./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/email_spec4_product28_true-unreach-call_true-termination.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 635dfa2a Calling Ultimate with: java -Dosgi.configuration.area=/tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/data/config -Xmx12G -Xms1G -jar /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/data -tc /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/email_spec4_product28_true-unreach-call_true-termination.cil.c -s /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(__VERIFIER_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash c155eed8904feb91bc357673889a45f80c4d03bf ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ Execution finished normally Writing output log to file Ultimate.log Result: TRUE --- Real Ultimate output --- This is Ultimate 0.1.23-635dfa2 [2018-12-02 00:13:43,307 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-12-02 00:13:43,308 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-12-02 00:13:43,314 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-12-02 00:13:43,315 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-12-02 00:13:43,315 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-12-02 00:13:43,316 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-12-02 00:13:43,316 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-12-02 00:13:43,317 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-12-02 00:13:43,318 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-12-02 00:13:43,318 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-12-02 00:13:43,318 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-12-02 00:13:43,319 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-12-02 00:13:43,319 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-12-02 00:13:43,320 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-12-02 00:13:43,320 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-12-02 00:13:43,321 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-12-02 00:13:43,321 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-12-02 00:13:43,322 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-12-02 00:13:43,323 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-12-02 00:13:43,324 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-12-02 00:13:43,324 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-12-02 00:13:43,325 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-12-02 00:13:43,325 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-12-02 00:13:43,326 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-12-02 00:13:43,326 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-12-02 00:13:43,327 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-12-02 00:13:43,327 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-12-02 00:13:43,327 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-12-02 00:13:43,328 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-12-02 00:13:43,328 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-12-02 00:13:43,328 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-12-02 00:13:43,328 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-12-02 00:13:43,328 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-12-02 00:13:43,329 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-12-02 00:13:43,329 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-12-02 00:13:43,329 INFO L98 SettingsManager]: Beginning loading settings from /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/config/svcomp-Reach-32bit-Automizer_Default.epf [2018-12-02 00:13:43,336 INFO L110 SettingsManager]: Loading preferences was successful [2018-12-02 00:13:43,336 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-12-02 00:13:43,337 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-12-02 00:13:43,337 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-12-02 00:13:43,337 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-12-02 00:13:43,337 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * Use SBE=true [2018-12-02 00:13:43,338 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * sizeof long=4 [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * Overapproximate operations on floating types=true [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-12-02 00:13:43,338 INFO L133 SettingsManager]: * sizeof long double=12 [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * Use constant arrays=true [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-12-02 00:13:43,339 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-12-02 00:13:43,339 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-12-02 00:13:43,339 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-12-02 00:13:43,340 INFO L133 SettingsManager]: * Trace refinement strategy=CAMEL [2018-12-02 00:13:43,340 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-12-02 00:13:43,340 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2018-12-02 00:13:43,340 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(__VERIFIER_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> c155eed8904feb91bc357673889a45f80c4d03bf [2018-12-02 00:13:43,357 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-12-02 00:13:43,364 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-12-02 00:13:43,366 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-12-02 00:13:43,366 INFO L271 PluginConnector]: Initializing CDTParser... [2018-12-02 00:13:43,367 INFO L276 PluginConnector]: CDTParser initialized [2018-12-02 00:13:43,367 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/../../sv-benchmarks/c/product-lines/email_spec4_product28_true-unreach-call_true-termination.cil.c [2018-12-02 00:13:43,407 INFO L221 CDTParser]: Created temporary CDT project at /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/data/1fb178cb0/8c851c26891347d992c8a2724d1a70ef/FLAG9ffdcdbc0 [2018-12-02 00:13:43,778 INFO L307 CDTParser]: Found 1 translation units. [2018-12-02 00:13:43,779 INFO L161 CDTParser]: Scanning /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/sv-benchmarks/c/product-lines/email_spec4_product28_true-unreach-call_true-termination.cil.c [2018-12-02 00:13:43,787 INFO L355 CDTParser]: About to delete temporary CDT project at /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/data/1fb178cb0/8c851c26891347d992c8a2724d1a70ef/FLAG9ffdcdbc0 [2018-12-02 00:13:43,795 INFO L363 CDTParser]: Successfully deleted /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/data/1fb178cb0/8c851c26891347d992c8a2724d1a70ef [2018-12-02 00:13:43,797 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-12-02 00:13:43,798 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-12-02 00:13:43,798 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-12-02 00:13:43,798 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-12-02 00:13:43,800 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-12-02 00:13:43,800 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 02.12 12:13:43" (1/1) ... [2018-12-02 00:13:43,802 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6e0d473c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:43, skipping insertion in model container [2018-12-02 00:13:43,802 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 02.12 12:13:43" (1/1) ... [2018-12-02 00:13:43,806 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-12-02 00:13:43,841 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-12-02 00:13:44,201 INFO L203 PostProcessor]: Analyzing one entry point: main [2018-12-02 00:13:44,210 INFO L191 MainTranslator]: Completed pre-run [2018-12-02 00:13:44,283 INFO L203 PostProcessor]: Analyzing one entry point: main [2018-12-02 00:13:44,334 INFO L195 MainTranslator]: Completed translation [2018-12-02 00:13:44,334 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44 WrapperNode [2018-12-02 00:13:44,334 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-12-02 00:13:44,335 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-12-02 00:13:44,335 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-12-02 00:13:44,335 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-12-02 00:13:44,340 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,356 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,362 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-12-02 00:13:44,363 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-12-02 00:13:44,363 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-12-02 00:13:44,363 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-12-02 00:13:44,369 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,369 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,374 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,374 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,387 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,394 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,397 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... [2018-12-02 00:13:44,401 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-12-02 00:13:44,402 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-12-02 00:13:44,402 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-12-02 00:13:44,402 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-12-02 00:13:44,403 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (1/1) ... No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-12-02 00:13:44,436 INFO L130 BoogieDeclarations]: Found specification of procedure get_queued_client [2018-12-02 00:13:44,436 INFO L138 BoogieDeclarations]: Found implementation of procedure get_queued_client [2018-12-02 00:13:44,436 INFO L130 BoogieDeclarations]: Found specification of procedure rjhKeyChange [2018-12-02 00:13:44,436 INFO L138 BoogieDeclarations]: Found implementation of procedure rjhKeyChange [2018-12-02 00:13:44,436 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsSigned [2018-12-02 00:13:44,436 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsSigned [2018-12-02 00:13:44,436 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2018-12-02 00:13:44,436 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2018-12-02 00:13:44,437 INFO L130 BoogieDeclarations]: Found specification of procedure rjhKeyAdd [2018-12-02 00:13:44,437 INFO L138 BoogieDeclarations]: Found implementation of procedure rjhKeyAdd [2018-12-02 00:13:44,437 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-12-02 00:13:44,437 INFO L130 BoogieDeclarations]: Found specification of procedure bobToRjh [2018-12-02 00:13:44,437 INFO L138 BoogieDeclarations]: Found implementation of procedure bobToRjh [2018-12-02 00:13:44,437 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob [2018-12-02 00:13:44,437 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob [2018-12-02 00:13:44,437 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2018-12-02 00:13:44,437 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2018-12-02 00:13:44,437 INFO L130 BoogieDeclarations]: Found specification of procedure select_features [2018-12-02 00:13:44,438 INFO L138 BoogieDeclarations]: Found implementation of procedure select_features [2018-12-02 00:13:44,438 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__wrappee__Base [2018-12-02 00:13:44,438 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__wrappee__Base [2018-12-02 00:13:44,438 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2018-12-02 00:13:44,438 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2018-12-02 00:13:44,438 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Keys [2018-12-02 00:13:44,438 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Keys [2018-12-02 00:13:44,438 INFO L130 BoogieDeclarations]: Found specification of procedure createEmail [2018-12-02 00:13:44,438 INFO L138 BoogieDeclarations]: Found implementation of procedure createEmail [2018-12-02 00:13:44,439 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2018-12-02 00:13:44,439 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2018-12-02 00:13:44,439 INFO L130 BoogieDeclarations]: Found specification of procedure get_queued_email [2018-12-02 00:13:44,439 INFO L138 BoogieDeclarations]: Found implementation of procedure get_queued_email [2018-12-02 00:13:44,439 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__wrappee__Sign [2018-12-02 00:13:44,439 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__wrappee__Sign [2018-12-02 00:13:44,439 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__wrappee__Keys [2018-12-02 00:13:44,439 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__wrappee__Keys [2018-12-02 00:13:44,439 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2018-12-02 00:13:44,439 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2018-12-02 00:13:44,440 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2018-12-02 00:13:44,440 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2018-12-02 00:13:44,440 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__wrappee__Base [2018-12-02 00:13:44,440 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__wrappee__Base [2018-12-02 00:13:44,440 INFO L130 BoogieDeclarations]: Found specification of procedure getClientId [2018-12-02 00:13:44,440 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientId [2018-12-02 00:13:44,440 INFO L130 BoogieDeclarations]: Found specification of procedure deliver [2018-12-02 00:13:44,440 INFO L138 BoogieDeclarations]: Found implementation of procedure deliver [2018-12-02 00:13:44,440 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2018-12-02 00:13:44,440 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2018-12-02 00:13:44,441 INFO L130 BoogieDeclarations]: Found specification of procedure verify [2018-12-02 00:13:44,441 INFO L138 BoogieDeclarations]: Found implementation of procedure verify [2018-12-02 00:13:44,441 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2018-12-02 00:13:44,441 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2018-12-02 00:13:44,441 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__wrappee__Verify [2018-12-02 00:13:44,441 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__wrappee__Verify [2018-12-02 00:13:44,441 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2018-12-02 00:13:44,441 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2018-12-02 00:13:44,441 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2018-12-02 00:13:44,441 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2018-12-02 00:13:44,441 INFO L130 BoogieDeclarations]: Found specification of procedure getClientKeyringSize [2018-12-02 00:13:44,442 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientKeyringSize [2018-12-02 00:13:44,442 INFO L130 BoogieDeclarations]: Found specification of procedure bobKeyAdd [2018-12-02 00:13:44,442 INFO L138 BoogieDeclarations]: Found implementation of procedure bobKeyAdd [2018-12-02 00:13:44,442 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2018-12-02 00:13:44,442 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__wrappee__Base [2018-12-02 00:13:44,442 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__wrappee__Base [2018-12-02 00:13:44,442 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-12-02 00:13:44,442 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-12-02 00:13:44,442 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAddRjh [2018-12-02 00:13:44,442 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAddRjh [2018-12-02 00:13:44,442 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2018-12-02 00:13:44,443 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2018-12-02 00:13:44,443 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringSize [2018-12-02 00:13:44,443 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringSize [2018-12-02 00:13:44,443 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2018-12-02 00:13:44,443 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2018-12-02 00:13:44,443 INFO L130 BoogieDeclarations]: Found specification of procedure bobKeyChange [2018-12-02 00:13:44,443 INFO L138 BoogieDeclarations]: Found implementation of procedure bobKeyChange [2018-12-02 00:13:44,443 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2018-12-02 00:13:44,443 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2018-12-02 00:13:44,443 INFO L130 BoogieDeclarations]: Found specification of procedure mail [2018-12-02 00:13:44,444 INFO L138 BoogieDeclarations]: Found implementation of procedure mail [2018-12-02 00:13:44,444 INFO L130 BoogieDeclarations]: Found specification of procedure valid_product [2018-12-02 00:13:44,444 INFO L138 BoogieDeclarations]: Found implementation of procedure valid_product [2018-12-02 00:13:44,444 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2018-12-02 00:13:44,444 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2018-12-02 00:13:44,444 INFO L130 BoogieDeclarations]: Found specification of procedure sign [2018-12-02 00:13:44,444 INFO L138 BoogieDeclarations]: Found implementation of procedure sign [2018-12-02 00:13:44,444 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-12-02 00:13:44,444 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-12-02 00:13:44,444 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh [2018-12-02 00:13:44,444 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh [2018-12-02 00:13:44,445 INFO L130 BoogieDeclarations]: Found specification of procedure incoming [2018-12-02 00:13:44,445 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming [2018-12-02 00:13:44,445 INFO L130 BoogieDeclarations]: Found specification of procedure rjhDeletePrivateKey [2018-12-02 00:13:44,445 INFO L138 BoogieDeclarations]: Found implementation of procedure rjhDeletePrivateKey [2018-12-02 00:13:44,445 INFO L130 BoogieDeclarations]: Found specification of procedure test [2018-12-02 00:13:44,445 INFO L138 BoogieDeclarations]: Found implementation of procedure test [2018-12-02 00:13:44,445 INFO L130 BoogieDeclarations]: Found specification of procedure getClientKeyringUser [2018-12-02 00:13:44,445 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientKeyringUser [2018-12-02 00:13:44,445 INFO L130 BoogieDeclarations]: Found specification of procedure __utac_acc__SignForward_spec__1 [2018-12-02 00:13:44,445 INFO L138 BoogieDeclarations]: Found implementation of procedure __utac_acc__SignForward_spec__1 [2018-12-02 00:13:44,445 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2018-12-02 00:13:44,446 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2018-12-02 00:13:44,446 INFO L130 BoogieDeclarations]: Found specification of procedure __automaton_fail [2018-12-02 00:13:44,446 INFO L138 BoogieDeclarations]: Found implementation of procedure __automaton_fail [2018-12-02 00:13:44,446 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2018-12-02 00:13:44,446 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2018-12-02 00:13:44,446 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2018-12-02 00:13:44,446 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2018-12-02 00:13:44,446 INFO L130 BoogieDeclarations]: Found specification of procedure select_helpers [2018-12-02 00:13:44,446 INFO L138 BoogieDeclarations]: Found implementation of procedure select_helpers [2018-12-02 00:13:44,446 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck [2018-12-02 00:13:44,447 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck [2018-12-02 00:13:44,447 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2018-12-02 00:13:44,447 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2018-12-02 00:13:44,447 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Encrypt [2018-12-02 00:13:44,447 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Encrypt [2018-12-02 00:13:44,447 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2018-12-02 00:13:44,447 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2018-12-02 00:13:44,447 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2018-12-02 00:13:44,447 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2018-12-02 00:13:44,447 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2018-12-02 00:13:44,447 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2018-12-02 00:13:44,448 