08 05:35:54,347 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-03-08 05:35:54,347 INFO L153 SettingsManager]: * Use SBE=true [2025-03-08 05:35:54,348 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * sizeof long=4 [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * sizeof long double=12 [2025-03-08 05:35:54,348 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2025-03-08 05:35:54,349 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-03-08 05:35:54,349 INFO L153 SettingsManager]: * Use constant arrays=true [2025-03-08 05:35:54,349 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-03-08 05:35:54,349 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-03-08 05:35:54,349 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-03-08 05:35:54,349 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-03-08 05:35:54,349 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-08 05:35:54,350 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Compute procedure contracts=false [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-03-08 05:35:54,350 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 6fd6d1c71ba5dc2d3b9a29abb89e94ab4329c839d1f475ee44ea6eb34f32fbde [2025-03-08 05:35:54,542 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-03-08 05:35:54,547 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-03-08 05:35:54,549 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-03-08 05:35:54,549 INFO L270 PluginConnector]: Initializing CDTParser... [2025-03-08 05:35:54,549 INFO L274 PluginConnector]: CDTParser initialized [2025-03-08 05:35:54,550 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec7_product25.cil.c [2025-03-08 05:35:55,638 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/0768c861a/4b8efa8f8f6e45fdbd877b2881086f30/FLAG99e2c851e [2025-03-08 05:35:56,016 INFO L384 CDTParser]: Found 1 translation units. [2025-03-08 05:35:56,018 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product25.cil.c [2025-03-08 05:35:56,036 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/0768c861a/4b8efa8f8f6e45fdbd877b2881086f30/FLAG99e2c851e [2025-03-08 05:35:56,054 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/0768c861a/4b8efa8f8f6e45fdbd877b2881086f30 [2025-03-08 05:35:56,056 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-03-08 05:35:56,058 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-03-08 05:35:56,059 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-03-08 05:35:56,059 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-03-08 05:35:56,062 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-03-08 05:35:56,063 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,064 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@3a6cbbcc and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56, skipping insertion in model container [2025-03-08 05:35:56,065 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,110 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-08 05:35:56,338 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product25.cil.c[8804,8817] [2025-03-08 05:35:56,555 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-08 05:35:56,569 INFO L200 MainTranslator]: Completed pre-run [2025-03-08 05:35:56,575 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [48] [2025-03-08 05:35:56,576 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [417] [2025-03-08 05:35:56,576 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [455] [2025-03-08 05:35:56,576 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [464] [2025-03-08 05:35:56,577 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [481] [2025-03-08 05:35:56,577 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"EncryptVerify_spec.i","") [710] [2025-03-08 05:35:56,577 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [728] [2025-03-08 05:35:56,578 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [1800] [2025-03-08 05:35:56,578 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [2088] [2025-03-08 05:35:56,578 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [2454] [2025-03-08 05:35:56,579 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [2857] [2025-03-08 05:35:56,598 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product25.cil.c[8804,8817] [2025-03-08 05:35:56,668 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-08 05:35:56,692 INFO L204 MainTranslator]: Completed translation [2025-03-08 05:35:56,692 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56 WrapperNode [2025-03-08 05:35:56,693 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-03-08 05:35:56,693 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2025-03-08 05:35:56,693 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2025-03-08 05:35:56,693 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2025-03-08 05:35:56,697 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,711 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,760 INFO L138 Inliner]: procedures = 130, calls = 199, calls flagged for inlining = 61, calls inlined = 58, statements flattened = 1074 [2025-03-08 05:35:56,761 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2025-03-08 05:35:56,761 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2025-03-08 05:35:56,761 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2025-03-08 05:35:56,761 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2025-03-08 05:35:56,769 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,770 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,779 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,808 INFO L175 MemorySlicer]: Split 14 memory accesses to 4 slices as follows [2, 4, 4, 4]. 29 percent of accesses are in the largest equivalence class. The 14 initializations are split as follows [2, 4, 4, 4]. The 0 writes are split as follows [0, 0, 0, 0]. [2025-03-08 05:35:56,808 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,808 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,824 INFO L184 PluginConnector]: Executing the observer ReplaceArrayAssignments from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,827 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,830 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,837 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,849 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2025-03-08 05:35:56,850 INFO L112 PluginConnector]: ------------------------IcfgBuilder---------------------------- [2025-03-08 05:35:56,850 INFO L270 PluginConnector]: Initializing IcfgBuilder... [2025-03-08 05:35:56,850 INFO L274 PluginConnector]: IcfgBuilder initialized [2025-03-08 05:35:56,851 INFO L184 PluginConnector]: Executing the observer IcfgBuilderObserver from plugin IcfgBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (1/1) ... [2025-03-08 05:35:56,858 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-08 05:35:56,872 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 05:35:56,885 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2025-03-08 05:35:56,892 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2025-03-08 05:35:56,908 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2025-03-08 05:35:56,909 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2025-03-08 