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2018-12-02 00:13:44,448 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2018-12-02 00:13:44,448 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsSignatureVerified [2018-12-02 00:13:44,448 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsSignatureVerified [2018-12-02 00:13:44,448 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2018-12-02 00:13:44,448 INFO L130 BoogieDeclarations]: Found specification of procedure is_queue_empty [2018-12-02 00:13:44,448 INFO L138 BoogieDeclarations]: Found implementation of procedure is_queue_empty [2018-12-02 00:13:44,448 INFO L130 BoogieDeclarations]: Found specification of procedure getClientKeyringPublicKey [2018-12-02 00:13:44,448 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientKeyringPublicKey [2018-12-02 00:13:44,448 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailSignKey [2018-12-02 00:13:44,448 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailSignKey [2018-12-02 00:13:44,449 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2018-12-02 00:13:44,449 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2018-12-02 00:13:44,449 INFO L130 BoogieDeclarations]: Found specification of procedure setup [2018-12-02 00:13:44,449 INFO L138 BoogieDeclarations]: Found implementation of procedure setup [2018-12-02 00:13:44,449 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-12-02 00:13:44,449 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-12-02 00:13:45,108 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-12-02 00:13:45,108 INFO L280 CfgBuilder]: Removed 1 assue(true) statements. [2018-12-02 00:13:45,109 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.12 12:13:45 BoogieIcfgContainer [2018-12-02 00:13:45,109 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-12-02 00:13:45,110 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-12-02 00:13:45,110 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-12-02 00:13:45,112 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-12-02 00:13:45,113 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 02.12 12:13:43" (1/3) ... [2018-12-02 00:13:45,113 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@43d13b61 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 02.12 12:13:45, skipping insertion in model container [2018-12-02 00:13:45,113 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.12 12:13:44" (2/3) ... [2018-12-02 00:13:45,114 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@43d13b61 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 02.12 12:13:45, skipping insertion in model container [2018-12-02 00:13:45,114 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.12 12:13:45" (3/3) ... [2018-12-02 00:13:45,115 INFO L112 eAbstractionObserver]: Analyzing ICFG email_spec4_product28_true-unreach-call_true-termination.cil.c [2018-12-02 00:13:45,123 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-12-02 00:13:45,129 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-12-02 00:13:45,139 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-12-02 00:13:45,158 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-12-02 00:13:45,159 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-12-02 00:13:45,159 INFO L383 AbstractCegarLoop]: Hoare is true [2018-12-02 00:13:45,159 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-12-02 00:13:45,159 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-12-02 00:13:45,159 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-12-02 00:13:45,159 INFO L387 AbstractCegarLoop]: Difference is false [2018-12-02 00:13:45,159 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-12-02 00:13:45,159 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-12-02 00:13:45,175 INFO L276 IsEmpty]: Start isEmpty. Operand 469 states. [2018-12-02 00:13:45,185 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 165 [2018-12-02 00:13:45,185 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:45,186 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:45,187 INFO L423 AbstractCegarLoop]: === Iteration 1 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:45,190 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:45,191 INFO L82 PathProgramCache]: Analyzing trace with hash 1048986467, now seen corresponding path program 1 times [2018-12-02 00:13:45,192 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:45,192 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:45,220 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:45,220 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:45,220 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:45,339 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:45,438 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2018-12-02 00:13:45,440 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:13:45,440 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-12-02 00:13:45,442 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-12-02 00:13:45,450 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-12-02 00:13:45,450 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-12-02 00:13:45,451 INFO L87 Difference]: Start difference. First operand 469 states. Second operand 2 states. [2018-12-02 00:13:45,488 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:45,488 INFO L93 Difference]: Finished difference Result 715 states and 948 transitions. [2018-12-02 00:13:45,488 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-12-02 00:13:45,489 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 164 [2018-12-02 00:13:45,489 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:45,499 INFO L225 Difference]: With dead ends: 715 [2018-12-02 00:13:45,499 INFO L226 Difference]: Without dead ends: 458 [2018-12-02 00:13:45,502 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-12-02 00:13:45,512 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 458 states. [2018-12-02 00:13:45,548 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 458 to 458. [2018-12-02 00:13:45,549 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 458 states. [2018-12-02 00:13:45,553 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 458 states to 458 states and 611 transitions. [2018-12-02 00:13:45,554 INFO L78 Accepts]: Start accepts. Automaton has 458 states and 611 transitions. Word has length 164 [2018-12-02 00:13:45,556 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:45,556 INFO L480 AbstractCegarLoop]: Abstraction has 458 states and 611 transitions. [2018-12-02 00:13:45,556 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-12-02 00:13:45,556 INFO L276 IsEmpty]: Start isEmpty. Operand 458 states and 611 transitions. [2018-12-02 00:13:45,559 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 166 [2018-12-02 00:13:45,559 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:45,560 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:45,560 INFO L423 AbstractCegarLoop]: === Iteration 2 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:45,560 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:45,560 INFO L82 PathProgramCache]: Analyzing trace with hash 618517395, now seen corresponding path program 1 times [2018-12-02 00:13:45,560 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:45,560 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:45,561 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:45,561 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:45,561 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:45,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:45,746 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2018-12-02 00:13:45,746 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:13:45,747 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-12-02 00:13:45,748 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-12-02 00:13:45,748 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-12-02 00:13:45,748 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-12-02 00:13:45,749 INFO L87 Difference]: Start difference. First operand 458 states and 611 transitions. Second operand 3 states. [2018-12-02 00:13:45,785 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:45,785 INFO L93 Difference]: Finished difference Result 698 states and 916 transitions. [2018-12-02 00:13:45,785 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-12-02 00:13:45,785 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 165 [2018-12-02 00:13:45,785 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:45,787 INFO L225 Difference]: With dead ends: 698 [2018-12-02 00:13:45,787 INFO L226 Difference]: Without dead ends: 461 [2018-12-02 00:13:45,789 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-12-02 00:13:45,790 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 461 states. [2018-12-02 00:13:45,803 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 461 to 460. [2018-12-02 00:13:45,803 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 460 states. [2018-12-02 00:13:45,804 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 460 states to 460 states and 613 transitions. [2018-12-02 00:13:45,805 INFO L78 Accepts]: Start accepts. Automaton has 460 states and 613 transitions. Word has length 165 [2018-12-02 00:13:45,805 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:45,805 INFO L480 AbstractCegarLoop]: Abstraction has 460 states and 613 transitions. [2018-12-02 00:13:45,805 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-12-02 00:13:45,805 INFO L276 IsEmpty]: Start isEmpty. Operand 460 states and 613 transitions. [2018-12-02 00:13:45,807 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2018-12-02 00:13:45,807 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:45,807 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:45,807 INFO L423 AbstractCegarLoop]: === Iteration 3 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:45,807 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:45,807 INFO L82 PathProgramCache]: Analyzing trace with hash -1922852473, now seen corresponding path program 1 times [2018-12-02 00:13:45,807 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:45,807 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:45,808 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:45,808 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:45,808 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:45,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:45,875 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2018-12-02 00:13:45,875 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:13:45,875 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-12-02 00:13:45,876 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-12-02 00:13:45,876 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-12-02 00:13:45,876 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-12-02 00:13:45,876 INFO L87 Difference]: Start difference. First operand 460 states and 613 transitions. Second operand 3 states. [2018-12-02 00:13:45,905 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:45,905 INFO L93 Difference]: Finished difference Result 894 states and 1221 transitions. [2018-12-02 00:13:45,906 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-12-02 00:13:45,906 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 171 [2018-12-02 00:13:45,906 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:45,909 INFO L225 Difference]: With dead ends: 894 [2018-12-02 00:13:45,909 INFO L226 Difference]: Without dead ends: 499 [2018-12-02 00:13:45,910 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-12-02 00:13:45,911 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 499 states. [2018-12-02 00:13:45,929 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 499 to 498. [2018-12-02 00:13:45,930 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 498 states. [2018-12-02 00:13:45,932 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 498 states to 498 states and 679 transitions. [2018-12-02 00:13:45,933 INFO L78 Accepts]: Start accepts. Automaton has 498 states and 679 transitions. Word has length 171 [2018-12-02 00:13:45,933 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:45,933 INFO L480 AbstractCegarLoop]: Abstraction has 498 states and 679 transitions. [2018-12-02 00:13:45,933 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-12-02 00:13:45,933 INFO L276 IsEmpty]: Start isEmpty. Operand 498 states and 679 transitions. [2018-12-02 00:13:45,936 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 173 [2018-12-02 00:13:45,936 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:45,936 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:45,936 INFO L423 AbstractCegarLoop]: === Iteration 4 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:45,936 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:45,937 INFO L82 PathProgramCache]: Analyzing trace with hash -519889127, now seen corresponding path program 1 times [2018-12-02 00:13:45,937 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:45,937 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:45,937 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:45,938 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:45,938 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:45,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:46,065 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2018-12-02 00:13:46,066 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:13:46,066 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2018-12-02 00:13:46,066 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2018-12-02 00:13:46,066 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2018-12-02 00:13:46,066 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2018-12-02 00:13:46,067 INFO L87 Difference]: Start difference. First operand 498 states and 679 transitions. Second operand 7 states. [2018-12-02 00:13:47,349 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:47,349 INFO L93 Difference]: Finished difference Result 954 states and 1267 transitions. [2018-12-02 00:13:47,349 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-12-02 00:13:47,350 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 172 [2018-12-02 00:13:47,350 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:47,352 INFO L225 Difference]: With dead ends: 954 [2018-12-02 00:13:47,352 INFO L226 Difference]: Without dead ends: 733 [2018-12-02 00:13:47,353 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=43, Invalid=113, Unknown=0, NotChecked=0, Total=156 [2018-12-02 00:13:47,354 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 733 states. [2018-12-02 00:13:47,372 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 733 to 724. [2018-12-02 00:13:47,372 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 724 states. [2018-12-02 00:13:47,374 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 724 states to 724 states and 971 transitions. [2018-12-02 00:13:47,375 INFO L78 Accepts]: Start accepts. Automaton has 724 states and 971 transitions. Word has length 172 [2018-12-02 00:13:47,375 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:47,375 INFO L480 AbstractCegarLoop]: Abstraction has 724 states and 971 transitions. [2018-12-02 00:13:47,375 INFO L481 AbstractCegarLoop]: Interpolant automaton has 7 states. [2018-12-02 00:13:47,375 INFO L276 IsEmpty]: Start isEmpty. Operand 724 states and 971 transitions. [2018-12-02 00:13:47,377 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 174 [2018-12-02 00:13:47,377 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:47,377 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:47,378 INFO L423 AbstractCegarLoop]: === Iteration 5 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:47,378 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:47,378 INFO L82 PathProgramCache]: Analyzing trace with hash 1975092219, now seen corresponding path program 1 times [2018-12-02 00:13:47,378 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:47,378 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:47,379 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:47,379 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:47,379 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:47,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:47,558 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2018-12-02 00:13:47,558 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:13:47,558 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [18] imperfect sequences [] total 18 [2018-12-02 00:13:47,558 INFO L459 AbstractCegarLoop]: Interpolant automaton has 18 states [2018-12-02 00:13:47,559 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 18 interpolants. [2018-12-02 00:13:47,559 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=273, Unknown=0, NotChecked=0, Total=306 [2018-12-02 00:13:47,559 INFO L87 Difference]: Start difference. First operand 724 states and 971 transitions. Second operand 18 states. [2018-12-02 00:13:47,841 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:47,841 INFO L93 Difference]: Finished difference Result 1249 states and 1659 transitions. [2018-12-02 00:13:47,842 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2018-12-02 00:13:47,842 INFO L78 Accepts]: Start accepts. Automaton has 18 states. Word has length 173 [2018-12-02 00:13:47,843 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:47,845 INFO L225 Difference]: With dead ends: 1249 [2018-12-02 00:13:47,845 INFO L226 Difference]: Without dead ends: 774 [2018-12-02 00:13:47,847 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 25 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 23 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=61, Invalid=539, Unknown=0, NotChecked=0, Total=600 [2018-12-02 00:13:47,848 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 774 states. [2018-12-02 00:13:47,867 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 774 to 770. [2018-12-02 00:13:47,868 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 770 states. [2018-12-02 00:13:47,870 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 770 states to 770 states and 1034 transitions. [2018-12-02 00:13:47,870 INFO L78 Accepts]: Start accepts. Automaton has 770 states and 1034 transitions. Word has length 173 [2018-12-02 00:13:47,871 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:47,871 INFO L480 AbstractCegarLoop]: Abstraction has 770 states and 1034 transitions. [2018-12-02 00:13:47,871 INFO L481 AbstractCegarLoop]: Interpolant automaton has 18 states. [2018-12-02 00:13:47,871 INFO L276 IsEmpty]: Start isEmpty. Operand 770 states and 1034 transitions. [2018-12-02 00:13:47,873 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 183 [2018-12-02 00:13:47,873 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:47,873 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:47,873 INFO L423 AbstractCegarLoop]: === Iteration 6 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:47,873 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:47,873 INFO L82 PathProgramCache]: Analyzing trace with hash -148397632, now seen corresponding path program 1 times [2018-12-02 00:13:47,874 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:47,874 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:47,874 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:47,874 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:47,874 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:47,903 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:47,985 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2018-12-02 00:13:47,986 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:13:47,986 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2018-12-02 00:13:47,986 INFO L459 AbstractCegarLoop]: Interpolant automaton has 8 states [2018-12-02 00:13:47,986 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2018-12-02 00:13:47,986 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2018-12-02 00:13:47,987 INFO L87 Difference]: Start difference. First operand 770 states and 1034 transitions. Second operand 8 states. [2018-12-02 00:13:48,333 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:48,333 