05:35:56,909 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2025-03-08 05:35:56,909 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2025-03-08 05:35:56,909 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Keys [2025-03-08 05:35:56,909 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Keys [2025-03-08 05:35:56,909 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2025-03-08 05:35:56,909 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2025-03-08 05:35:56,909 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2025-03-08 05:35:56,909 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2025-03-08 05:35:56,909 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2025-03-08 05:35:56,910 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2025-03-08 05:35:56,910 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2025-03-08 05:35:56,912 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2025-03-08 05:35:56,912 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2025-03-08 05:35:56,912 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#1 [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#2 [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#3 [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2025-03-08 05:35:56,912 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2025-03-08 05:35:56,912 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2025-03-08 05:35:56,912 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2025-03-08 05:35:56,912 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2025-03-08 05:35:57,071 INFO L256 CfgBuilder]: Building ICFG [2025-03-08 05:35:57,074 INFO L286 CfgBuilder]: Building CFG for each procedure with an implementation [2025-03-08 05:35:57,156 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1342-1: getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; [2025-03-08 05:35:57,167 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L2764: #res := ~retValue_acc~37; [2025-03-08 05:35:57,195 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1434: #res#1 := ~retValue_acc~19#1; [2025-03-08 05:35:57,195 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1389-1: getClientKeyringSize_#res#1 := getClientKeyringSize_~retValue_acc~18#1; [2025-03-08 05:35:57,206 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L2950-1: createEmail_#res#1 := createEmail_~retValue_acc~42#1; [2025-03-08 05:35:57,221 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L886: #res := ~retValue_acc~11; [2025-03-08 05:35:57,411 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1730-1: getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; [2025-03-08 05:35:57,411 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L2838-1: isVerified_#res#1 := isVerified_~retValue_acc~39#1; [2025-03-08 05:35:57,411 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1658-1: findPublicKey_#res#1 := findPublicKey_~retValue_acc~22#1; [2025-03-08 05:35:57,411 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L312-1: isKeyPairValid_#res#1 := isKeyPairValid_~retValue_acc~4#1; [2025-03-08 05:35:57,411 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L2501-1: getEmailId_#res#1 := getEmailId_~retValue_acc~30#1; [2025-03-08 05:35:57,411 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1777-1: getClientId_#res#1 := getClientId_~retValue_acc~24#1; [2025-03-08 05:35:57,417 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L2801: #res := ~retValue_acc~38; [2025-03-08 05:35:57,433 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L2575: #res := ~retValue_acc~32; [2025-03-08 05:35:57,473 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1212: #res := ~retValue_acc~15; [2025-03-08 05:35:57,656 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L269-1: is_queue_empty_#res#1 := is_queue_empty_~retValue_acc~1#1; [2025-03-08 05:35:57,656 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L452-1: valid_product_#res#1 := valid_product_~retValue_acc~6#1; [2025-03-08 05:35:57,657 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L287-1: get_queued_email_#res#1 := get_queued_email_~retValue_acc~3#1; [2025-03-08 05:35:57,657 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1497-1: getClientKeyringUser_#res#1 := getClientKeyringUser_~retValue_acc~20#1; [2025-03-08 05:35:57,657 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L278-1: get_queued_client_#res#1 := get_queued_client_~retValue_acc~2#1; [2025-03-08 05:35:57,657 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L1604-1: getClientKeyringPublicKey_#res#1 := getClientKeyringPublicKey_~retValue_acc~21#1; [2025-03-08 05:35:57,666 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L2538: #res := ~retValue_acc~31; [2025-03-08 05:35:57,668 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L2926: #res := ~retValue_acc~40; [2025-03-08 05:35:57,795 INFO L? ?]: Removed 540 outVars from TransFormulas that were not future-live. [2025-03-08 05:35:57,795 INFO L307 CfgBuilder]: Performing block encoding [2025-03-08 05:35:57,813 INFO L331 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2025-03-08 05:35:57,814 INFO L336 CfgBuilder]: Removed 0 assume(true) statements. [2025-03-08 05:35:57,814 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 08.03 05:35:57 BoogieIcfgContainer [2025-03-08 05:35:57,814 INFO L131 PluginConnector]: ------------------------ END IcfgBuilder---------------------------- [2025-03-08 05:35:57,815 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2025-03-08 05:35:57,815 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2025-03-08 05:35:57,819 INFO L274 PluginConnector]: TraceAbstraction initialized [2025-03-08 05:35:57,819 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 08.03 05:35:56" (1/3) ... [2025-03-08 05:35:57,820 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@e7d7853 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 08.03 05:35:57, skipping insertion in model container [2025-03-08 05:35:57,820 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 05:35:56" (2/3) ... [2025-03-08 05:35:57,820 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@e7d7853 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 08.03 05:35:57, skipping insertion in model container [2025-03-08 05:35:57,820 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 08.03 05:35:57" (3/3) ... [2025-03-08 05:35:57,821 INFO L128 eAbstractionObserver]: Analyzing ICFG email_spec7_product25.cil.c [2025-03-08 05:35:57,831 INFO L216 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2025-03-08 05:35:57,835 INFO L151 ceAbstractionStarter]: Applying trace abstraction to ICFG email_spec7_product25.cil.c that has 22 procedures, 377 locations, 1 initial locations, 1 loop locations, and 1 error locations. [2025-03-08 05:35:57,882 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2025-03-08 05:35:57,891 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@7c2a58e2, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2025-03-08 05:35:57,891 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2025-03-08 05:35:57,895 INFO L276 IsEmpty]: Start isEmpty. Operand has 377 states, 300 states have (on average 1.57) internal successors, (471), 303 states have internal predecessors, (471), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (54), 53 states have call predecessors, (54), 54 states have call successors, (54) [2025-03-08 05:35:57,904 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 96 [2025-03-08 05:35:57,906 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 05:35:57,907 INFO L218 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 05:35:57,907 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-08 05:35:57,910 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 05:35:57,910 INFO L85 PathProgramCache]: Analyzing trace with hash -864660760, now seen corresponding path program 1 times [2025-03-08 05:35:57,915 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-08 05:35:57,915 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [359037751] [2025-03-08 05:35:57,915 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:35:57,915 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-08 05:35:57,984 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 95 statements into 1 equivalence classes. [2025-03-08 05:35:58,030 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 95 of 95 statements. [2025-03-08 05:35:58,030 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:35:58,030 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:35:58,415 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2025-03-08 05:35:58,415 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-08 05:35:58,416 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [359037751] [2025-03-08 05:35:58,417 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [359037751] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 05:35:58,417 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1332857245] [2025-03-08 05:35:58,417 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:35:58,418 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 05:35:58,418 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 05:35:58,420 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 05:35:58,421 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2025-03-08 05:35:58,561 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 95 statements into 1 equivalence classes. [2025-03-08 05:35:58,668 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 95 of 95 statements. [2025-03-08 05:35:58,668 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:35:58,668 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:35:58,673 INFO L256 TraceCheckSpWp]: Trace formula consists of 998 conjuncts, 2 conjuncts are in the unsatisfiable core [2025-03-08 05:35:58,680 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 05:35:58,713 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2025-03-08 05:35:58,713 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-08 05:35:58,714 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1332857245] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 05:35:58,715 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2025-03-08 05:35:58,715 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 6 [2025-03-08 05:35:58,716 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1382580498] [2025-03-08 05:35:58,717 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 05:35:58,719 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-03-08 05:35:58,720 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-08 05:35:58,736 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-03-08 05:35:58,736 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2025-03-08 05:35:58,738 INFO L87 Difference]: Start difference. First operand has 377 states, 300 states have (on average 1.57) internal successors, (471), 303 states have internal predecessors, (471), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (54), 53 states have call predecessors, (54), 54 states have call successors, (54) Second operand has 3 states, 3 states have (on average 17.666666666666668) internal successors, (53), 3 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2025-03-08 05:35:58,810 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 05:35:58,813 INFO L93 Difference]: Finished difference Result 564 states and 854 transitions. [2025-03-08 05:35:58,814 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-03-08 05:35:58,815 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 17.666666666666668) internal successors, (53), 3 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 95 [2025-03-08 05:35:58,816 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 05:35:58,824 INFO L225 Difference]: With dead ends: 564 [2025-03-08 05:35:58,824 INFO L226 Difference]: Without dead ends: 371 [2025-03-08 05:35:58,828 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 99 GetRequests, 95 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2025-03-08 05:35:58,830 INFO L435 NwaCegarLoop]: 575 mSDtfsCounter, 0 mSDsluCounter, 572 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 1147 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 05:35:58,830 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 1147 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 05:35:58,844 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 371 states. [2025-03-08 05:35:58,874 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 371 to 371. [2025-03-08 05:35:58,876 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 371 states, 295 states have (on average 1.5661016949152542) internal successors, (462), 297 states have internal predecessors, (462), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2025-03-08 05:35:58,881 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 371 states to 371 states and 569 transitions. [2025-03-08 05:35:58,883 INFO L78 Accepts]: Start accepts. Automaton has 371 states and 569 transitions. Word has length 95 [2025-03-08 05:35:58,884 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 05:35:58,884 INFO L471 AbstractCegarLoop]: Abstraction has 371 states and 569 transitions. [2025-03-08 05:35:58,884 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 17.666666666666668) internal successors, (53), 3 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2025-03-08 05:35:58,884 INFO L276 IsEmpty]: Start isEmpty. Operand 371 states and 569 transitions. [2025-03-08 05:35:58,890 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2025-03-08 05:35:58,890 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 05:35:58,890 INFO L218 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 05:35:58,899 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2025-03-08 05:35:59,091 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2025-03-08 05:35:59,091 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-08 05:35:59,092 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 05:35:59,092 INFO L85 PathProgramCache]: Analyzing trace with hash -249556448, now seen corresponding path program 1 times [2025-03-08 05:35:59,092 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-08 05:35:59,092 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1186074166] [2025-03-08 05:35:59,092 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:35:59,092 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-08 