INFO L93 Difference]: Finished difference Result 1455 states and 1940 transitions. [2018-12-02 00:13:48,334 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2018-12-02 00:13:48,334 INFO L78 Accepts]: Start accepts. Automaton has 8 states. Word has length 182 [2018-12-02 00:13:48,334 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:48,340 INFO L225 Difference]: With dead ends: 1455 [2018-12-02 00:13:48,340 INFO L226 Difference]: Without dead ends: 1296 [2018-12-02 00:13:48,341 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 2 SyntacticMatches, 1 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=33, Invalid=123, Unknown=0, NotChecked=0, Total=156 [2018-12-02 00:13:48,343 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1296 states. [2018-12-02 00:13:48,387 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1296 to 1283. [2018-12-02 00:13:48,387 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 1283 states. [2018-12-02 00:13:48,391 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1283 states to 1283 states and 1714 transitions. [2018-12-02 00:13:48,391 INFO L78 Accepts]: Start accepts. Automaton has 1283 states and 1714 transitions. Word has length 182 [2018-12-02 00:13:48,392 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:48,392 INFO L480 AbstractCegarLoop]: Abstraction has 1283 states and 1714 transitions. [2018-12-02 00:13:48,392 INFO L481 AbstractCegarLoop]: Interpolant automaton has 8 states. [2018-12-02 00:13:48,392 INFO L276 IsEmpty]: Start isEmpty. Operand 1283 states and 1714 transitions. [2018-12-02 00:13:48,394 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 184 [2018-12-02 00:13:48,395 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:48,395 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:48,395 INFO L423 AbstractCegarLoop]: === Iteration 7 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:48,395 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:48,395 INFO L82 PathProgramCache]: Analyzing trace with hash -116097865, now seen corresponding path program 1 times [2018-12-02 00:13:48,395 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:48,396 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:48,396 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:48,396 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:48,396 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:48,420 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:48,595 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2018-12-02 00:13:48,595 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:13:48,595 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [17] imperfect sequences [] total 17 [2018-12-02 00:13:48,595 INFO L459 AbstractCegarLoop]: Interpolant automaton has 17 states [2018-12-02 00:13:48,595 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 17 interpolants. [2018-12-02 00:13:48,595 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=31, Invalid=241, Unknown=0, NotChecked=0, Total=272 [2018-12-02 00:13:48,596 INFO L87 Difference]: Start difference. First operand 1283 states and 1714 transitions. Second operand 17 states. [2018-12-02 00:13:48,986 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:48,986 INFO L93 Difference]: Finished difference Result 1748 states and 2313 transitions. [2018-12-02 00:13:48,986 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2018-12-02 00:13:48,986 INFO L78 Accepts]: Start accepts. Automaton has 17 states. Word has length 183 [2018-12-02 00:13:48,987 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:48,991 INFO L225 Difference]: With dead ends: 1748 [2018-12-02 00:13:48,992 INFO L226 Difference]: Without dead ends: 1282 [2018-12-02 00:13:48,993 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 32 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 29 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 84 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=101, Invalid=829, Unknown=0, NotChecked=0, Total=930 [2018-12-02 00:13:48,995 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1282 states. [2018-12-02 00:13:49,032 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1282 to 1281. [2018-12-02 00:13:49,032 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 1281 states. [2018-12-02 00:13:49,035 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1281 states to 1281 states and 1709 transitions. [2018-12-02 00:13:49,035 INFO L78 Accepts]: Start accepts. Automaton has 1281 states and 1709 transitions. Word has length 183 [2018-12-02 00:13:49,035 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:49,035 INFO L480 AbstractCegarLoop]: Abstraction has 1281 states and 1709 transitions. [2018-12-02 00:13:49,035 INFO L481 AbstractCegarLoop]: Interpolant automaton has 17 states. [2018-12-02 00:13:49,036 INFO L276 IsEmpty]: Start isEmpty. Operand 1281 states and 1709 transitions. [2018-12-02 00:13:49,037 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 184 [2018-12-02 00:13:49,037 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:49,037 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:49,038 INFO L423 AbstractCegarLoop]: === Iteration 8 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:49,038 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:49,038 INFO L82 PathProgramCache]: Analyzing trace with hash -1461413315, now seen corresponding path program 2 times [2018-12-02 00:13:49,038 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:49,038 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:49,038 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:49,038 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:49,038 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:49,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:49,146 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2018-12-02 00:13:49,147 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-12-02 00:13:49,147 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/z3 Starting monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-12-02 00:13:49,154 INFO L103 rtionOrderModulation]: Keeping assertion order OUTSIDE_LOOP_FIRST1 [2018-12-02 00:13:49,324 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2018-12-02 00:13:49,325 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-12-02 00:13:49,341 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-12-02 00:13:49,467 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 8 proven. 0 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2018-12-02 00:13:49,494 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-12-02 00:13:49,494 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [8] imperfect sequences [11] total 17 [2018-12-02 00:13:49,495 INFO L459 AbstractCegarLoop]: Interpolant automaton has 17 states [2018-12-02 00:13:49,495 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 17 interpolants. [2018-12-02 00:13:49,495 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=32, Invalid=240, Unknown=0, NotChecked=0, Total=272 [2018-12-02 00:13:49,495 INFO L87 Difference]: Start difference. First operand 1281 states and 1709 transitions. Second operand 17 states. [2018-12-02 00:13:50,435 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:50,435 INFO L93 Difference]: Finished difference Result 2876 states and 3849 transitions. [2018-12-02 00:13:50,436 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2018-12-02 00:13:50,436 INFO L78 Accepts]: Start accepts. Automaton has 17 states. Word has length 183 [2018-12-02 00:13:50,436 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:50,441 INFO L225 Difference]: With dead ends: 2876 [2018-12-02 00:13:50,441 INFO L226 Difference]: Without dead ends: 2190 [2018-12-02 00:13:50,444 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 224 GetRequests, 184 SyntacticMatches, 0 SemanticMatches, 40 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 289 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=199, Invalid=1523, Unknown=0, NotChecked=0, Total=1722 [2018-12-02 00:13:50,445 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2190 states. [2018-12-02 00:13:50,497 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2190 to 2171. [2018-12-02 00:13:50,498 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2171 states. [2018-12-02 00:13:50,504 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2171 states to 2171 states and 2926 transitions. [2018-12-02 00:13:50,504 INFO L78 Accepts]: Start accepts. Automaton has 2171 states and 2926 transitions. Word has length 183 [2018-12-02 00:13:50,504 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:50,504 INFO L480 AbstractCegarLoop]: Abstraction has 2171 states and 2926 transitions. [2018-12-02 00:13:50,505 INFO L481 AbstractCegarLoop]: Interpolant automaton has 17 states. [2018-12-02 00:13:50,505 INFO L276 IsEmpty]: Start isEmpty. Operand 2171 states and 2926 transitions. [2018-12-02 00:13:50,510 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 304 [2018-12-02 00:13:50,510 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:50,510 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:50,510 INFO L423 AbstractCegarLoop]: === Iteration 9 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:50,511 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:50,511 INFO L82 PathProgramCache]: Analyzing trace with hash -1371233659, now seen corresponding path program 1 times [2018-12-02 00:13:50,511 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:50,511 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:50,511 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:50,511 INFO L101 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2018-12-02 00:13:50,512 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:50,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:50,759 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 24 proven. 14 refuted. 0 times theorem prover too weak. 77 trivial. 0 not checked. [2018-12-02 00:13:50,760 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-12-02 00:13:50,760 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/z3 Starting monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-12-02 00:13:50,766 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:50,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:51,000 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-12-02 00:13:51,178 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 24 proven. 0 refuted. 0 times theorem prover too weak. 91 trivial. 0 not checked. [2018-12-02 00:13:51,198 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-12-02 00:13:51,199 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [9] imperfect sequences [21] total 28 [2018-12-02 00:13:51,199 INFO L459 AbstractCegarLoop]: Interpolant automaton has 28 states [2018-12-02 00:13:51,200 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 28 interpolants. [2018-12-02 00:13:51,200 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=64, Invalid=692, Unknown=0, NotChecked=0, Total=756 [2018-12-02 00:13:51,200 INFO L87 Difference]: Start difference. First operand 2171 states and 2926 transitions. Second operand 28 states. [2018-12-02 00:13:56,984 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:56,984 INFO L93 Difference]: Finished difference Result 14056 states and 19127 transitions. [2018-12-02 00:13:56,985 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 91 states. [2018-12-02 00:13:56,985 INFO L78 Accepts]: Start accepts. Automaton has 28 states. Word has length 303 [2018-12-02 00:13:56,985 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:57,016 INFO L225 Difference]: With dead ends: 14056 [2018-12-02 00:13:57,016 INFO L226 Difference]: Without dead ends: 11873 [2018-12-02 00:13:57,024 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 440 GetRequests, 325 SyntacticMatches, 1 SemanticMatches, 114 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3881 ImplicationChecksByTransitivity, 1.3s TimeCoverageRelationStatistics Valid=938, Invalid=12402, Unknown=0, NotChecked=0, Total=13340 [2018-12-02 00:13:57,032 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 11873 states. [2018-12-02 00:13:57,311 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 11873 to 10523. [2018-12-02 00:13:57,311 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10523 states. [2018-12-02 00:13:57,329 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10523 states to 10523 states and 14202 transitions. [2018-12-02 00:13:57,330 INFO L78 Accepts]: Start accepts. Automaton has 10523 states and 14202 transitions. Word has length 303 [2018-12-02 00:13:57,330 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:57,330 INFO L480 AbstractCegarLoop]: Abstraction has 10523 states and 14202 transitions. [2018-12-02 00:13:57,330 INFO L481 AbstractCegarLoop]: Interpolant automaton has 28 states. [2018-12-02 00:13:57,330 INFO L276 IsEmpty]: Start isEmpty. Operand 10523 states and 14202 transitions. [2018-12-02 00:13:57,351 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 309 [2018-12-02 00:13:57,351 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:57,351 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:57,351 INFO L423 AbstractCegarLoop]: === Iteration 10 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:57,351 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:57,351 INFO L82 PathProgramCache]: Analyzing trace with hash 1163190048, now seen corresponding path program 1 times [2018-12-02 00:13:57,352 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:57,352 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:57,352 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:57,352 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:57,352 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:57,404 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:57,465 INFO L134 CoverageAnalysis]: Checked inductivity of 116 backedges. 21 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2018-12-02 00:13:57,465 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:13:57,465 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2018-12-02 00:13:57,466 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2018-12-02 00:13:57,466 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2018-12-02 00:13:57,466 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2018-12-02 00:13:57,466 INFO L87 Difference]: Start difference. First operand 10523 states and 14202 transitions. Second operand 5 states. [2018-12-02 00:13:57,638 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:57,638 INFO L93 Difference]: Finished difference Result 17464 states and 23408 transitions. [2018-12-02 00:13:57,639 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2018-12-02 00:13:57,639 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 308 [2018-12-02 00:13:57,639 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:57,665 INFO L225 Difference]: With dead ends: 17464 [2018-12-02 00:13:57,665 INFO L226 Difference]: Without dead ends: 10417 [2018-12-02 00:13:57,677 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2018-12-02 00:13:57,684 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 10417 states. [2018-12-02 00:13:57,904 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 10417 to 10413. [2018-12-02 00:13:57,904 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10413 states. [2018-12-02 00:13:57,919 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10413 states to 10413 states and 14012 transitions. [2018-12-02 00:13:57,921 INFO L78 Accepts]: Start accepts. Automaton has 10413 states and 14012 transitions. Word has length 308 [2018-12-02 00:13:57,921 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:57,921 INFO L480 AbstractCegarLoop]: Abstraction has 10413 states and 14012 transitions. [2018-12-02 00:13:57,921 INFO L481 AbstractCegarLoop]: Interpolant automaton has 5 states. [2018-12-02 00:13:57,921 INFO L276 IsEmpty]: Start isEmpty. Operand 10413 states and 14012 transitions. [2018-12-02 00:13:57,938 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 307 [2018-12-02 00:13:57,938 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:57,938 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:57,938 INFO L423 AbstractCegarLoop]: === Iteration 11 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:57,938 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:57,939 INFO L82 PathProgramCache]: Analyzing trace with hash -680201044, now seen corresponding path program 1 times [2018-12-02 00:13:57,939 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:57,939 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:57,939 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:57,939 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:57,939 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:57,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:58,089 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 21 proven. 3 refuted. 0 times theorem prover too weak. 90 trivial. 0 not checked. [2018-12-02 00:13:58,089 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-12-02 00:13:58,089 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/z3 Starting monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-12-02 00:13:58,097 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:58,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:58,360 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-12-02 00:13:58,443 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 24 proven. 0 refuted. 0 times theorem prover too weak. 90 trivial. 0 not checked. [2018-12-02 00:13:58,459 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-12-02 00:13:58,459 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [7] imperfect sequences [11] total 16 [2018-12-02 00:13:58,459 INFO L459 AbstractCegarLoop]: Interpolant automaton has 16 states [2018-12-02 00:13:58,460 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2018-12-02 00:13:58,460 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=207, Unknown=0, NotChecked=0, Total=240 [2018-12-02 00:13:58,460 INFO L87 Difference]: Start difference. First operand 10413 states and 14012 transitions. Second operand 16 states. [2018-12-02 00:13:59,445 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:13:59,445 INFO L93 Difference]: Finished difference Result 21335 states and 28794 transitions. [2018-12-02 00:13:59,446 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2018-12-02 00:13:59,446 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 306 [2018-12-02 00:13:59,446 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:13:59,473 INFO L225 Difference]: With dead ends: 21335 [2018-12-02 00:13:59,473 INFO L226 Difference]: Without dead ends: 10769 [2018-12-02 00:13:59,492 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 333 GetRequests, 306 SyntacticMatches, 0 SemanticMatches, 27 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 60 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=121, Invalid=691, Unknown=0, NotChecked=0, Total=812 [2018-12-02 00:13:59,499 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 10769 states. [2018-12-02 00:13:59,733 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 10769 to 10477. [2018-12-02 00:13:59,733 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10477 states. [2018-12-02 00:13:59,747 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10477 states to 10477 states and 14091 transitions. [2018-12-02 00:13:59,749 INFO L78 Accepts]: Start accepts. Automaton has 10477 states and 14091 transitions. Word has length 306 [2018-12-02 00:13:59,749 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:13:59,749 INFO L480 AbstractCegarLoop]: Abstraction has 10477 states and 14091 transitions. [2018-12-02 00:13:59,749 INFO L481 AbstractCegarLoop]: Interpolant automaton has 16 states. [2018-12-02 00:13:59,749 INFO L276 IsEmpty]: Start isEmpty. Operand 10477 states and 14091 transitions. [2018-12-02 00:13:59,765 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 308 [2018-12-02 00:13:59,765 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:13:59,766 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:13:59,766 INFO L423 AbstractCegarLoop]: === Iteration 12 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:13:59,766 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:13:59,766 INFO L82 PathProgramCache]: Analyzing trace with hash -832784631, now seen corresponding path program 1 times [2018-12-02 00:13:59,766 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:13:59,766 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:13:59,766 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:59,767 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:13:59,767 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:13:59,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:13:59,910 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 21 proven. 