05:35:59,128 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 99 statements into 1 equivalence classes. [2025-03-08 05:35:59,144 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 99 of 99 statements. [2025-03-08 05:35:59,144 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:35:59,144 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:35:59,307 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2025-03-08 05:35:59,307 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-08 05:35:59,308 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1186074166] [2025-03-08 05:35:59,308 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1186074166] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 05:35:59,308 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [644133184] [2025-03-08 05:35:59,308 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:35:59,308 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 05:35:59,308 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 05:35:59,312 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 05:35:59,314 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2025-03-08 05:35:59,457 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 99 statements into 1 equivalence classes. [2025-03-08 05:35:59,548 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 99 of 99 statements. [2025-03-08 05:35:59,548 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:35:59,548 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:35:59,552 INFO L256 TraceCheckSpWp]: Trace formula consists of 1009 conjuncts, 3 conjuncts are in the unsatisfiable core [2025-03-08 05:35:59,555 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 05:35:59,575 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2025-03-08 05:35:59,576 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-08 05:35:59,576 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [644133184] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 05:35:59,577 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2025-03-08 05:35:59,577 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 6 [2025-03-08 05:35:59,577 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1188662555] [2025-03-08 05:35:59,577 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 05:35:59,578 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-03-08 05:35:59,578 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-08 05:35:59,578 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-03-08 05:35:59,578 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2025-03-08 05:35:59,578 INFO L87 Difference]: Start difference. First operand 371 states and 569 transitions. Second operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2025-03-08 05:35:59,605 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 05:35:59,606 INFO L93 Difference]: Finished difference Result 789 states and 1229 transitions. [2025-03-08 05:35:59,606 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-03-08 05:35:59,606 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2025-03-08 05:35:59,606 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 05:35:59,609 INFO L225 Difference]: With dead ends: 789 [2025-03-08 05:35:59,609 INFO L226 Difference]: Without dead ends: 444 [2025-03-08 05:35:59,610 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 103 GetRequests, 99 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2025-03-08 05:35:59,610 INFO L435 NwaCegarLoop]: 587 mSDtfsCounter, 134 mSDsluCounter, 522 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1109 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 05:35:59,611 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [152 Valid, 1109 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 05:35:59,611 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 444 states. [2025-03-08 05:35:59,640 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 444 to 436. [2025-03-08 05:35:59,641 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 436 states, 346 states have (on average 1.5867052023121386) internal successors, (549), 348 states have internal predecessors, (549), 68 states have call successors, (68), 21 states have call predecessors, (68), 21 states have return successors, (67), 66 states have call predecessors, (67), 67 states have call successors, (67) [2025-03-08 05:35:59,645 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 436 states to 436 states and 684 transitions. [2025-03-08 05:35:59,646 INFO L78 Accepts]: Start accepts. Automaton has 436 states and 684 transitions. Word has length 99 [2025-03-08 05:35:59,646 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 05:35:59,646 INFO L471 AbstractCegarLoop]: Abstraction has 436 states and 684 transitions. [2025-03-08 05:35:59,647 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2025-03-08 05:35:59,647 INFO L276 IsEmpty]: Start isEmpty. Operand 436 states and 684 transitions. [2025-03-08 05:35:59,650 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 101 [2025-03-08 05:35:59,650 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 05:35:59,650 INFO L218 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 05:35:59,658 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2025-03-08 05:35:59,850 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2025-03-08 05:35:59,851 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-08 05:35:59,852 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 05:35:59,852 INFO L85 PathProgramCache]: Analyzing trace with hash 1333691480, now seen corresponding path program 1 times [2025-03-08 05:35:59,852 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-08 05:35:59,852 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [750862147] [2025-03-08 05:35:59,852 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:35:59,852 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-08 05:35:59,868 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 100 statements into 1 equivalence classes. [2025-03-08 05:35:59,876 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 100 of 100 statements. [2025-03-08 05:35:59,876 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:35:59,876 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:36:00,004 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2025-03-08 05:36:00,004 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-08 05:36:00,004 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [750862147] [2025-03-08 05:36:00,004 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [750862147] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 05:36:00,004 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [466795205] [2025-03-08 05:36:00,004 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:36:00,004 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 05:36:00,004 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 05:36:00,006 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 05:36:00,008 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2025-03-08 05:36:00,137 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 100 statements into 1 equivalence classes. [2025-03-08 05:36:00,230 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 100 of 100 statements. [2025-03-08 05:36:00,230 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:36:00,230 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:36:00,233 INFO L256 TraceCheckSpWp]: Trace formula consists of 1014 conjuncts, 8 conjuncts are in the unsatisfiable core [2025-03-08 05:36:00,237 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 05:36:00,274 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 10 trivial. 