2 refuted. 0 times theorem prover too weak. 92 trivial. 0 not checked. [2018-12-02 00:13:59,910 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-12-02 00:13:59,910 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/z3 Starting monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-12-02 00:13:59,917 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:00,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:00,137 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-12-02 00:14:00,232 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 16 proven. 0 refuted. 0 times theorem prover too weak. 99 trivial. 0 not checked. [2018-12-02 00:14:00,257 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-12-02 00:14:00,257 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [9] imperfect sequences [5] total 12 [2018-12-02 00:14:00,257 INFO L459 AbstractCegarLoop]: Interpolant automaton has 12 states [2018-12-02 00:14:00,257 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2018-12-02 00:14:00,258 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=105, Unknown=0, NotChecked=0, Total=132 [2018-12-02 00:14:00,258 INFO L87 Difference]: Start difference. First operand 10477 states and 14091 transitions. Second operand 12 states. [2018-12-02 00:14:02,261 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:14:02,261 INFO L93 Difference]: Finished difference Result 34305 states and 46379 transitions. [2018-12-02 00:14:02,262 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2018-12-02 00:14:02,262 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 307 [2018-12-02 00:14:02,262 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:14:02,305 INFO L225 Difference]: With dead ends: 34305 [2018-12-02 00:14:02,305 INFO L226 Difference]: Without dead ends: 23857 [2018-12-02 00:14:02,320 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 330 GetRequests, 308 SyntacticMatches, 1 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 44 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=95, Invalid=411, Unknown=0, NotChecked=0, Total=506 [2018-12-02 00:14:02,335 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 23857 states. [2018-12-02 00:14:02,821 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 23857 to 21252. [2018-12-02 00:14:02,821 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 21252 states. [2018-12-02 00:14:02,849 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 21252 states to 21252 states and 28656 transitions. [2018-12-02 00:14:02,851 INFO L78 Accepts]: Start accepts. Automaton has 21252 states and 28656 transitions. Word has length 307 [2018-12-02 00:14:02,851 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:14:02,852 INFO L480 AbstractCegarLoop]: Abstraction has 21252 states and 28656 transitions. [2018-12-02 00:14:02,852 INFO L481 AbstractCegarLoop]: Interpolant automaton has 12 states. [2018-12-02 00:14:02,852 INFO L276 IsEmpty]: Start isEmpty. Operand 21252 states and 28656 transitions. [2018-12-02 00:14:02,874 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 310 [2018-12-02 00:14:02,874 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:14:02,874 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:14:02,874 INFO L423 AbstractCegarLoop]: === Iteration 13 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:14:02,874 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:14:02,875 INFO L82 PathProgramCache]: Analyzing trace with hash 1189369598, now seen corresponding path program 1 times [2018-12-02 00:14:02,875 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:14:02,875 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:14:02,875 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:02,875 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:02,875 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:02,894 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:03,033 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 24 proven. 3 refuted. 0 times theorem prover too weak. 91 trivial. 0 not checked. [2018-12-02 00:14:03,034 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-12-02 00:14:03,034 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/z3 Starting monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-12-02 00:14:03,082 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:03,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:03,325 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-12-02 00:14:03,447 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 17 proven. 0 refuted. 0 times theorem prover too weak. 101 trivial. 0 not checked. [2018-12-02 00:14:03,464 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-12-02 00:14:03,464 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [9] imperfect sequences [16] total 23 [2018-12-02 00:14:03,464 INFO L459 AbstractCegarLoop]: Interpolant automaton has 23 states [2018-12-02 00:14:03,465 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 23 interpolants. [2018-12-02 00:14:03,465 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=49, Invalid=457, Unknown=0, NotChecked=0, Total=506 [2018-12-02 00:14:03,465 INFO L87 Difference]: Start difference. First operand 21252 states and 28656 transitions. Second operand 23 states. [2018-12-02 00:14:04,933 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:14:04,934 INFO L93 Difference]: Finished difference Result 44585 states and 60633 transitions. [2018-12-02 00:14:04,934 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2018-12-02 00:14:04,934 INFO L78 Accepts]: Start accepts. Automaton has 23 states. Word has length 309 [2018-12-02 00:14:04,934 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:14:04,977 INFO L225 Difference]: With dead ends: 44585 [2018-12-02 00:14:04,978 INFO L226 Difference]: Without dead ends: 22100 [2018-12-02 00:14:05,007 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 345 GetRequests, 304 SyntacticMatches, 0 SemanticMatches, 41 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 184 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=147, Invalid=1659, Unknown=0, NotChecked=0, Total=1806 [2018-12-02 00:14:05,020 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 22100 states. [2018-12-02 00:14:05,571 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 22100 to 20910. [2018-12-02 00:14:05,571 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20910 states. [2018-12-02 00:14:05,597 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20910 states to 20910 states and 27932 transitions. [2018-12-02 00:14:05,599 INFO L78 Accepts]: Start accepts. Automaton has 20910 states and 27932 transitions. Word has length 309 [2018-12-02 00:14:05,600 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:14:05,600 INFO L480 AbstractCegarLoop]: Abstraction has 20910 states and 27932 transitions. [2018-12-02 00:14:05,600 INFO L481 AbstractCegarLoop]: Interpolant automaton has 23 states. [2018-12-02 00:14:05,600 INFO L276 IsEmpty]: Start isEmpty. Operand 20910 states and 27932 transitions. [2018-12-02 00:14:05,619 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 310 [2018-12-02 00:14:05,619 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:14:05,619 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:14:05,619 INFO L423 AbstractCegarLoop]: === Iteration 14 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:14:05,619 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:14:05,619 INFO L82 PathProgramCache]: Analyzing trace with hash 806266354, now seen corresponding path program 1 times [2018-12-02 00:14:05,619 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:14:05,619 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:14:05,620 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:05,620 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:05,620 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:05,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:05,725 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 21 proven. 0 refuted. 0 times theorem prover too weak. 97 trivial. 0 not checked. [2018-12-02 00:14:05,725 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:14:05,725 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2018-12-02 00:14:05,726 INFO L459 AbstractCegarLoop]: Interpolant automaton has 9 states [2018-12-02 00:14:05,726 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2018-12-02 00:14:05,726 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2018-12-02 00:14:05,726 INFO L87 Difference]: Start difference. First operand 20910 states and 27932 transitions. Second operand 9 states. [2018-12-02 00:14:08,452 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:14:08,452 INFO L93 Difference]: Finished difference Result 75234 states and 100653 transitions. [2018-12-02 00:14:08,453 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2018-12-02 00:14:08,453 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 309 [2018-12-02 00:14:08,453 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:14:08,569 INFO L225 Difference]: With dead ends: 75234 [2018-12-02 00:14:08,569 INFO L226 Difference]: Without dead ends: 59222 [2018-12-02 00:14:08,599 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 29 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=65, Invalid=241, Unknown=0, NotChecked=0, Total=306 [2018-12-02 00:14:08,636 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 59222 states. [2018-12-02 00:14:10,026 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 59222 to 54036. [2018-12-02 00:14:10,026 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 54036 states. [2018-12-02 00:14:10,111 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 54036 states to 54036 states and 72918 transitions. [2018-12-02 00:14:10,114 INFO L78 Accepts]: Start accepts. Automaton has 54036 states and 72918 transitions. Word has length 309 [2018-12-02 00:14:10,115 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:14:10,115 INFO L480 AbstractCegarLoop]: Abstraction has 54036 states and 72918 transitions. [2018-12-02 00:14:10,115 INFO L481 AbstractCegarLoop]: Interpolant automaton has 9 states. [2018-12-02 00:14:10,115 INFO L276 IsEmpty]: Start isEmpty. Operand 54036 states and 72918 transitions. [2018-12-02 00:14:10,171 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 311 [2018-12-02 00:14:10,171 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:14:10,171 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:14:10,171 INFO L423 AbstractCegarLoop]: === Iteration 15 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:14:10,171 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:14:10,172 INFO L82 PathProgramCache]: Analyzing trace with hash 32074766, now seen corresponding path program 1 times [2018-12-02 00:14:10,172 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:14:10,172 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:14:10,172 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:10,172 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:10,172 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:10,194 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:10,481 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 21 proven. 0 refuted. 0 times theorem prover too weak. 97 trivial. 0 not checked. [2018-12-02 00:14:10,481 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:14:10,481 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [24] imperfect sequences [] total 24 [2018-12-02 00:14:10,481 INFO L459 AbstractCegarLoop]: Interpolant automaton has 24 states [2018-12-02 00:14:10,481 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 24 interpolants. [2018-12-02 00:14:10,481 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=45, Invalid=507, Unknown=0, NotChecked=0, Total=552 [2018-12-02 00:14:10,482 INFO L87 Difference]: Start difference. First operand 54036 states and 72918 transitions. Second operand 24 states. [2018-12-02 00:14:11,957 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:14:11,957 INFO L93 Difference]: Finished difference Result 95438 states and 129027 transitions. [2018-12-02 00:14:11,957 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2018-12-02 00:14:11,957 INFO L78 Accepts]: Start accepts. Automaton has 24 states. Word has length 310 [2018-12-02 00:14:11,958 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:14:12,043 INFO L225 Difference]: With dead ends: 95438 [2018-12-02 00:14:12,043 INFO L226 Difference]: Without dead ends: 42748 [2018-12-02 00:14:12,104 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 34 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 32 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=85, Invalid=1037, Unknown=0, NotChecked=0, Total=1122 [2018-12-02 00:14:12,132 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42748 states. [2018-12-02 00:14:13,340 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42748 to 41817. [2018-12-02 00:14:13,341 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 41817 states. [2018-12-02 00:14:13,399 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 41817 states to 41817 states and 56065 transitions. [2018-12-02 00:14:13,405 INFO L78 Accepts]: Start accepts. Automaton has 41817 states and 56065 transitions. Word has length 310 [2018-12-02 00:14:13,405 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:14:13,405 INFO L480 AbstractCegarLoop]: Abstraction has 41817 states and 56065 transitions. [2018-12-02 00:14:13,405 INFO L481 AbstractCegarLoop]: Interpolant automaton has 24 states. [2018-12-02 00:14:13,405 INFO L276 IsEmpty]: Start isEmpty. Operand 41817 states and 56065 transitions. [2018-12-02 00:14:13,447 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 325 [2018-12-02 00:14:13,447 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:14:13,447 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:14:13,447 INFO L423 AbstractCegarLoop]: === Iteration 16 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:14:13,447 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:14:13,447 INFO L82 PathProgramCache]: Analyzing trace with hash -2095017338, now seen corresponding path program 1 times [2018-12-02 00:14:13,447 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:14:13,447 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:14:13,448 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:13,448 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:13,448 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:13,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:13,529 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 20 proven. 2 refuted. 0 times theorem prover too weak. 96 trivial. 0 not checked. [2018-12-02 00:14:13,529 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-12-02 00:14:13,529 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/z3 Starting monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-12-02 00:14:13,536 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:13,721 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:13,730 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-12-02 00:14:13,791 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 17 proven. 0 refuted. 0 times theorem prover too weak. 101 trivial. 0 not checked. [2018-12-02 00:14:13,807 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-12-02 00:14:13,807 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [7] imperfect sequences [5] total 10 [2018-12-02 00:14:13,808 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2018-12-02 00:14:13,808 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2018-12-02 00:14:13,808 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=69, Unknown=0, NotChecked=0, Total=90 [2018-12-02 00:14:13,808 INFO L87 Difference]: Start difference. First operand 41817 states and 56065 transitions. Second operand 10 states. [2018-12-02 00:14:14,852 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:14:14,853 INFO L93 Difference]: Finished difference Result 63053 states and 84407 transitions. [2018-12-02 00:14:14,853 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-12-02 00:14:14,853 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 324 [2018-12-02 00:14:14,854 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:14:14,891 INFO L225 Difference]: With dead ends: 63053 [2018-12-02 00:14:14,892 INFO L226 Difference]: Without dead ends: 21301 [2018-12-02 00:14:14,933 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 334 GetRequests, 321 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=43, Invalid=167, Unknown=0, NotChecked=0, Total=210 [2018-12-02 00:14:14,947 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 21301 states. [2018-12-02 00:14:15,489 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 21301 to 20670. [2018-12-02 00:14:15,489 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20670 states. [2018-12-02 00:14:15,515 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20670 states to 20670 states and 27385 transitions. [2018-12-02 00:14:15,519 INFO L78 Accepts]: Start accepts. Automaton has 20670 states and 27385 transitions. Word has length 324 [2018-12-02 00:14:15,520 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:14:15,520 INFO L480 AbstractCegarLoop]: Abstraction has 20670 states and 27385 transitions. [2018-12-02 00:14:15,520 INFO L481 AbstractCegarLoop]: Interpolant automaton has 10 states. [2018-12-02 00:14:15,520 INFO L276 IsEmpty]: Start isEmpty. Operand 20670 states and 27385 transitions. [2018-12-02 00:14:15,536 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 315 [2018-12-02 00:14:15,536 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:14:15,537 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:14:15,537 INFO L423 AbstractCegarLoop]: === Iteration 17 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:14:15,537 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:14:15,537 INFO L82 PathProgramCache]: Analyzing trace with hash 1000795676, now seen corresponding path program 1 times [2018-12-02 00:14:15,537 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:14:15,537 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:14:15,537 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:15,537 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:15,538 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:15,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:15,645 INFO L134 CoverageAnalysis]: Checked inductivity of 117 backedges. 21 proven. 0 refuted. 0 times theorem prover too weak. 96 trivial. 