0 not checked. [2025-03-08 05:36:00,274 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-08 05:36:00,274 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [466795205] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 05:36:00,274 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2025-03-08 05:36:00,274 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [5] total 8 [2025-03-08 05:36:00,274 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1067778181] [2025-03-08 05:36:00,274 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 05:36:00,274 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-08 05:36:00,274 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-08 05:36:00,275 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-08 05:36:00,275 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2025-03-08 05:36:00,275 INFO L87 Difference]: Start difference. First operand 436 states and 684 transitions. Second operand has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2025-03-08 05:36:00,326 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 05:36:00,326 INFO L93 Difference]: Finished difference Result 863 states and 1358 transitions. [2025-03-08 05:36:00,327 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-08 05:36:00,327 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 100 [2025-03-08 05:36:00,327 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 05:36:00,329 INFO L225 Difference]: With dead ends: 863 [2025-03-08 05:36:00,329 INFO L226 Difference]: Without dead ends: 438 [2025-03-08 05:36:00,331 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 104 GetRequests, 98 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2025-03-08 05:36:00,331 INFO L435 NwaCegarLoop]: 560 mSDtfsCounter, 2 mSDsluCounter, 1669 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 2229 SdHoareTripleChecker+Invalid, 37 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 05:36:00,331 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 2229 Invalid, 37 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 05:36:00,332 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 438 states. [2025-03-08 05:36:00,347 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 438 to 438. [2025-03-08 05:36:00,348 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 438 states, 347 states have (on average 1.585014409221902) internal successors, (550), 350 states have internal predecessors, (550), 68 states have call successors, (68), 21 states have call predecessors, (68), 22 states have return successors, (69), 66 states have call predecessors, (69), 67 states have call successors, (69) [2025-03-08 05:36:00,350 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 438 states to 438 states and 687 transitions. [2025-03-08 05:36:00,351 INFO L78 Accepts]: Start accepts. Automaton has 438 states and 687 transitions. Word has length 100 [2025-03-08 05:36:00,351 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 05:36:00,351 INFO L471 AbstractCegarLoop]: Abstraction has 438 states and 687 transitions. [2025-03-08 05:36:00,351 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2025-03-08 05:36:00,351 INFO L276 IsEmpty]: Start isEmpty. Operand 438 states and 687 transitions. [2025-03-08 05:36:00,353 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2025-03-08 05:36:00,353 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 05:36:00,353 INFO L218 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 05:36:00,360 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2025-03-08 05:36:00,553 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 05:36:00,554 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-08 05:36:00,554 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 05:36:00,554 INFO L85 PathProgramCache]: Analyzing trace with hash -1845041823, now seen corresponding path program 1 times [2025-03-08 05:36:00,554 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-08 05:36:00,554 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [409737766] [2025-03-08 05:36:00,555 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:36:00,555 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-08 05:36:00,573 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 101 statements into 1 equivalence classes. [2025-03-08 05:36:00,579 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 101 of 101 statements. [2025-03-08 05:36:00,579 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:36:00,579 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:36:00,701 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 17 trivial. 0 not checked. [2025-03-08 05:36:00,701 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-08 05:36:00,701 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [409737766] [2025-03-08 05:36:00,701 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [409737766] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 05:36:00,701 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1198955190] [2025-03-08 05:36:00,701 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:36:00,701 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 05:36:00,701 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 05:36:00,703 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 05:36:00,705 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2025-03-08 05:36:00,837 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 101 statements into 1 equivalence classes. [2025-03-08 05:36:00,926 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 101 of 101 statements. [2025-03-08 05:36:00,926 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:36:00,926 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:36:00,930 INFO L256 TraceCheckSpWp]: Trace formula consists of 1015 conjuncts, 6 conjuncts are in the unsatisfiable core [2025-03-08 05:36:00,933 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 05:36:00,978 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 10 trivial. 