0 not checked. [2018-12-02 00:14:15,645 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:14:15,645 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2018-12-02 00:14:15,646 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2018-12-02 00:14:15,646 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2018-12-02 00:14:15,646 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2018-12-02 00:14:15,646 INFO L87 Difference]: Start difference. First operand 20670 states and 27385 transitions. Second operand 10 states. [2018-12-02 00:14:16,063 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:14:16,063 INFO L93 Difference]: Finished difference Result 28259 states and 37093 transitions. [2018-12-02 00:14:16,063 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-12-02 00:14:16,063 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 314 [2018-12-02 00:14:16,063 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:14:16,096 INFO L225 Difference]: With dead ends: 28259 [2018-12-02 00:14:16,096 INFO L226 Difference]: Without dead ends: 20670 [2018-12-02 00:14:16,108 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2018-12-02 00:14:16,121 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 20670 states. [2018-12-02 00:14:16,664 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 20670 to 20640. [2018-12-02 00:14:16,664 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20640 states. [2018-12-02 00:14:16,690 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20640 states to 20640 states and 27318 transitions. [2018-12-02 00:14:16,691 INFO L78 Accepts]: Start accepts. Automaton has 20640 states and 27318 transitions. Word has length 314 [2018-12-02 00:14:16,691 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:14:16,691 INFO L480 AbstractCegarLoop]: Abstraction has 20640 states and 27318 transitions. [2018-12-02 00:14:16,692 INFO L481 AbstractCegarLoop]: Interpolant automaton has 10 states. [2018-12-02 00:14:16,692 INFO L276 IsEmpty]: Start isEmpty. Operand 20640 states and 27318 transitions. [2018-12-02 00:14:16,708 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 321 [2018-12-02 00:14:16,708 INFO L394 BasicCegarLoop]: Found error trace [2018-12-02 00:14:16,708 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-12-02 00:14:16,708 INFO L423 AbstractCegarLoop]: === Iteration 18 === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-12-02 00:14:16,708 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-12-02 00:14:16,708 INFO L82 PathProgramCache]: Analyzing trace with hash 987997246, now seen corresponding path program 1 times [2018-12-02 00:14:16,708 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-12-02 00:14:16,709 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-12-02 00:14:16,709 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:16,709 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-02 00:14:16,709 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-02 00:14:16,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-02 00:14:16,806 INFO L134 CoverageAnalysis]: Checked inductivity of 124 backedges. 21 proven. 0 refuted. 0 times theorem prover too weak. 103 trivial. 0 not checked. [2018-12-02 00:14:16,806 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-02 00:14:16,806 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2018-12-02 00:14:16,806 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2018-12-02 00:14:16,806 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2018-12-02 00:14:16,806 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2018-12-02 00:14:16,807 INFO L87 Difference]: Start difference. First operand 20640 states and 27318 transitions. Second operand 10 states. [2018-12-02 00:14:17,383 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-02 00:14:17,383 INFO L93 Difference]: Finished difference Result 23304 states and 30414 transitions. [2018-12-02 00:14:17,384 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2018-12-02 00:14:17,384 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 320 [2018-12-02 00:14:17,384 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-02 00:14:17,385 INFO L225 Difference]: With dead ends: 23304 [2018-12-02 00:14:17,386 INFO L226 Difference]: Without dead ends: 0 [2018-12-02 00:14:17,405 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=48, Invalid=192, Unknown=0, NotChecked=0, Total=240 [2018-12-02 00:14:17,405 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2018-12-02 00:14:17,405 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2018-12-02 00:14:17,405 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 0 states. [2018-12-02 00:14:17,405 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2018-12-02 00:14:17,407 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 320 [2018-12-02 00:14:17,407 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-02 00:14:17,407 INFO L480 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2018-12-02 00:14:17,407 INFO L481 AbstractCegarLoop]: Interpolant automaton has 10 states. [2018-12-02 00:14:17,407 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2018-12-02 00:14:17,407 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-12-02 00:14:17,410 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2018-12-02 00:14:17,604 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:17,605 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:17,606 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:17,606 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:17,616 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:17,616 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:17,617 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,099 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,099 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,106 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,107 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,116 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,117 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,130 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,130 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,140 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:18,141 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,724 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,749 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,752 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,754 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,755 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,768 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,780 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,784 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,787 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,795 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,866 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,891 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,894 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,896 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,898 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,910 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,921 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,925 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,928 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:19,937 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,033 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,042 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,045 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,063 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,066 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,067 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,069 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,078 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,083 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,083 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,084 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,084 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,099 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,099 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,100 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,100 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,100 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,104 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,105 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,105 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,106 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,109 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,109 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,110 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,110 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,110 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,120 WARN L250 erpolLogProxyWrapper]: Already inconsistent. [2018-12-02 00:14:23,857 WARN L180 SmtUtils]: Spent 386.00 ms on a formula simplification. DAG size of input: 220 DAG size of output: 53 [2018-12-02 00:14:24,263 WARN L180 SmtUtils]: Spent 288.00 ms on a formula simplification. DAG size of input: 197 DAG size of output: 54 [2018-12-02 00:14:25,723 WARN L180 SmtUtils]: Spent 1.44 s on a formula simplification. DAG size of input: 313 DAG size of output: 41 [2018-12-02 00:14:26,935 WARN L180 SmtUtils]: Spent 1.20 s on a formula simplification. DAG size of input: 361 DAG size of output: 40 [2018-12-02 00:14:28,545 WARN L180 SmtUtils]: Spent 1.54 s on a formula simplification. DAG size of input: 361 DAG size of output: 40 [2018-12-02 00:14:29,811 WARN L180 SmtUtils]: Spent 1.24 s on a formula simplification. DAG size of input: 359 DAG size of output: 30 [2018-12-02 00:14:30,345 WARN L180 SmtUtils]: Spent 529.00 ms on a formula simplification. DAG size of input: 286 DAG size of output: 50 [2018-12-02 00:14:30,836 WARN L180 SmtUtils]: Spent 449.00 ms on a formula simplification. DAG size of input: 359 DAG size of output: 30 [2018-12-02 00:14:31,217 WARN L180 SmtUtils]: Spent 263.00 ms on a formula simplification. DAG size of input: 190 DAG size of output: 46 [2018-12-02 00:14:31,606 WARN L180 SmtUtils]: Spent 308.00 ms on a formula simplification. DAG size of input: 220 DAG size of output: 40 [2018-12-02 00:14:32,541 WARN L180 SmtUtils]: Spent 150.00 ms on a formula simplification. DAG size of input: 144 DAG size of output: 32 [2018-12-02 00:14:32,698 WARN L180 SmtUtils]: Spent 130.00 ms on a formula simplification. DAG size of input: 91 DAG size of output: 49 [2018-12-02 00:14:32,970 WARN L180 SmtUtils]: Spent 120.00 ms on a formula simplification. DAG size of input: 91 DAG size of output: 49 [2018-12-02 00:14:35,297 WARN L180 SmtUtils]: Spent 2.17 s on a formula simplification. DAG size of input: 361 DAG size of output: 40 [2018-12-02 00:14:35,928 WARN L180 SmtUtils]: Spent 570.00 ms on a formula simplification. DAG size of input: 245 DAG size of output: 50 [2018-12-02 00:14:36,684 WARN L180 SmtUtils]: Spent 542.00 ms on a formula simplification. DAG size of input: 422 DAG size of output: 24 [2018-12-02 00:14:37,180 WARN L180 SmtUtils]: Spent 403.00 ms on a formula simplification. DAG size of input: 335 DAG size of output: 30 [2018-12-02 00:14:38,538 WARN L180 SmtUtils]: Spent 1.29 s on a formula simplification. DAG size of input: 361 DAG size of output: 40 [2018-12-02 00:14:39,883 WARN L180 SmtUtils]: Spent 1.24 s on a formula simplification. DAG size of input: 361 DAG size of output: 40 [2018-12-02 00:14:40,411 WARN L180 SmtUtils]: Spent 472.00 ms on a formula simplification. DAG size of input: 208 DAG size of output: 56 [2018-12-02 00:14:40,743 WARN L180 SmtUtils]: Spent 319.00 ms on a formula simplification. DAG size of input: 226 DAG size of output: 50 [2018-12-02 00:14:41,192 WARN L180 SmtUtils]: Spent 331.00 ms on a formula simplification. DAG size of input: 214 DAG size of output: 46 [2018-12-02 00:14:41,897 WARN L180 SmtUtils]: Spent 622.00 ms on a formula simplification. DAG size of input: 286 DAG size of output: 50 [2018-12-02 00:14:42,355 WARN L180 SmtUtils]: Spent 450.00 ms on a formula simplification. DAG size of input: 335 DAG size of output: 30 [2018-12-02 00:14:43,260 WARN L180 SmtUtils]: Spent 900.00 ms on a formula simplification. DAG size of input: 253 DAG size of output: 46 [2018-12-02 00:14:44,276 WARN L180 SmtUtils]: Spent 1.01 s on a formula simplification. DAG size of input: 253 DAG size of output: 46 [2018-12-02 00:14:44,718 WARN L180 SmtUtils]: Spent 292.00 ms on a formula simplification. DAG size of input: 197 DAG size of output: 54 [2018-12-02 00:14:44,846 WARN L180 SmtUtils]: Spent 123.00 ms on a formula simplification. DAG size of input: 112 DAG size of output: 27 [2018-12-02 00:14:46,032 WARN L180 SmtUtils]: Spent 1.18 s on a formula simplification. DAG size of input: 361 DAG size of output: 40 [2018-12-02 00:14:46,692 WARN L180 SmtUtils]: Spent 166.00 ms on a formula simplification. DAG size of input: 190 DAG size of output: 32 [2018-12-02 00:14:47,880 WARN L180 SmtUtils]: Spent 1.10 s on a formula simplification. DAG size of input: 286 DAG size of output: 50 [2018-12-02 00:14:48,591 WARN L180 SmtUtils]: Spent 607.00 ms on a formula simplification. DAG size of input: 220 DAG size of output: 53 [2018-12-02 00:14:48,739 WARN L180 SmtUtils]: Spent 144.00 ms on a formula simplification. DAG size of input: 110 DAG size of output: 52 [2018-12-02 00:14:49,289 WARN L180 SmtUtils]: Spent 385.00 ms on a formula simplification. DAG size of input: 220 DAG size of output: 53 [2018-12-02 00:14:49,639 INFO L448 ceAbstractionStarter]: For program point bobKeyChangeFINAL(lines 2538 2547) no Hoare annotation was computed. [2018-12-02 00:14:49,639 INFO L448 ceAbstractionStarter]: For program point bobKeyChangeEXIT(lines 2538 2547) no Hoare annotation was computed. [2018-12-02 00:14:49,639 INFO L451 ceAbstractionStarter]: At program point bobKeyChangeENTRY(lines 2538 2547) the Hoare annotation is: true [2018-12-02 00:14:49,639 INFO L448 ceAbstractionStarter]: For program point isSignedEXIT(lines 752 770) no Hoare annotation was computed. [2018-12-02 00:14:49,639 INFO L451 ceAbstractionStarter]: At program point isSignedENTRY(lines 752 770) the Hoare annotation is: true [2018-12-02 00:14:49,639 INFO L448 ceAbstractionStarter]: For program point isSignedFINAL(lines 752 770) no Hoare annotation was computed. [2018-12-02 00:14:49,639 INFO L448 ceAbstractionStarter]: For program point L760(lines 760 766) no Hoare annotation was computed. [2018-12-02 00:14:49,639 INFO L448 ceAbstractionStarter]: For program point L756(lines 756 767) no Hoare annotation was computed. [2018-12-02 00:14:49,640 INFO L444 ceAbstractionStarter]: At program point mailENTRY(lines 127 143) the Hoare annotation is: (let ((.cse11 (= 0 ~__ste_email_isEncrypted0~0)) (.cse10 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse5 (= 0 ~__ste_client_privateKey0~0)) (.cse6 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse0 (not (= 1 |mail_#in~msg|))) (.cse1 (not (= 1 |mail_#in~client|))) (.cse3 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|)) (.cse2 (not (= ~queue_empty~0 1))) (.cse12 (not (= 0 ~__ste_email_isSigned0~0))) (.cse9 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse4 (< ~rjh~0 2)) (.cse7 (< ~chuck~0 3)) (.cse8 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse3 .cse0 .cse1 .cse2 .cse9 .cse4 .cse5 .cse7 .cse8) (or .cse10 .cse0 .cse1 .cse11 .cse2 .cse12 .cse4 .cse7 .cse8) (or .cse11 .cse10 .cse0 .cse1 .cse2 .cse4 .cse5 .cse7 .cse8) (or .cse0 .cse1 .cse2 .cse3 .cse12 .cse4 .cse6 .cse7 .cse8) (or .cse0 .cse1 .cse3 .cse2 .cse12 .cse9 .cse4 .cse7 .cse8))) [2018-12-02 00:14:49,640 INFO L444 ceAbstractionStarter]: At program point L139(line 139) the Hoare annotation is: (let ((.cse13 (= ~__ste_email_to0~0 mail_~tmp~0)) (.cse14 (= 1 mail_~__utac__ad__arg1~0)) (.cse15 (= 1 mail_~__utac__ad__arg2~0)) (.cse16 (= mail_~msg |mail_#in~msg|))) (let ((.cse1 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse0 (and .cse13 .cse14 .cse15 .cse16 (= 0 ~__ste_email_isEncrypted0~0))) (.cse11 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse9 (= 0 ~__ste_client_privateKey0~0)) (.cse10 (and .cse13 .cse14 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|) .cse15 .cse16)) (.cse2 (not (= 1 |mail_#in~msg|))) (.cse3 (not (= 1 |mail_#in~client|))) (.cse4 (not (= ~queue_empty~0 1))) (.cse5 (not (= 0 ~__ste_email_isSigned0~0))) (.cse12 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse6 (< ~rjh~0 2)) (.cse7 (< ~chuck~0 3)) (.cse8 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse1 .cse2 .cse3 .cse4 .cse0 .cse6 .cse9 .cse7 .cse8) (or .cse2 .cse3 .cse10 .cse4 .cse5 .cse6 .cse11 .cse7 .cse8) (or .cse10 .cse2 .cse3 .cse4 .cse6 .cse9 .cse11 .cse7 .cse8) (or .cse10 .cse2 .cse3 .cse4 .cse12 .cse6 .cse9 .cse7 .cse8) (or .cse10 .cse2 .cse3 .cse4 .cse5 .cse12 .cse6 .cse7 .cse8)))) [2018-12-02 00:14:49,640 INFO L448 ceAbstractionStarter]: For program point mailEXIT(lines 127 143) no Hoare annotation was computed. [2018-12-02 00:14:49,640 INFO L444 ceAbstractionStarter]: At program point L138(line 138) the Hoare annotation is: (let ((.cse13 (= 1 mail_~__utac__ad__arg1~0)) (.cse14 (= 1 mail_~__utac__ad__arg2~0)) (.cse15 (= mail_~msg |mail_#in~msg|))) (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse4 (and .cse13 .cse14 .cse15 (= 0 ~__ste_email_isEncrypted0~0))) (.cse5 (not (= 0 ~__ste_email_isSigned0~0))) (.cse9 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse1 (not (= 1 |mail_#in~msg|))) (.cse2 (not (= 1 |mail_#in~client|))) (.cse3 (not (= ~queue_empty~0 1))) (.cse6 (< ~rjh~0 2)) (.cse10 (= 0 ~__ste_client_privateKey0~0)) (.cse12 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse11 (and .cse13 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|) .cse14 .cse15)) (.cse7 (< ~chuck~0 3)) (.cse8 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse1 .cse2 .cse3 .cse9 .cse6 .cse10 .cse11 .cse7 .cse8) (or .cse11 .cse1 .cse2 .cse3 .cse5 .cse6 .cse12 .cse7 .cse8) (or .cse0 .cse1 .cse2 .cse3 .cse6 .cse4 .cse10 .cse7 .cse8) (or .cse11 .cse1 .cse2 .cse3 .cse5 .cse9 .cse6 .cse7 .cse8) (or .cse1 .cse2 .cse3 .cse6 .cse10 .cse12 .cse11 .cse7 .cse8)))) [2018-12-02 00:14:49,640 INFO L448 ceAbstractionStarter]: For program point L138-1(line 138) no Hoare annotation was computed. [2018-12-02 00:14:49,640 INFO L444 ceAbstractionStarter]: At program point L136(line 136) the Hoare annotation is: (let ((.cse13 (= 1 mail_~__utac__ad__arg1~0)) (.cse14 (= 1 mail_~__utac__ad__arg2~0)) (.cse15 (= mail_~msg |mail_#in~msg|))) (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse4 (and .cse13 .cse14 .cse15 (= 0 ~__ste_email_isEncrypted0~0))) (.cse5 (not (= 0 ~__ste_email_isSigned0~0))) (.cse9 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse1 (not (= 1 |mail_#in~msg|))) (.cse2 (not (= 1 |mail_#in~client|))) (.cse3 (not (= ~queue_empty~0 1))) (.cse6 (< ~rjh~0 2)) (.cse10 (= 0 ~__ste_client_privateKey0~0)) (.cse12 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse11 (and .cse13 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|) .cse14 .cse15)) (.cse7 (< ~chuck~0 3)) (.cse8 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse1 .cse2 .cse3 .cse9 .cse6 .cse10 .cse11 .cse7 .cse8) (or .cse11 .cse1 .cse2 .cse3 .cse5 .cse6 .cse12 .cse7 .cse8) (or .cse0 .cse1 .cse2 .cse3 .cse6 .cse4 .cse10 .cse7 .cse8) (or .cse11 .cse1 .cse2 .cse3 .cse5 .cse9 .cse6 .cse7 .cse8) (or .cse1 .cse2 .cse3 .cse6 .cse10 .cse12 .cse11 .cse7 .cse8)))) [2018-12-02 00:14:49,640 INFO L448 ceAbstractionStarter]: For program point L136-1(line 136) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point mailFINAL(lines 127 143) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point valid_productEXIT(lines 78 86) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L451 ceAbstractionStarter]: At program point valid_productENTRY(lines 78 86) the Hoare annotation is: true [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point valid_productFINAL(lines 78 86) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point get_queued_clientEXIT(lines 313 321) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L451 ceAbstractionStarter]: At program point get_queued_clientENTRY(lines 313 321) the Hoare annotation is: true [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point get_queued_clientFINAL(lines 313 321) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point isKeyPairValidEXIT(lines 331 355) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L451 ceAbstractionStarter]: At program point isKeyPairValidENTRY(lines 331 355) the Hoare annotation is: true [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point isKeyPairValidFINAL(lines 331 355) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point L344(lines 344 349) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L448 ceAbstractionStarter]: For program point L340(lines 340 350) no Hoare annotation was computed. [2018-12-02 00:14:49,641 INFO L444 ceAbstractionStarter]: At program point signENTRY(lines 366 386) the Hoare annotation is: (or (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (= 0 ~__ste_email_isSigned0~0) (< ~rjh~0 2) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,642 INFO L444 ceAbstractionStarter]: At program point L381(line 381) the Hoare annotation is: (let ((.cse0 (= |sign_#in~client| sign_~client)) (.cse1 (= 0 ~__ste_email_isSigned0~0))) (or (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (and .cse0 .cse1 (not (= |sign_#in~client| 1))) (< ~rjh~0 2) (and .cse0 (= sign_~privkey~1 ~__ste_client_privateKey0~0) .cse1 (not (= 0 ~__ste_client_privateKey0~0))) (< ~chuck~0 3) (not (= 1 ~bob~0)))) [2018-12-02 00:14:49,642 INFO L448 ceAbstractionStarter]: For program point signEXIT(lines 366 386) no Hoare annotation was computed. [2018-12-02 00:14:49,642 INFO L444 ceAbstractionStarter]: At program point L381-1(line 381) the Hoare annotation is: (let ((.cse0 (= |sign_#in~client| sign_~client))) (or (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (and .cse0 (= sign_~privkey~1 ~__ste_client_privateKey0~0) (not (= 0 ~__ste_client_privateKey0~0))) (< ~rjh~0 2) (and .cse0 (not (= |sign_#in~client| 1))) (< ~chuck~0 3) (not (= 1 ~bob~0)))) [2018-12-02 00:14:49,642 INFO L448 ceAbstractionStarter]: For program point signFINAL(lines 366 386) no Hoare annotation was computed. [2018-12-02 00:14:49,642 INFO L448 ceAbstractionStarter]: For program point L375(lines 375 379) no Hoare annotation was computed. [2018-12-02 00:14:49,642 INFO L444 ceAbstractionStarter]: At program point L372(line 372) the Hoare annotation is: (or (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (< ~rjh~0 2) (and (= |sign_#in~client| sign_~client) (= 0 ~__ste_email_isSigned0~0)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,642 INFO L448 ceAbstractionStarter]: For program point L372-1(line 372) no Hoare annotation was computed. [2018-12-02 00:14:49,642 INFO L444 ceAbstractionStarter]: At program point L2432(line 2432) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 0 ~__ste_Client_Keyring0_User0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0)) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|))) [2018-12-02 00:14:49,642 INFO L448 ceAbstractionStarter]: For program point L2433(line 2433) no Hoare annotation was computed. [2018-12-02 00:14:49,642 INFO L444 ceAbstractionStarter]: At program point L2431-1(line 2431) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 0 ~__ste_Client_Keyring0_User0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0)) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|))) [2018-12-02 00:14:49,643 INFO L444 ceAbstractionStarter]: At program point L2431(line 2431) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 0 ~__ste_Client_Keyring0_User0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0)) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|))) [2018-12-02 00:14:49,643 INFO L444 ceAbstractionStarter]: At program point mainENTRY(lines 2425 2445) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 0 ~__ste_Client_Keyring0_User0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0)) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|))) [2018-12-02 00:14:49,643 INFO L448 ceAbstractionStarter]: For program point mainEXIT(lines 2425 2445) no Hoare annotation was computed. [2018-12-02 00:14:49,643 INFO L448 ceAbstractionStarter]: For program point mainFINAL(lines 2425 2445) no Hoare annotation was computed. [2018-12-02 00:14:49,643 INFO L444 ceAbstractionStarter]: At program point L2437-1(line 2437) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 1 ~bob~0) (<= 2 ~rjh~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) (<= 3 ~chuck~0) (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 0 ~__ste_Client_Keyring0_User0~0) (= main_~tmp~17 1)) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|))) [2018-12-02 00:14:49,643 INFO L444 ceAbstractionStarter]: At program point L2437(line 2437) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (and (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 0 ~__ste_Client_Keyring0_User0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) (= main_~tmp~17 1))) [2018-12-02 00:14:49,643 INFO L448 ceAbstractionStarter]: For program point L2435-1(lines 2435 2442) no Hoare annotation was computed. [2018-12-02 00:14:49,643 INFO L448 ceAbstractionStarter]: For program point L2435(lines 2435 2442) no Hoare annotation was computed. [2018-12-02 00:14:49,643 INFO L451 ceAbstractionStarter]: At program point rjhKeyChangeENTRY(lines 2548 2557) the Hoare annotation is: true [2018-12-02 00:14:49,643 INFO L448 ceAbstractionStarter]: For program point rjhKeyChangeEXIT(lines 2548 2557) no Hoare annotation was computed. [2018-12-02 00:14:49,643 INFO L448 ceAbstractionStarter]: For program point rjhKeyChangeFINAL(lines 2548 2557) no Hoare annotation was computed. [2018-12-02 00:14:49,644 INFO L448 ceAbstractionStarter]: For program point setup_rjhFINAL(lines 2336 2346) no Hoare annotation was computed. [2018-12-02 00:14:49,644 INFO L451 ceAbstractionStarter]: At program point setup_rjhENTRY(lines 2336 2346) the Hoare annotation is: true [2018-12-02 00:14:49,644 INFO L444 ceAbstractionStarter]: At program point L2341-1(line 2341) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (< ~rjh~0 2) (<= |setup_rjh_#in~rjh___0| setup_rjh_~rjh___0) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0)) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,644 INFO L444 ceAbstractionStarter]: At program point L2341(line 2341) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (< ~rjh~0 2) (<= |setup_rjh_#in~rjh___0| setup_rjh_~rjh___0) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0)) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,644 INFO L448 ceAbstractionStarter]: For program point setup_rjhEXIT(lines 2336 2346) no Hoare annotation was computed. [2018-12-02 00:14:49,644 INFO L448 ceAbstractionStarter]: For program point setEmailIsSignedEXIT(lines 771 786) no Hoare annotation was computed. [2018-12-02 00:14:49,644 INFO L448 ceAbstractionStarter]: For program point L778(lines 778 782) no Hoare annotation was computed. [2018-12-02 00:14:49,644 INFO L448 ceAbstractionStarter]: For program point L778-2(lines 771 786) no Hoare annotation was computed. [2018-12-02 00:14:49,644 INFO L448 ceAbstractionStarter]: For program point L775(lines 775 783) no Hoare annotation was computed. [2018-12-02 00:14:49,644 INFO L444 ceAbstractionStarter]: At program point setEmailIsSignedENTRY(lines 771 786) the Hoare annotation is: (or (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (= 0 ~__ste_email_isSigned0~0) (< ~rjh~0 2) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,644 INFO L451 ceAbstractionStarter]: At program point getClientPrivateKeyENTRY(lines 1678 1701) the Hoare annotation is: true [2018-12-02 00:14:49,644 INFO L448 ceAbstractionStarter]: For program point getClientPrivateKeyEXIT(lines 1678 1701) no Hoare annotation was computed. [2018-12-02 00:14:49,645 INFO L448 ceAbstractionStarter]: For program point L1690(lines 1690 1696) no Hoare annotation was computed. [2018-12-02 00:14:49,645 INFO L448 ceAbstractionStarter]: For program point getClientPrivateKeyFINAL(lines 1678 1701) no Hoare annotation was computed. [2018-12-02 00:14:49,645 INFO L448 ceAbstractionStarter]: For program point L1686(lines 1686 1697) no Hoare annotation was computed. [2018-12-02 00:14:49,645 INFO L448 ceAbstractionStarter]: For program point L1682(lines 1682 1698) no Hoare annotation was computed. [2018-12-02 00:14:49,645 INFO L448 ceAbstractionStarter]: For program point rjhKeyAddFINAL(lines 2468 2479) no Hoare annotation was computed. [2018-12-02 00:14:49,645 INFO L444 ceAbstractionStarter]: At program point L2474(line 2474) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,645 INFO L448 ceAbstractionStarter]: For program point rjhKeyAddEXIT(lines 2468 2479) no Hoare annotation was computed. [2018-12-02 00:14:49,645 INFO L448 ceAbstractionStarter]: For program point L2473(line 2473) no Hoare annotation was computed. [2018-12-02 00:14:49,645 INFO L451 ceAbstractionStarter]: At program point L2474-1(line 2474) the Hoare annotation is: true [2018-12-02 00:14:49,645 INFO L444 ceAbstractionStarter]: At program point rjhKeyAddENTRY(lines 2468 2479) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,645 INFO L448 ceAbstractionStarter]: For program point bobToRjhEXIT(lines 2368 2390) no Hoare annotation was computed. [2018-12-02 00:14:49,646 INFO L444 ceAbstractionStarter]: At program point L2384(line 2384) the Hoare annotation is: (or (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (< ~rjh~0 2) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,646 INFO L448 ceAbstractionStarter]: For program point L2385-1(lines 2368 2390) no Hoare annotation was computed. [2018-12-02 00:14:49,646 INFO L444 ceAbstractionStarter]: At program point bobToRjhENTRY(lines 2368 2390) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse1 (not (= ~queue_empty~0 1))) (.cse2 (not (= 0 |old(~__ste_email_isSigned0~0)|))) (.cse3 (< ~rjh~0 2)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) .cse3 .cse4 .cse5) (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) .cse0 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse1 .cse2 .cse3 (not (= |old(~__ste_email_to0~0)| ~__ste_Client_Keyring0_User0~0)) .cse4 .cse5))) [2018-12-02 00:14:49,646 INFO L444 ceAbstractionStarter]: At program point L2385(line 2385) the Hoare annotation is: (or (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (< ~rjh~0 2) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,646 INFO L448 ceAbstractionStarter]: For program point L2383-1(line 2383) no Hoare annotation was computed. [2018-12-02 00:14:49,646 INFO L444 ceAbstractionStarter]: At program point L2383(line 2383) the Hoare annotation is: (or (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (< ~rjh~0 2) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,646 INFO L448 ceAbstractionStarter]: For program point L2384-1(line 2384) no Hoare annotation was computed. [2018-12-02 00:14:49,646 INFO L448 ceAbstractionStarter]: For program point L2379(lines 2379 2387) no Hoare annotation was computed. [2018-12-02 00:14:49,646 INFO L444 ceAbstractionStarter]: At program point L2376(line 2376) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse1 (not (= ~queue_empty~0 1))) (.cse2 (not (= 0 |old(~__ste_email_isSigned0~0)|))) (.cse3 (< ~rjh~0 2)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) .cse3 .cse4 .cse5) (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) .cse0 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse1 .cse2 .cse3 (not (= |old(~__ste_email_to0~0)| ~__ste_Client_Keyring0_User0~0)) .cse4 .cse5))) [2018-12-02 00:14:49,646 INFO L448 ceAbstractionStarter]: For program point L2377(line 2377) no Hoare annotation was computed. [2018-12-02 00:14:49,646 INFO L444 ceAbstractionStarter]: At program point L2376-1(line 2376) the Hoare annotation is: (or (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (= 0 ~__ste_email_isSigned0~0) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (< ~rjh~0 2) (not (= 1 ~bob~0)) (not (= 0 ~__ste_client_privateKey0~0)) (< ~chuck~0 3)) [2018-12-02 00:14:49,647 INFO L451 ceAbstractionStarter]: At program point L2320(line 2320) the Hoare annotation is: true [2018-12-02 00:14:49,647 INFO L451 ceAbstractionStarter]: At program point L2320-1(line 2320) the Hoare annotation is: true [2018-12-02 00:14:49,647 INFO L451 ceAbstractionStarter]: At program point setup_bobENTRY(lines 2315 2325) the Hoare annotation is: true [2018-12-02 00:14:49,647 INFO L448 ceAbstractionStarter]: For program point setup_bobFINAL(lines 2315 2325) no Hoare annotation was computed. [2018-12-02 00:14:49,647 INFO L448 ceAbstractionStarter]: For program point setup_bobEXIT(lines 2315 2325) no Hoare annotation was computed. [2018-12-02 00:14:49,647 INFO L451 ceAbstractionStarter]: At program point setEmailEncryptionKeyENTRY(lines 734 749) the Hoare annotation is: true [2018-12-02 00:14:49,647 INFO L448 ceAbstractionStarter]: For program point setEmailEncryptionKeyEXIT(lines 734 749) no Hoare annotation was computed. [2018-12-02 00:14:49,647 INFO L448 ceAbstractionStarter]: For program point L741(lines 741 745) no Hoare annotation was computed. [2018-12-02 00:14:49,647 INFO L448 ceAbstractionStarter]: For program point L741-2(lines 734 749) no Hoare annotation was computed. [2018-12-02 00:14:49,647 INFO L448 ceAbstractionStarter]: For program point L738(lines 738 746) no Hoare annotation was computed. [2018-12-02 00:14:49,647 INFO L448 ceAbstractionStarter]: For program point select_featuresEXIT(lines 64 70) no Hoare annotation was computed. [2018-12-02 00:14:49,647 INFO L451 ceAbstractionStarter]: At program point select_featuresFINAL(lines 64 70) the Hoare annotation is: true [2018-12-02 00:14:49,647 INFO L448 ceAbstractionStarter]: For program point setup_bob__wrappee__BaseFINAL(lines 2305 2314) no Hoare annotation was computed. [2018-12-02 00:14:49,648 INFO L451 ceAbstractionStarter]: At program point setup_bob__wrappee__BaseENTRY(lines 2305 2314) the Hoare annotation is: true [2018-12-02 00:14:49,648 INFO L451 ceAbstractionStarter]: At program point L2310(line 2310) the Hoare annotation is: true [2018-12-02 00:14:49,648 INFO L448 ceAbstractionStarter]: For program point setup_bob__wrappee__BaseEXIT(lines 2305 2314) no Hoare annotation was computed. [2018-12-02 00:14:49,648 INFO L448 ceAbstractionStarter]: For program point L719(lines 719 730) no Hoare annotation was computed. [2018-12-02 00:14:49,648 INFO L448 ceAbstractionStarter]: For program point getEmailEncryptionKeyEXIT(lines 715 733) no Hoare annotation was computed. [2018-12-02 00:14:49,648 INFO L451 ceAbstractionStarter]: At program point getEmailEncryptionKeyENTRY(lines 715 733) the Hoare annotation is: true [2018-12-02 00:14:49,648 INFO L448 ceAbstractionStarter]: For program point getEmailEncryptionKeyFINAL(lines 715 733) no Hoare annotation was computed. [2018-12-02 00:14:49,648 INFO L448 ceAbstractionStarter]: For program point L723(lines 723 729) no Hoare annotation was computed. [2018-12-02 00:14:49,648 INFO L444 ceAbstractionStarter]: At program point outgoing__wrappee__KeysENTRY(lines 144 155) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse2 (= 0 ~__ste_email_isEncrypted0~0)) (.cse10 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse4 (= 0 ~__ste_client_privateKey0~0)) (.cse1 (not (= ~queue_empty~0 1))) (.cse11 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|)) (.cse9 (not (= 0 ~__ste_email_isSigned0~0))) (.cse12 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse3 (< ~rjh~0 2)) (.cse5 (not (= 1 |outgoing__wrappee__Keys_#in~msg|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0))) (.cse8 (not (= 1 |outgoing__wrappee__Keys_#in~client|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse0 .cse1 .cse9 .cse3 .cse5 .cse2 .cse6 .cse7 .cse8) (or .cse1 .cse3 .cse4 .cse10 .cse5 .cse6 .cse7 .cse11 .cse8) (or .cse11 .cse1 .cse9 .cse3 .cse10 .cse5 .cse6 .cse7 .cse8) (or .cse1 .cse12 .cse11 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse1 .cse11 .cse9 .cse12 .cse3 .cse5 .cse6 .cse7 .cse8))) [2018-12-02 00:14:49,648 INFO L448 ceAbstractionStarter]: For program point outgoing__wrappee__KeysEXIT(lines 144 155) no Hoare annotation was computed. [2018-12-02 00:14:49,648 INFO L448 ceAbstractionStarter]: For program point outgoing__wrappee__KeysFINAL(lines 144 155) no Hoare annotation was computed. [2018-12-02 00:14:49,649 INFO L444 ceAbstractionStarter]: At program point L150(line 150) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse1 (= 0 ~__ste_email_isEncrypted0~0)) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse10 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse13 (and (= 1 outgoing__wrappee__Keys_~client) (= 1 outgoing__wrappee__Keys_~msg))) (.cse11 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|)) (.cse2 (not (= ~queue_empty~0 1))) (.cse12 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse4 (< ~rjh~0 2)) (.cse9 (= 0 ~__ste_client_privateKey0~0)) (.cse5 (not (= 1 |outgoing__wrappee__Keys_#in~msg|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0))) (.cse8 (not (= 1 |outgoing__wrappee__Keys_#in~client|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse2 .cse4 .cse9 .cse10 .cse5 .cse6 .cse7 .cse8 .cse11) (or .cse0 .cse1 .cse2 .cse4 .cse9 .cse5 .cse6 .cse7 .cse8) (or .cse11 .cse2 .cse3 .cse12 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse13 .cse3 .cse4 .cse5 .cse7 .cse8) (or .cse2 .cse3 .cse4 .cse11 .cse10 .cse5 .cse6 .cse7 .cse8) (or .cse13 .cse4 .cse9 .cse5 .cse7 .cse8) (or .cse11 .cse2 .cse12 .cse4 .cse9 .cse5 .cse6 .cse7 .cse8))) [2018-12-02 00:14:49,649 INFO L444 ceAbstractionStarter]: At program point L149(line 149) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse1 (= 0 ~__ste_email_isEncrypted0~0)) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse10 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse13 (and (= 1 outgoing__wrappee__Keys_~client) (= 1 outgoing__wrappee__Keys_~msg))) (.cse11 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|)) (.cse2 (not (= ~queue_empty~0 1))) (.cse12 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse4 (< ~rjh~0 2)) (.cse9 (= 0 ~__ste_client_privateKey0~0)) (.cse5 (not (= 1 |outgoing__wrappee__Keys_#in~msg|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0))) (.cse8 (not (= 1 |outgoing__wrappee__Keys_#in~client|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse2 .cse4 .cse9 .cse10 .cse5 .cse6 .cse7 .cse8 .cse11) (or .cse0 .cse1 .cse2 .cse4 .cse9 .cse5 .cse6 .cse7 .cse8) (or .cse11 .cse2 .cse3 .cse12 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse13 .cse3 .cse4 .cse5 .cse7 .cse8) (or .cse2 .cse3 .cse4 .cse11 .cse10 .cse5 .cse6 .cse7 .cse8) (or .cse13 .cse4 .cse9 .cse5 .cse7 .cse8) (or .cse11 .cse2 .cse12 .cse4 .cse9 .cse5 .cse6 .cse7 .cse8))) [2018-12-02 00:14:49,649 INFO L444 ceAbstractionStarter]: At program point L150-1(line 150) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse1 (= 0 ~__ste_email_isEncrypted0~0)) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse10 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse13 (and (= 1 outgoing__wrappee__Keys_~client) (= 1 outgoing__wrappee__Keys_~msg))) (.cse11 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|)) (.cse2 (not (= ~queue_empty~0 1))) (.cse12 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse4 (< ~rjh~0 2)) (.cse9 (= 0 ~__ste_client_privateKey0~0)) (.cse5 (not (= 1 |outgoing__wrappee__Keys_#in~msg|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0))) (.cse8 (not (= 1 |outgoing__wrappee__Keys_#in~client|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse2 .cse4 .cse9 .cse10 .cse5 .cse6 .cse7 .cse8 .cse11) (or .cse0 .cse1 .cse2 .cse4 .cse9 .cse5 .cse6 .cse7 .cse8) (or .cse11 .cse2 .cse3 .cse12 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse13 .cse3 .cse4 .cse5 .cse7 .cse8) (or .cse2 .cse3 .cse4 .cse11 .cse10 .cse5 .cse6 .cse7 .cse8) (or .cse13 .cse4 .cse9 .cse5 .cse7 .cse8) (or .cse11 .cse2 .cse12 .cse4 .cse9 .cse5 .cse6 .cse7 .cse8))) [2018-12-02 00:14:49,649 INFO L448 ceAbstractionStarter]: For program point L149-1(line 149) no Hoare annotation was computed. [2018-12-02 00:14:49,649 INFO L448 ceAbstractionStarter]: For program point incomingFINAL(lines 225 265) no Hoare annotation was computed. [2018-12-02 00:14:49,649 INFO L444 ceAbstractionStarter]: At program point incomingENTRY(lines 225 265) the Hoare annotation is: (let ((.cse7 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse8 (= 0 ~__ste_email_isEncrypted0~0)) (.cse10 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse0 (not (= ~queue_empty~0 1))) (.cse3 (< ~rjh~0 2)) (.cse9 (= 0 ~__ste_client_privateKey0~0)) (.cse4 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0))) (.cse1 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 .cse0 .cse3 .cse8 .cse9 .cse5 .cse6) (or .cse1 .cse0 .cse2 .cse10 .cse3 .cse5 .cse6) (or .cse7 .cse0 .cse2 .cse8 .cse3 .cse5 .cse6) (or .cse0 .cse10 .cse3 .cse9 .cse5 .cse6 .cse1) (or .cse0 .cse3 .cse9 .cse4 .cse5 .cse6 .cse1))) [2018-12-02 00:14:49,650 INFO L444 ceAbstractionStarter]: At program point L248(line 248) the Hoare annotation is: (let ((.cse12 (= incoming_~msg |incoming_#in~msg|))) (let ((.cse9 (= |incoming_#in~client| incoming_~client)) (.cse10 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse11 (and (= 0 ~__ste_email_isEncrypted0~0) .cse12)) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse7 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse1 (not (= ~queue_empty~0 1))) (.cse3 (< ~rjh~0 2)) (.cse0 (and (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|) .cse12)) (.cse8 (= 0 ~__ste_client_privateKey0~0)) (.cse4 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse1 .cse7 .cse3 .cse8 .cse5 .cse6 .cse0) (or .cse9 .cse2 .cse3 .cse5 .cse6) (or .cse10 .cse11 .cse1 .cse3 .cse8 .cse5 .cse6) (or .cse9 .cse3 .cse8 .cse5 .cse6) (or .cse10 .cse1 .cse11 .cse2 .cse3 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse7 .cse3 .cse5 .cse6) (or .cse1 .cse3 .cse0 .cse8 .cse4 .cse5 .cse6)))) [2018-12-02 00:14:49,650 INFO L444 ceAbstractionStarter]: At program point L248-1(line 248) the Hoare annotation is: (let ((.cse4 (= incoming_~msg |incoming_#in~msg|)) (.cse8 (= |incoming_#in~client| incoming_~client))) (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse11 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse9 (and .cse4 .cse8)) (.cse1 (not (= ~queue_empty~0 1))) (.cse10 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse3 (< ~rjh~0 2)) (.cse7 (= 0 ~__ste_client_privateKey0~0)) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse4 .cse0 .cse1 .cse3 .cse7 .cse5 .cse6) (or .cse8 .cse2 .cse3 .cse5 .cse6) (or .cse9 .cse1 .cse2 .cse10 .cse3 .cse5 .cse6) (or .cse1 .cse4 .cse2 .cse3 .cse11 .cse5 .cse6) (or .cse8 .cse3 .cse7 .cse5 .cse6) (or .cse9 .cse1 .cse3 .cse7 .cse11 .cse5 .cse6) (or .cse9 .cse1 .cse10 .cse3 .cse7 .cse5 .cse6)))) [2018-12-02 00:14:49,650 INFO L448 ceAbstractionStarter]: For program point L246(lines 246 253) no Hoare annotation was computed. [2018-12-02 00:14:49,650 INFO L444 ceAbstractionStarter]: At program point L244(line 244) the Hoare annotation is: (let ((.cse12 (= incoming_~msg |incoming_#in~msg|))) (let ((.cse9 (= |incoming_#in~client| incoming_~client)) (.cse10 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse11 (and (= 0 ~__ste_email_isEncrypted0~0) .cse12)) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse7 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse1 (not (= ~queue_empty~0 1))) (.cse3 (< ~rjh~0 2)) (.cse0 (and (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|) .cse12)) (.cse8 (= 0 ~__ste_client_privateKey0~0)) (.cse4 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse1 .cse7 .cse3 .cse8 .cse5 .cse6 .cse0) (or .cse9 .cse2 .cse3 .cse5 .cse6) (or .cse10 .cse11 .cse1 .cse3 .cse8 .cse5 .cse6) (or .cse9 .cse3 .cse8 .cse5 .cse6) (or .cse10 .cse1 .cse11 .cse2 .cse3 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse7 .cse3 .cse5 .cse6) (or .cse1 .cse3 .cse0 .cse8 .cse4 .cse5 .cse6)))) [2018-12-02 00:14:49,650 INFO L448 ceAbstractionStarter]: For program point L244-1(line 244) no Hoare annotation was computed. [2018-12-02 00:14:49,650 INFO L444 ceAbstractionStarter]: At program point L234(line 234) the Hoare annotation is: (let ((.cse12 (= incoming_~msg |incoming_#in~msg|))) (let ((.cse7 (= |incoming_#in~client| incoming_~client)) (.cse10 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse11 (and (= 0 ~__ste_email_isEncrypted0~0) .cse12)) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse8 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse1 (not (= ~queue_empty~0 1))) (.cse3 (< ~rjh~0 2)) (.cse0 (and (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|) .cse12)) (.cse9 (= 0 ~__ste_client_privateKey0~0)) (.cse4 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 .cse2 .cse3 .cse5 .cse6) (or .cse1 .cse8 .cse3 .cse9 .cse5 .cse6 .cse0) (or .cse10 .cse11 .cse1 .cse3 .cse9 .cse5 .cse6) (or .cse7 .cse3 .cse9 .cse5 .cse6) (or .cse10 .cse1 .cse11 .cse2 .cse3 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse8 .cse3 .cse5 .cse6) (or .cse1 .cse3 .cse0 .cse9 .cse4 .cse5 .cse6)))) [2018-12-02 00:14:49,650 INFO L448 ceAbstractionStarter]: For program point L234-1(line 234) no Hoare annotation was computed. [2018-12-02 00:14:49,651 INFO L444 ceAbstractionStarter]: At program point L243(line 243) the Hoare annotation is: (let ((.cse12 (= incoming_~msg |incoming_#in~msg|))) (let ((.cse9 (= |incoming_#in~client| incoming_~client)) (.cse10 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse11 (and (= 0 ~__ste_email_isEncrypted0~0) .cse12)) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse7 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse1 (not (= ~queue_empty~0 1))) (.cse3 (< ~rjh~0 2)) (.cse0 (and (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|) .cse12)) (.cse8 (= 0 ~__ste_client_privateKey0~0)) (.cse4 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse1 .cse7 .cse3 .cse8 .cse5 .cse6 .cse0) (or .cse9 .cse2 .cse3 .cse5 .cse6) (or .cse10 .cse11 .cse1 .cse3 .cse8 .cse5 .cse6) (or .cse9 .cse3 .cse8 .cse5 .cse6) (or .cse10 .cse1 .cse11 .cse2 .cse3 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse7 .cse3 .cse5 .cse6) (or .cse1 .cse3 .cse0 .cse8 .cse4 .cse5 .cse6)))) [2018-12-02 00:14:49,651 INFO L448 ceAbstractionStarter]: For program point incomingEXIT(lines 225 265) no Hoare annotation was computed. [2018-12-02 00:14:49,651 INFO L448 ceAbstractionStarter]: For program point L243-1(line 243) no Hoare annotation was computed. [2018-12-02 00:14:49,651 INFO L448 ceAbstractionStarter]: For program point L241(lines 241 256) no Hoare annotation was computed. [2018-12-02 00:14:49,651 INFO L444 ceAbstractionStarter]: At program point L239(line 239) the Hoare annotation is: (let ((.cse12 (= incoming_~msg |incoming_#in~msg|))) (let ((.cse7 (= |incoming_#in~client| incoming_~client)) (.cse10 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse11 (and (= 0 ~__ste_email_isEncrypted0~0) .cse12)) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse8 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse1 (not (= ~queue_empty~0 1))) (.cse3 (< ~rjh~0 2)) (.cse0 (and (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|) .cse12)) (.cse9 (= 0 ~__ste_client_privateKey0~0)) (.cse4 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 .cse2 .cse3 .cse5 .cse6) (or .cse1 .cse8 .cse3 .cse9 .cse5 .cse6 .cse0) (or .cse10 .cse11 .cse1 .cse3 .cse9 .cse5 .cse6) (or .cse7 .cse3 .cse9 .cse5 .cse6) (or .cse10 .cse1 .cse11 .cse2 .cse3 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse8 .cse3 .cse5 .cse6) (or .cse1 .cse3 .cse0 .cse9 .cse4 .cse5 .cse6)))) [2018-12-02 00:14:49,651 INFO L448 ceAbstractionStarter]: For program point L239-1(line 239) no Hoare annotation was computed. [2018-12-02 00:14:49,651 INFO L448 ceAbstractionStarter]: For program point L237(lines 237 259) no Hoare annotation was computed. [2018-12-02 00:14:49,651 INFO L444 ceAbstractionStarter]: At program point L237-1(lines 237 259) the Hoare annotation is: (let ((.cse4 (= incoming_~msg |incoming_#in~msg|)) (.cse8 (= |incoming_#in~client| incoming_~client))) (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse11 (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) (.cse9 (and .cse4 .cse8)) (.cse1 (not (= ~queue_empty~0 1))) (.cse10 (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (.cse3 (< ~rjh~0 2)) (.cse7 (= 0 ~__ste_client_privateKey0~0)) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse4 .cse0 .cse1 .cse3 .cse7 .cse5 .cse6) (or .cse8 .cse2 .cse3 .cse5 .cse6) (or .cse9 .cse1 .cse2 .cse10 .cse3 .cse5 .cse6) (or .cse1 .cse4 .cse2 .cse3 .cse11 .cse5 .cse6) (or .cse8 .cse3 .cse7 .cse5 .cse6) (or .cse9 .cse1 .cse3 .cse7 .cse11 .cse5 .cse6) (or .cse9 .cse1 .cse10 .cse3 .cse7 .cse5 .cse6)))) [2018-12-02 00:14:49,651 INFO L448 ceAbstractionStarter]: For program point L2286(line 2286) no Hoare annotation was computed. [2018-12-02 00:14:49,651 INFO L448 ceAbstractionStarter]: For program point createEmailEXIT(lines 2278 2292) no Hoare annotation was computed. [2018-12-02 00:14:49,652 INFO L444 ceAbstractionStarter]: At program point L2285-1(line 2285) the Hoare annotation is: (let ((.cse0 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse1 (not (= ~queue_empty~0 1))) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse3 (< ~rjh~0 2)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 (= 1 createEmail_~msg~0) .cse3 .cse4 .cse5) (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) .cse0 .cse1 .cse2 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse3 (not (= |old(~__ste_email_to0~0)| ~__ste_Client_Keyring0_User0~0)) .cse4 .cse5))) [2018-12-02 00:14:49,652 INFO L444 ceAbstractionStarter]: At program point L2285(line 2285) the Hoare annotation is: (let ((.cse0 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse1 (not (= ~queue_empty~0 1))) (.cse2 (not (= 0 ~__ste_email_isSigned0~0))) (.cse3 (< ~rjh~0 2)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 (= 1 createEmail_~msg~0) .cse3 .cse4 .cse5) (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) .cse0 .cse1 .cse2 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse3 (not (= |old(~__ste_email_to0~0)| ~__ste_Client_Keyring0_User0~0)) .cse4 .cse5))) [2018-12-02 00:14:49,652 INFO L444 ceAbstractionStarter]: At program point createEmailENTRY(lines 2278 2292) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| ~__ste_Client_Keyring0_User0~0)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,652 INFO L448 ceAbstractionStarter]: For program point createEmailFINAL(lines 2278 2292) no Hoare annotation was computed. [2018-12-02 00:14:49,652 INFO L451 ceAbstractionStarter]: At program point rjhDeletePrivateKeyENTRY(lines 2528 2537) the Hoare annotation is: true [2018-12-02 00:14:49,652 INFO L448 ceAbstractionStarter]: For program point rjhDeletePrivateKeyEXIT(lines 2528 2537) no Hoare annotation was computed. [2018-12-02 00:14:49,652 INFO L448 ceAbstractionStarter]: For program point rjhDeletePrivateKeyFINAL(lines 2528 2537) no Hoare annotation was computed. [2018-12-02 00:14:49,652 INFO L448 ceAbstractionStarter]: For program point L1026-1(line 1026) no Hoare annotation was computed. [2018-12-02 00:14:49,652 INFO L448 ceAbstractionStarter]: For program point L960(lines 960 967) no Hoare annotation was computed. [2018-12-02 00:14:49,652 INFO L448 ceAbstractionStarter]: For program point L911(lines 911 915) no Hoare annotation was computed. [2018-12-02 00:14:49,652 INFO L444 ceAbstractionStarter]: At program point L969(lines 956 1069) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,653 INFO L444 ceAbstractionStarter]: At program point L994(lines 984 1067) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,653 INFO L448 ceAbstractionStarter]: For program point L1052(lines 1052 1059) no Hoare annotation was computed. [2018-12-02 00:14:49,653 INFO L444 ceAbstractionStarter]: At program point L1019(lines 1009 1065) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,653 INFO L444 ceAbstractionStarter]: At program point L1052-1(lines 909 1073) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,653 INFO L448 ceAbstractionStarter]: For program point testEXIT(lines 870 1081) no Hoare annotation was computed. [2018-12-02 00:14:49,653 INFO L444 ceAbstractionStarter]: At program point L962(line 962) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,653 INFO L448 ceAbstractionStarter]: For program point L962-1(line 962) no Hoare annotation was computed. [2018-12-02 00:14:49,653 INFO L444 ceAbstractionStarter]: At program point testENTRY(lines 870 1081) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0)) (and (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 0 ~__ste_Client_Keyring0_User0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0))) [2018-12-02 00:14:49,653 INFO L448 ceAbstractionStarter]: For program point L921(lines 921 928) no Hoare annotation was computed. [2018-12-02 00:14:49,653 INFO L448 ceAbstractionStarter]: For program point testFINAL(lines 870 1081) no Hoare annotation was computed. [2018-12-02 00:14:49,654 INFO L448 ceAbstractionStarter]: For program point L946(lines 946 953) no Hoare annotation was computed. [2018-12-02 00:14:49,654 INFO L444 ceAbstractionStarter]: At program point L930(lines 917 1072) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,654 INFO L444 ceAbstractionStarter]: At program point L1054(line 1054) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,654 INFO L448 ceAbstractionStarter]: For program point L1054-1(line 1054) no Hoare annotation was computed. [2018-12-02 00:14:49,654 INFO L448 ceAbstractionStarter]: For program point L988(lines 988 992) no Hoare annotation was computed. [2018-12-02 00:14:49,654 INFO L444 ceAbstractionStarter]: At program point L955(lines 942 1070) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,654 INFO L448 ceAbstractionStarter]: For program point L1013(lines 1013 1017) no Hoare annotation was computed. [2018-12-02 00:14:49,654 INFO L448 ceAbstractionStarter]: For program point L1038(lines 1038 1045) no Hoare annotation was computed. [2018-12-02 00:14:49,654 INFO L444 ceAbstractionStarter]: At program point L923(line 923) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (and (= test_~op1~0 0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,654 INFO L448 ceAbstractionStarter]: For program point L923-1(line 923) no Hoare annotation was computed. [2018-12-02 00:14:49,654 INFO L444 ceAbstractionStarter]: At program point L1047(lines 1034 1063) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,655 INFO L444 ceAbstractionStarter]: At program point L948(line 948) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,655 INFO L448 ceAbstractionStarter]: For program point L948-1(line 948) no Hoare annotation was computed. [2018-12-02 00:14:49,655 INFO L444 ceAbstractionStarter]: At program point L1040(line 1040) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,655 INFO L448 ceAbstractionStarter]: For program point L1040-1(line 1040) no Hoare annotation was computed. [2018-12-02 00:14:49,655 INFO L448 ceAbstractionStarter]: For program point L974(lines 974 981) no Hoare annotation was computed. [2018-12-02 00:14:49,655 INFO L444 ceAbstractionStarter]: At program point L941(lines 931 1071) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,655 INFO L448 ceAbstractionStarter]: For program point L999(lines 999 1006) no Hoare annotation was computed. [2018-12-02 00:14:49,655 INFO L448 ceAbstractionStarter]: For program point L1024(lines 1024 1031) no Hoare annotation was computed. [2018-12-02 00:14:49,655 INFO L444 ceAbstractionStarter]: At program point L983(lines 970 1068) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,655 INFO L448 ceAbstractionStarter]: For program point L917(lines 917 1072) no Hoare annotation was computed. [2018-12-02 00:14:49,656 INFO L444 ceAbstractionStarter]: At program point L1074(lines 908 1075) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,656 INFO L444 ceAbstractionStarter]: At program point L1008(lines 995 1066) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,656 INFO L444 ceAbstractionStarter]: At program point L1033(lines 1020 1064) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,656 INFO L444 ceAbstractionStarter]: At program point L976(line 976) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,656 INFO L448 ceAbstractionStarter]: For program point L976-1(line 976) no Hoare annotation was computed. [2018-12-02 00:14:49,656 INFO L448 ceAbstractionStarter]: For program point L910(lines 909 1073) no Hoare annotation was computed. [2018-12-02 00:14:49,656 INFO L444 ceAbstractionStarter]: At program point L1001(line 1001) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,656 INFO L448 ceAbstractionStarter]: For program point L1001-1(line 1001) no Hoare annotation was computed. [2018-12-02 00:14:49,656 INFO L448 ceAbstractionStarter]: For program point L935(lines 935 939) no Hoare annotation was computed. [2018-12-02 00:14:49,656 INFO L444 ceAbstractionStarter]: At program point L1026(line 1026) the Hoare annotation is: (or (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| |old(~__ste_Client_Keyring0_User0~0)|)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,656 INFO L448 ceAbstractionStarter]: For program point getEmailToFINAL(lines 563 581) no Hoare annotation was computed. [2018-12-02 00:14:49,656 INFO L448 ceAbstractionStarter]: For program point L571(lines 571 577) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point getEmailToEXIT(lines 563 581) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point L567(lines 567 578) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L451 ceAbstractionStarter]: At program point getEmailToENTRY(lines 563 581) the Hoare annotation is: true [2018-12-02 00:14:49,657 INFO L451 ceAbstractionStarter]: At program point get_queued_emailENTRY(lines 322 330) the Hoare annotation is: true [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point get_queued_emailFINAL(lines 322 330) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point get_queued_emailEXIT(lines 322 330) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L451 ceAbstractionStarter]: At program point L209(line 209) the Hoare annotation is: true [2018-12-02 00:14:49,657 INFO L451 ceAbstractionStarter]: At program point incoming__wrappee__SignENTRY(lines 204 213) the Hoare annotation is: true [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point incoming__wrappee__SignEXIT(lines 204 213) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point incoming__wrappee__SignFINAL(lines 204 213) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point getClientKeyringUserEXIT(lines 1803 1856) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point L1821(lines 1821 1852) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point L1840(lines 1840 1846) no Hoare annotation was computed. [2018-12-02 00:14:49,657 INFO L448 ceAbstractionStarter]: For program point L1807(lines 1807 1853) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point L1836(lines 1836 1847) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point getClientKeyringUserFINAL(lines 1803 1856) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point L1826(lines 1826 1832) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point L1822(lines 1822 1833) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L451 ceAbstractionStarter]: At program point getClientKeyringUserENTRY(lines 1803 1856) the Hoare annotation is: true [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point L1812(lines 1812 1818) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point L1808(lines 1808 1819) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point L1835(lines 1835 1851) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L451 ceAbstractionStarter]: At program point isReadable__wrappee__KeysENTRY(lines 2240 2248) the Hoare annotation is: true [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point isReadable__wrappee__KeysFINAL(lines 2240 2248) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point isReadable__wrappee__KeysEXIT(lines 2240 2248) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L451 ceAbstractionStarter]: At program point __utac_acc__SignForward_spec__1ENTRY(lines 2559 2584) the Hoare annotation is: true [2018-12-02 00:14:49,658 INFO L448 ceAbstractionStarter]: For program point __utac_acc__SignForward_spec__1EXIT(lines 2559 2584) no Hoare annotation was computed. [2018-12-02 00:14:49,658 INFO L444 ceAbstractionStarter]: At program point L2574(line 2574) the Hoare annotation is: (let ((.cse0 (< ~rjh~0 2)) (.cse1 (not (= 1 |__utac_acc__SignForward_spec__1_#in~client|))) (.cse2 (not (= 1 |__utac_acc__SignForward_spec__1_#in~msg|))) (.cse3 (< ~chuck~0 3)) (.cse4 (not (= 1 ~bob~0)))) (and (or (not (= 0 ~__ste_email_isSigned0~0)) .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse1 .cse2 (= 0 ~__ste_client_privateKey0~0) .cse3 .cse4))) [2018-12-02 00:14:49,659 INFO L448 ceAbstractionStarter]: For program point L2572(lines 2572 2578) no Hoare annotation was computed. [2018-12-02 00:14:49,659 INFO L444 ceAbstractionStarter]: At program point L2570(line 2570) the Hoare annotation is: (let ((.cse0 (< ~rjh~0 2)) (.cse1 (not (= 1 |__utac_acc__SignForward_spec__1_#in~client|))) (.cse2 (not (= 1 |__utac_acc__SignForward_spec__1_#in~msg|))) (.cse3 (< ~chuck~0 3)) (.cse4 (not (= 1 ~bob~0)))) (and (or (not (= 0 ~__ste_email_isSigned0~0)) .cse0 .cse1 .cse2 .cse3 .cse4) (or (and (= 1 __utac_acc__SignForward_spec__1_~client) (= 1 __utac_acc__SignForward_spec__1_~msg)) .cse0 .cse1 .cse2 (= 0 ~__ste_client_privateKey0~0) .cse3 .cse4))) [2018-12-02 00:14:49,659 INFO L448 ceAbstractionStarter]: For program point L2568(lines 2568 2581) no Hoare annotation was computed. [2018-12-02 00:14:49,659 INFO L448 ceAbstractionStarter]: For program point L2570-1(line 2570) no Hoare annotation was computed. [2018-12-02 00:14:49,659 INFO L444 ceAbstractionStarter]: At program point L2566(line 2566) the Hoare annotation is: (let ((.cse0 (and (= 1 __utac_acc__SignForward_spec__1_~client) (= 1 __utac_acc__SignForward_spec__1_~msg))) (.cse1 (< ~rjh~0 2)) (.cse2 (not (= 1 |__utac_acc__SignForward_spec__1_#in~client|))) (.cse3 (not (= 1 |__utac_acc__SignForward_spec__1_#in~msg|))) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 (not (= 0 ~__ste_email_isSigned0~0)) .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse1 .cse2 .cse3 (= 0 ~__ste_client_privateKey0~0) .cse4 .cse5))) [2018-12-02 00:14:49,659 INFO L448 ceAbstractionStarter]: For program point L2568-1(lines 2559 2584) no Hoare annotation was computed. [2018-12-02 00:14:49,659 INFO L448 ceAbstractionStarter]: For program point L2566-1(line 2566) no Hoare annotation was computed. [2018-12-02 00:14:49,659 INFO L448 ceAbstractionStarter]: For program point L1887(lines 1887 1891) no Hoare annotation was computed. [2018-12-02 00:14:49,659 INFO L444 ceAbstractionStarter]: At program point setClientKeyringUserENTRY(lines 1857 1900) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,659 INFO L448 ceAbstractionStarter]: For program point L1883(lines 1883 1895) no Hoare annotation was computed. [2018-12-02 00:14:49,659 INFO L448 ceAbstractionStarter]: For program point L1883-1(lines 1857 1900) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L1873(lines 1873 1881) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L1865(lines 1865 1869) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L1861(lines 1861 1897) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point setClientKeyringUserEXIT(lines 1857 1900) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L1884(lines 1884 1892) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L1876(lines 1876 1880) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L1872(lines 1872 1896) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L1862(lines 1862 1870) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L451 ceAbstractionStarter]: At program point setEmailFromENTRY(lines 545 560) the Hoare annotation is: true [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point setEmailFromEXIT(lines 545 560) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L552(lines 552 556) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L552-2(lines 545 560) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L549(lines 549 557) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L2257(lines 2257 2265) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point isReadableEXIT(lines 2249 2268) no Hoare annotation was computed. [2018-12-02 00:14:49,660 INFO L448 ceAbstractionStarter]: For program point L2255-1(line 2255) no Hoare annotation was computed. [2018-12-02 00:14:49,661 INFO L444 ceAbstractionStarter]: At program point L2255(line 2255) the Hoare annotation is: (let ((.cse2 (= 0 ~__ste_client_privateKey0~0)) (.cse5 (= 1 |isReadable_#in~msg|)) (.cse6 (not (= ~queue_empty~0 1))) (.cse7 (not (= 0 ~__ste_email_isSigned0~0))) (.cse1 (= isReadable_~msg |isReadable_#in~msg|)) (.cse0 (< ~rjh~0 2)) (.cse3 (< ~chuck~0 3)) (.cse4 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse6 .cse0 .cse2 .cse3 .cse4) (or .cse7 .cse0 .cse1 .cse3 .cse4 .cse5) (or .cse6 .cse7 .cse1 .cse0 .cse3 .cse4))) [2018-12-02 00:14:49,661 INFO L444 ceAbstractionStarter]: At program point L2262(line 2262) the Hoare annotation is: (let ((.cse9 (= 1 |isReadable_#in~msg|))) (let ((.cse14 (= 0 ~__ste_email_isSigned0~0)) (.cse8 (= isReadable_~tmp~15 ~__ste_email_isEncrypted0~0)) (.cse16 (= 0 ~__ste_email_isEncrypted0~0)) (.cse12 (<= 2 ~rjh~0)) (.cse13 (not .cse9)) (.cse15 (= isReadable_~msg |isReadable_#in~msg|))) (let ((.cse1 (and .cse12 .cse13 .cse15)) (.cse4 (= 0 ~__ste_client_privateKey0~0)) (.cse7 (not .cse16)) (.cse0 (not (= ~queue_empty~0 1))) (.cse3 (and .cse15 .cse8 .cse16)) (.cse10 (not .cse14)) (.cse2 (< ~rjh~0 2)) (.cse11 (and .cse12 .cse13 .cse14 .cse15)) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 .cse8 .cse2 .cse4 .cse5 .cse6 .cse9) (or .cse2 .cse1 .cse4 .cse5 .cse6 .cse9) (or .cse7 .cse10 .cse2 .cse8 .cse5 .cse6 .cse9) (or .cse10 .cse2 .cse11 .cse5 .cse6 .cse9) (or .cse0 .cse3 .cse10 .cse2 .cse11 .cse5 .cse6))))) [2018-12-02 00:14:49,661 INFO L451 ceAbstractionStarter]: At program point isReadableENTRY(lines 2249 2268) the Hoare annotation is: true [2018-12-02 00:14:49,661 INFO L448 ceAbstractionStarter]: For program point L2262-1(line 2262) no Hoare annotation was computed. [2018-12-02 00:14:49,661 INFO L448 ceAbstractionStarter]: For program point isReadableFINAL(lines 2249 2268) no Hoare annotation was computed. [2018-12-02 00:14:49,661 INFO L448 ceAbstractionStarter]: For program point __automaton_failFINAL(lines 436 443) no Hoare annotation was computed. [2018-12-02 00:14:49,661 INFO L448 ceAbstractionStarter]: For program point __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION(line 440) no Hoare annotation was computed. [2018-12-02 00:14:49,661 INFO L451 ceAbstractionStarter]: At program point __automaton_failENTRY(lines 436 443) the Hoare annotation is: true [2018-12-02 00:14:49,661 INFO L448 ceAbstractionStarter]: For program point __automaton_failEXIT(lines 436 443) no Hoare annotation was computed. [2018-12-02 00:14:49,661 INFO L448 ceAbstractionStarter]: For program point L2048(lines 2048 2052) no Hoare annotation was computed. [2018-12-02 00:14:49,661 INFO L448 ceAbstractionStarter]: For program point L2044(lines 2044 2056) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point L2044-1(lines 2018 2061) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point setClientKeyringPublicKeyEXIT(lines 2018 2061) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point L2034(lines 2034 2042) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point L2026(lines 2026 2030) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point L2022(lines 2022 2058) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point L2045(lines 2045 2053) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L451 ceAbstractionStarter]: At program point setClientKeyringPublicKeyENTRY(lines 2018 2061) the Hoare annotation is: true [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point L2037(lines 2037 2041) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point L2033(lines 2033 2057) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point L2023(lines 2023 2031) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L451 ceAbstractionStarter]: At program point setup_rjh__wrappee__BaseENTRY(lines 2326 2335) the Hoare annotation is: true [2018-12-02 00:14:49,662 INFO L444 ceAbstractionStarter]: At program point L2331(line 2331) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (<= |setup_rjh__wrappee__Base_#in~rjh___0| setup_rjh__wrappee__Base_~rjh___0) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (< ~rjh~0 2) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0)) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point setup_rjh__wrappee__BaseFINAL(lines 2326 2335) no Hoare annotation was computed. [2018-12-02 00:14:49,662 INFO L448 ceAbstractionStarter]: For program point setup_rjh__wrappee__BaseEXIT(lines 2326 2335) no Hoare annotation was computed. [2018-12-02 00:14:49,663 INFO L444 ceAbstractionStarter]: At program point L188(line 188) the Hoare annotation is: (or (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= 1 |outgoing_#in~client|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= outgoing_~client |outgoing_#in~client|) (= outgoing_~msg |outgoing_#in~msg|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= 1 |outgoing_#in~msg|)) (< ~rjh~0 2) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,663 INFO L444 ceAbstractionStarter]: At program point L188-1(line 188) the Hoare annotation is: (let ((.cse0 (= 0 ~__ste_email_isEncrypted0~0)) (.cse1 (= outgoing_~client |outgoing_#in~client|)) (.cse2 (= outgoing_~msg |outgoing_#in~msg|))) (or (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= 1 |outgoing_#in~client|)) (and (= 0 ~__ste_email_isSigned0~0) .cse0 .cse1 .cse2) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= 1 |outgoing_#in~msg|)) (< ~rjh~0 2) (and (not (= 0 ~__ste_client_privateKey0~0)) .cse0 .cse1 .cse2) (< ~chuck~0 3) (not (= 1 ~bob~0)))) [2018-12-02 00:14:49,663 INFO L448 ceAbstractionStarter]: For program point outgoingEXIT(lines 183 193) no Hoare annotation was computed. [2018-12-02 00:14:49,663 INFO L444 ceAbstractionStarter]: At program point outgoingENTRY(lines 183 193) the Hoare annotation is: (or (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= 1 |outgoing_#in~client|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (not (= 1 |outgoing_#in~msg|)) (< ~rjh~0 2) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,663 INFO L448 ceAbstractionStarter]: For program point outgoingFINAL(lines 183 193) no Hoare annotation was computed. [2018-12-02 00:14:49,663 INFO L451 ceAbstractionStarter]: At program point select_helpersFINAL(lines 71 77) the Hoare annotation is: true [2018-12-02 00:14:49,663 INFO L448 ceAbstractionStarter]: For program point select_helpersEXIT(lines 71 77) no Hoare annotation was computed. [2018-12-02 00:14:49,663 INFO L448 ceAbstractionStarter]: For program point getClientIdFINAL(lines 2113 2136) no Hoare annotation was computed. [2018-12-02 00:14:49,663 INFO L448 ceAbstractionStarter]: For program point L2125(lines 2125 2131) no Hoare annotation was computed. [2018-12-02 00:14:49,663 INFO L451 ceAbstractionStarter]: At program point getClientIdENTRY(lines 2113 2136) the Hoare annotation is: true [2018-12-02 00:14:49,663 INFO L448 ceAbstractionStarter]: For program point L2121(lines 2121 2132) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point getClientIdEXIT(lines 2113 2136) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point L2117(lines 2117 2133) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point deliverFINAL(lines 194 203) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L451 ceAbstractionStarter]: At program point deliverENTRY(lines 194 203) the Hoare annotation is: true [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point deliverEXIT(lines 194 203) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L451 ceAbstractionStarter]: At program point L1777(line 1777) the Hoare annotation is: true [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point L1777-1(line 1777) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point createClientKeyringEntryEXIT(lines 1769 1793) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L451 ceAbstractionStarter]: At program point L1783(line 1783) the Hoare annotation is: true [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point L1783-1(line 1783) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point L1780(lines 1780 1790) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L451 ceAbstractionStarter]: At program point createClientKeyringEntryENTRY(lines 1769 1793) the Hoare annotation is: true [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point createClientKeyringEntryFINAL(lines 1769 1793) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L448 ceAbstractionStarter]: For program point setup_chuckEXIT(lines 2357 2367) no Hoare annotation was computed. [2018-12-02 00:14:49,664 INFO L444 ceAbstractionStarter]: At program point L2362(line 2362) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (< ~rjh~0 2) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0)) (<= |setup_chuck_#in~chuck___0| setup_chuck_~chuck___0) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,665 INFO L451 ceAbstractionStarter]: At program point setup_chuckENTRY(lines 2357 2367) the Hoare annotation is: true [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point setup_chuckFINAL(lines 2357 2367) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L444 ceAbstractionStarter]: At program point L2362-1(line 2362) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (< ~rjh~0 2) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0)) (<= |setup_chuck_#in~chuck___0| setup_chuck_~chuck___0) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L1982(lines 1982 2013) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L2001(lines 2001 2007) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L1968(lines 1968 2014) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L1997(lines 1997 2008) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L1987(lines 1987 1993) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L1983(lines 1983 1994) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L1973(lines 1973 1979) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point findPublicKeyFINAL(lines 1964 2017) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L1969(lines 1969 1980) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point L1996(lines 1996 2012) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L448 ceAbstractionStarter]: For program point findPublicKeyEXIT(lines 1964 2017) no Hoare annotation was computed. [2018-12-02 00:14:49,665 INFO L451 ceAbstractionStarter]: At program point findPublicKeyENTRY(lines 1964 2017) the Hoare annotation is: true [2018-12-02 00:14:49,666 INFO L444 ceAbstractionStarter]: At program point outgoing__wrappee__EncryptENTRY(lines 156 182) the Hoare annotation is: (let ((.cse1 (= 0 ~__ste_email_isEncrypted0~0)) (.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 1 |outgoing__wrappee__Encrypt_#in~client|))) (.cse4 (not (= 1 |outgoing__wrappee__Encrypt_#in~msg|))) (.cse5 (< ~rjh~0 2)) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= 0 ~__ste_email_isSigned0~0)) .cse4 .cse5 .cse6 .cse7) (or .cse1 .cse0 .cse2 .cse3 .cse4 .cse5 (= 0 ~__ste_client_privateKey0~0) .cse6 .cse7))) [2018-12-02 00:14:49,666 INFO L448 ceAbstractionStarter]: For program point outgoing__wrappee__EncryptEXIT(lines 156 182) no Hoare annotation was computed. [2018-12-02 00:14:49,666 INFO L444 ceAbstractionStarter]: At program point L171(line 171) the Hoare annotation is: (let ((.cse9 (= |outgoing__wrappee__Encrypt_#in~msg| outgoing__wrappee__Encrypt_~msg)) (.cse10 (= outgoing__wrappee__Encrypt_~client |outgoing__wrappee__Encrypt_#in~client|)) (.cse11 (= 0 ~__ste_email_isEncrypted0~0))) (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse6 (and .cse9 (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) .cse10 .cse11)) (.cse1 (not (= ~queue_empty~0 1))) (.cse2 (not (= 1 |outgoing__wrappee__Encrypt_#in~client|))) (.cse4 (not (= 1 |outgoing__wrappee__Encrypt_#in~msg|))) (.cse5 (< ~rjh~0 2)) (.cse3 (and .cse9 (= outgoing__wrappee__Encrypt_~receiver~0 ~__ste_email_to0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse10 .cse11)) (.cse7 (< ~chuck~0 3)) (.cse8 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= 0 ~__ste_email_isSigned0~0)) .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse0 .cse6 .cse1 .cse2 .cse4 .cse5 .cse3 (= 0 ~__ste_client_privateKey0~0) .cse7 .cse8)))) [2018-12-02 00:14:49,667 INFO L444 ceAbstractionStarter]: At program point L171-1(line 171) the Hoare annotation is: (let ((.cse9 (= |outgoing__wrappee__Encrypt_#in~msg| outgoing__wrappee__Encrypt_~msg)) (.cse10 (= outgoing__wrappee__Encrypt_~client |outgoing__wrappee__Encrypt_#in~client|)) (.cse11 (= 0 ~__ste_email_isEncrypted0~0))) (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse6 (and .cse9 (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) .cse10 .cse11)) (.cse1 (not (= ~queue_empty~0 1))) (.cse2 (not (= 1 |outgoing__wrappee__Encrypt_#in~client|))) (.cse4 (not (= 1 |outgoing__wrappee__Encrypt_#in~msg|))) (.cse5 (< ~rjh~0 2)) (.cse3 (and .cse9 (= outgoing__wrappee__Encrypt_~receiver~0 ~__ste_email_to0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse10 .cse11)) (.cse7 (< ~chuck~0 3)) (.cse8 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= 0 ~__ste_email_isSigned0~0)) .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse0 .cse6 .cse1 .cse2 .cse4 .cse5 .cse3 (= 0 ~__ste_client_privateKey0~0) .cse7 .cse8)))) [2018-12-02 00:14:49,667 INFO L448 ceAbstractionStarter]: For program point L169(lines 169 176) no Hoare annotation was computed. [2018-12-02 00:14:49,668 INFO L444 ceAbstractionStarter]: At program point L169-1(lines 169 176) the Hoare annotation is: (let ((.cse10 (= |outgoing__wrappee__Encrypt_#in~msg| outgoing__wrappee__Encrypt_~msg)) (.cse11 (= outgoing__wrappee__Encrypt_~client |outgoing__wrappee__Encrypt_#in~client|))) (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse1 (not (= ~queue_empty~0 1))) (.cse3 (not (= 1 |outgoing__wrappee__Encrypt_#in~msg|))) (.cse4 (< ~rjh~0 2)) (.cse6 (not (= 1 ~bob~0))) (.cse8 (not (= 1 |outgoing__wrappee__Encrypt_#in~client|))) (.cse2 (and .cse10 (= outgoing__wrappee__Encrypt_~receiver~0 ~__ste_email_to0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse11)) (.cse5 (and (= 0 outgoing__wrappee__Encrypt_~pubkey~0) .cse10 .cse11 (= 0 ~__ste_email_isEncrypted0~0))) (.cse7 (and .cse10 (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) .cse11)) (.cse9 (< ~chuck~0 3))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 (= 0 ~__ste_client_privateKey0~0) .cse6 .cse7 .cse8 .cse9) (or .cse0 .cse1 (not (= 0 ~__ste_email_isSigned0~0)) .cse3 .cse4 .cse6 .cse8 .cse2 .cse5 .cse7 .cse9)))) [2018-12-02 00:14:49,668 INFO L448 ceAbstractionStarter]: For program point outgoing__wrappee__EncryptFINAL(lines 156 182) no Hoare annotation was computed. [2018-12-02 00:14:49,668 INFO L444 ceAbstractionStarter]: At program point L166(line 166) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse1 (not (= ~queue_empty~0 1))) (.cse2 (not (= 1 |outgoing__wrappee__Encrypt_#in~client|))) (.cse3 (and (= |outgoing__wrappee__Encrypt_#in~msg| outgoing__wrappee__Encrypt_~msg) (= outgoing__wrappee__Encrypt_~receiver~0 ~__ste_email_to0~0) (= outgoing__wrappee__Encrypt_~client |outgoing__wrappee__Encrypt_#in~client|) (= 0 ~__ste_email_isEncrypted0~0))) (.cse4 (not (= 1 |outgoing__wrappee__Encrypt_#in~msg|))) (.cse5 (< ~rjh~0 2)) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 (= 0 ~__ste_client_privateKey0~0) .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse3 (not (= 0 ~__ste_email_isSigned0~0)) .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,670 INFO L448 ceAbstractionStarter]: For program point L166-1(line 166) no Hoare annotation was computed. [2018-12-02 00:14:49,670 INFO L444 ceAbstractionStarter]: At program point L164(line 164) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse1 (not (= ~queue_empty~0 1))) (.cse2 (not (= 1 |outgoing__wrappee__Encrypt_#in~client|))) (.cse4 (not (= 1 |outgoing__wrappee__Encrypt_#in~msg|))) (.cse3 (and (= |outgoing__wrappee__Encrypt_#in~msg| outgoing__wrappee__Encrypt_~msg) (= outgoing__wrappee__Encrypt_~client |outgoing__wrappee__Encrypt_#in~client|) (= 0 ~__ste_email_isEncrypted0~0))) (.cse5 (< ~rjh~0 2)) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 (= 0 ~__ste_client_privateKey0~0) .cse6 .cse7) (or .cse0 .cse1 .cse2 (not (= 0 ~__ste_email_isSigned0~0)) .cse4 .cse3 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,670 INFO L448 ceAbstractionStarter]: For program point L164-1(line 164) no Hoare annotation was computed. [2018-12-02 00:14:49,670 INFO L444 ceAbstractionStarter]: At program point L289(line 289) the Hoare annotation is: (or (not (= 1 |sendEmail_#in~sender|)) (not (= 0 |old(~__ste_email_isEncrypted0~0)|)) (not (= ~queue_empty~0 1)) (not (= 0 |old(~__ste_email_isSigned0~0)|)) (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 1 sendEmail_~sender) (= 1 sendEmail_~email~0)) (< ~rjh~0 2) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,670 INFO L448 ceAbstractionStarter]: For program point sendEmailEXIT(lines 281 293) no Hoare annotation was computed. [2018-12-02 00:14:49,670 INFO L444 ceAbstractionStarter]: At program point L287(line 287) the Hoare annotation is: (let ((.cse0 (not (= 1 |sendEmail_#in~sender|))) (