0 not checked. [2025-03-08 05:36:00,978 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-08 05:36:00,978 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1198955190] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 05:36:00,978 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2025-03-08 05:36:00,978 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2025-03-08 05:36:00,978 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1420359425] [2025-03-08 05:36:00,979 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 05:36:00,980 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-08 05:36:00,980 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-08 05:36:00,980 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-08 05:36:00,980 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2025-03-08 05:36:00,981 INFO L87 Difference]: Start difference. First operand 438 states and 687 transitions. Second operand has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2025-03-08 05:36:01,044 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 05:36:01,044 INFO L93 Difference]: Finished difference Result 865 states and 1363 transitions. [2025-03-08 05:36:01,045 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-08 05:36:01,045 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 101 [2025-03-08 05:36:01,045 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 05:36:01,048 INFO L225 Difference]: With dead ends: 865 [2025-03-08 05:36:01,048 INFO L226 Difference]: Without dead ends: 440 [2025-03-08 05:36:01,050 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 108 GetRequests, 99 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2025-03-08 05:36:01,051 INFO L435 NwaCegarLoop]: 558 mSDtfsCounter, 2 mSDsluCounter, 1657 mSDsCounter, 0 mSdLazyCounter, 49 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 2215 SdHoareTripleChecker+Invalid, 49 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 49 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 05:36:01,052 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 2215 Invalid, 49 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 49 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 05:36:01,053 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 440 states. [2025-03-08 05:36:01,067 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 440 to 440. [2025-03-08 05:36:01,068 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 440 states, 348 states have (on average 1.5833333333333333) internal successors, (551), 352 states have internal predecessors, (551), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2025-03-08 05:36:01,070 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 440 states to 440 states and 693 transitions. [2025-03-08 05:36:01,071 INFO L78 Accepts]: Start accepts. Automaton has 440 states and 693 transitions. Word has length 101 [2025-03-08 05:36:01,071 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 05:36:01,071 INFO L471 AbstractCegarLoop]: Abstraction has 440 states and 693 transitions. [2025-03-08 05:36:01,071 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2025-03-08 05:36:01,071 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 693 transitions. [2025-03-08 05:36:01,073 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2025-03-08 05:36:01,073 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 05:36:01,073 INFO L218 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 05:36:01,083 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2025-03-08 05:36:01,274 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 05:36:01,274 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-08 05:36:01,275 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 05:36:01,275 INFO L85 PathProgramCache]: Analyzing trace with hash 1865446516, now seen corresponding path program 1 times [2025-03-08 05:36:01,275 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-08 05:36:01,275 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [492473477] [2025-03-08 05:36:01,275 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 05:36:01,275 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-08 05:36:01,300 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 102 statements into 1 equivalence classes. [2025-03-08 05:36:01,305 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 102 of 102 statements. [2025-03-08 05:36:01,306 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 05:36:01,306 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:36:01,392 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2025-03-08 05:36:01,392 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-08 05:36:01,392 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [492473477] [2025-03-08 05:36:01,392 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [492473477] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 05:36:01,392 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-08 05:36:01,392 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-08 05:36:01,392 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1595739222] [2025-03-08 05:36:01,392 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 05:36:01,392 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-08 05:36:01,392 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-08 05:36:01,393 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-08 05:36:01,393 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-08 05:36:01,394 INFO L87 Difference]: Start difference. First operand 440 states and 693 transitions. Second operand has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2025-03-08 05:36:01,431 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 05:36:01,431 INFO L93 Difference]: Finished difference Result 857 states and 1354 transitions. [2025-03-08 05:36:01,432 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-08 05:36:01,432 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 102 [2025-03-08 05:36:01,432 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 05:36:01,434 INFO L225 Difference]: With dead ends: 857 [2025-03-08 05:36:01,434 INFO L226 Difference]: Without dead ends: 440 [2025-03-08 05:36:01,435 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-08 05:36:01,436 INFO L435 NwaCegarLoop]: 561 mSDtfsCounter, 2 mSDsluCounter, 1672 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 2233 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 05:36:01,436 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [3 Valid, 2233 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 05:36:01,437 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 440 states. [2025-03-08 05:36:01,454 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 440 to 440. [2025-03-08 05:36:01,455 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 440 states, 348 states have (on average 1.5833333333333333) internal successors, (551), 352 states have internal predecessors, (551), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (73), 66 states have call predecessors, (73), 67 states have call successors, (73) [2025-03-08 05:36:01,457 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 440 states to 440 states and 692 transitions. [2025-03-08 05:36:01,458 INFO L78 Accepts]: Start accepts. Automaton has 440 states and 692 transitions. Word has length 102 [2025-03-08 05:36:01,458 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 05:36:01,458 INFO L471 AbstractCegarLoop]: Abstraction has 440 states and 692 transitions. [2025-03-08 05:36:01,459 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2025-03-08 05:36:01,459 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 692 transitions. [2025-03-08 05:36:01,460 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 104 [2025-03-08 05:36:01,460 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 05:36:01,460 INFO L218 NwaCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 05:36:01,460 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2025-03-08 05:36:01,460 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-08 05:36:01,460 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 05:36:01,461 INFO L85 PathProgramCache]: Analyzing trace with hash 1439148123, now seen corresponding path program 2 times [2025-03-08 05:36:01,461 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-08 05:36:01,461 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1420080460] [2025-03-08 05:36:01,461 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2025-03-08 05:36:01,461 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-08 05:36:01,476 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 partitioned 103 statements into 2 equivalence classes. [2025-03-08 05:36:01,484 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) and asserted 43 of 103 statements. [2025-03-08 05:36:01,484 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2025-03-08 05:36:01,484 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 05:36:01,532 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2025-03-08 05:36:01,532 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-08 05:36:01,532 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1420080460] [2025-03-08 05:36:01,532 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1420080460] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 05:36:01,532 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-08 05:36:01,532 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-08 05:36:01,532 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1021983724] [2025-03-08 05:36:01,532 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 05:36:01,532 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-08 05:36:01,532 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-08 05:36:01,532 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-08 05:36:01,533 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-08 05:36:01,533 INFO L87 Difference]: Start difference. First operand 440 states and 692 transitions. Second operand has 5 states, 5 states have (on average 12.4) internal successors, (62), 4 states have internal predecessors, (62), 1 states have call successors, (15), 1 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) [2025-03-08 05:36:01,552 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 05:36:01,552 INFO L93 Difference]: Finished difference Result 440 states and 692 transitions. [2025-03-08 05:36:01,553 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-08 05:36:01,553 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 12.4) internal successors, (62), 4 states have internal predecessors, (62), 1 states have call successors, (15), 1 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) Word has length 103 [2025-03-08 05:36:01,554 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 05:36:01,555 INFO L225 Difference]: With dead ends: 440 [2025-03-08 05:36:01,555 INFO L226 Difference]: Without dead ends: 0 [2025-03-08 05:36:01,556 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-08 05:36:01,557 INFO L435 NwaCegarLoop]: 564 mSDtfsCounter, 0 mSDsluCounter, 1685 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 2249 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 05:36:01,557 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 2249 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 05:36:01,557 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2025-03-08 05:36:01,558 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2025-03-08 05:36:01,558 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2025-03-08 05:36:01,558 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2025-03-08 05:36:01,558 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 103 [2025-03-08 05:36:01,558 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 05:36:01,558 INFO L471 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2025-03-08 05:36:01,558 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 12.4) internal successors, (62), 4 states have internal predecessors, (62), 1 states have call successors, (15), 1 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 1 states have call successors, (12) [2025-03-08 05:36:01,558 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2025-03-08 05:36:01,558 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2025-03-08 05:36:01,560 INFO L782 garLoopResultBuilder]: Registering result SAFE for location outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2025-03-08 05:36:01,560 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2025-03-08 05:36:01,563 INFO L422 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1] [2025-03-08 05:36:01,565 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2025-03-08 05:36:01,637 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2025-03-08 05:36:01,644 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 08.03 05:36:01 BoogieIcfgContainer [2025-03-08 05:36:01,644 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2025-03-08 05:36:01,644 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2025-03-08 05:36:01,645 INFO L270 PluginConnector]: Initializing Witness Printer... [2025-03-08 05:36:01,645 INFO L274 PluginConnector]: Witness Printer initialized [2025-03-08 05:36:01,645 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 08.03 05:35:57" (3/4) ... [2025-03-08 05:36:01,646 INFO L146 WitnessPrinter]: Generating witness for correct program [2025-03-08 05:36:01,650 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure outgoing__wrappee__Keys [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure getEmailSignKey [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure outgoing [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure isSigned [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure setClientPrivateKey [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure chuckKeyAdd [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure setEmailTo [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure getEmailTo [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure createClientKeyringEntry [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure generateKeyPair [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure setClientAddressBookSize [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure setClientKeyringUser [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure sendEmail [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure getClientAddressBookSize [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure getClientAddressBookAddress [2025-03-08 05:36:01,651 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure setEmailFrom [2025-03-08 05:36:01,652 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure getEmailFrom [2025-03-08 05:36:01,652 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure setClientAddressBookAddress [2025-03-08 05:36:01,652 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure isReadable [2025-03-08 05:36:01,652 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure setClientKeyringPublicKey [2025-03-08 05:36:01,652 INFO L385 IcfgBacktranslator]: Ignoring RootEdge to procedure setClientId [2025-03-08 05:36:01,665 INFO L919 BoogieBacktranslator]: Reduced CFG by removing 94 nodes and edges [2025-03-08 05:36:01,667 INFO L919 BoogieBacktranslator]: Reduced CFG by removing 49 nodes and edges [2025-03-08 05:36:01,668 INFO L919 BoogieBacktranslator]: Reduced CFG by removing 9 nodes and edges [2025-03-08 05:36:01,669 INFO L919 BoogieBacktranslator]: Reduced CFG by removing 3 nodes and edges [2025-03-08 05:36:01,670 INFO L919 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2025-03-08 05:36:01,671 INFO L919 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2025-03-08 05:36:01,768 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2025-03-08 05:36:01,768 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2025-03-08 05:36:01,768 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2025-03-08 05:36:01,769 INFO L158 Benchmark]: Toolchain (without parser) took 5711.55ms. Allocated memory was 142.6MB in the beginning and 302.0MB in the end (delta: 159.4MB). Free memory was 104.9MB in the beginning and 122.4MB in the end (delta: -17.5MB). Peak memory consumption was 144.8MB. Max. memory is 16.1GB. [2025-03-08 05:36:01,770 INFO L158 Benchmark]: CDTParser took 0.13ms. Allocated memory is still 201.3MB. Free memory is still 127.6MB. There was no memory consumed. Max. memory is 16.1GB. [2025-03-08 05:36:01,770 INFO L158 Benchmark]: CACSL2BoogieTranslator took 633.93ms. Allocated memory is still 142.6MB. Free memory was 104.9MB in the beginning and 67.4MB in the end (delta: 37.5MB). Peak memory consumption was 41.9MB. Max. memory is 16.1GB. [2025-03-08 05:36:01,770 INFO L158 Benchmark]: Boogie Procedure Inliner took 67.52ms. Allocated memory is still 142.6MB. Free memory was 66.4MB in the beginning and 61.1MB in the end (delta: 5.2MB). There was no memory consumed. Max. memory is 16.1GB. [2025-03-08 05:36:01,770 INFO L158 Benchmark]: Boogie Preprocessor took 88.15ms. Allocated memory is still 142.6MB. Free memory was 61.1MB in the beginning and 55.9MB in the end (delta: 5.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2025-03-08 05:36:01,771 INFO L158 Benchmark]: IcfgBuilder took 963.98ms. Allocated memory is still 142.6MB. Free memory was 55.9MB in the beginning and 96.6MB in the end (delta: -40.7MB). Peak memory consumption was 28.6MB. Max. memory is 16.1GB. [2025-03-08 05:36:01,771 INFO L158 Benchmark]: TraceAbstraction took 3828.64ms. Allocated memory was 142.6MB in the beginning and 302.0MB in the end (delta: 159.4MB). Free memory was 96.1MB in the beginning and 139.6MB in the end (delta: -43.5MB). Peak memory consumption was 121.1MB. Max. memory is 16.1GB. [2025-03-08 05:36:01,771 INFO L158 Benchmark]: Witness Printer took 123.93ms. Allocated memory is still 302.0MB. Free memory was 139.6MB in the beginning and 122.4MB in the end (delta: 17.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-08 05:36:01,773 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.13ms. Allocated memory is still 201.3MB. Free memory is still 127.6MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 633.93ms. Allocated memory is still 142.6MB. Free memory was 104.9MB in the beginning and 67.4MB in the end (delta: 37.5MB). Peak memory consumption was 41.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 67.52ms. Allocated memory is still 142.6MB. Free memory was 66.4MB in the beginning and 61.1MB in the end (delta: 5.2MB). There was no memory consumed. Max. memory is 16.1GB. * Boogie Preprocessor took 88.15ms. Allocated memory is still 142.6MB. Free memory was 61.1MB in the beginning and 55.9MB in the end (delta: 5.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * IcfgBuilder took 963.98ms. Allocated memory is still 142.6MB. Free memory was 55.9MB in the beginning and 96.6MB in the end (delta: -40.7MB). Peak memory consumption was 28.6MB. Max. memory is 16.1GB. * TraceAbstraction took 3828.64ms. Allocated memory was 142.6MB in the beginning and 302.0MB in the end (delta: 159.4MB). Free memory was 96.1MB in the beginning and 139.6MB in the end (delta: -43.5MB). Peak memory consumption was 121.1MB. Max. memory is 16.1GB. * Witness Printer took 123.93ms. Allocated memory is still 302.0MB. Free memory was 139.6MB in the beginning and 122.4MB in the end (delta: 17.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 48]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Client.i","") [48] - GenericResultAtLocation [Line: 417]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [417] - GenericResultAtLocation [Line: 455]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [455] - GenericResultAtLocation [Line: 464]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Util.i","") [464] - GenericResultAtLocation [Line: 481]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [481] - GenericResultAtLocation [Line: 710]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"EncryptVerify_spec.i","") [710] - GenericResultAtLocation [Line: 728]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"ClientLib.i","") [728] - GenericResultAtLocation [Line: 1800]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [1800] - GenericResultAtLocation [Line: 2088]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [2088] - GenericResultAtLocation [Line: 2454]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"EmailLib.i","") [2454] - GenericResultAtLocation [Line: 2857]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Email.i","") [2857] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 460]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 22 procedures, 377 locations, 633 edges, 1 error locations. Started 1 CEGAR loops. OverallTime: 3.7s, OverallIterations: 6, TraceHistogramMax: 3, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.0s, AutomataDifference: 0.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 161 SdHoareTripleChecker+Valid, 0.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 140 mSDsluCounter, 11182 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 7777 mSDsCounter, 1 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 137 IncrementalHoareTripleChecker+Invalid, 138 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1 mSolverCounterUnsat, 3405 mSDtfsCounter, 137 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 424 GetRequests, 395 SyntacticMatches, 0 SemanticMatches, 29 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=440occurred in iteration=4, InterpolantAutomatonStates: 26, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.1s AutomataMinimizationTime, 6 MinimizatonAttempts, 8 StatesRemovedByMinimization, 1 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.2s SsaConstructionTime, 0.5s SatisfiabilityAnalysisTime, 1.1s InterpolantComputationTime, 995 NumberOfCodeBlocks, 935 NumberOfCodeBlocksAsserted, 10 NumberOfCheckSat, 985 ConstructedInterpolants, 0 QuantifiedInterpolants, 1076 SizeOfPredicates, 3 NumberOfNonLiveVariables, 4036 ConjunctsInSsa, 19 ConjunctsInUnsatCore, 10 InterpolantComputations, 6 PerfectInterpolantSequences, 274/289 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available, ConComCheckerStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold RESULT: Ultimate proved your program to be correct! [2025-03-08 05:36:01,786 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE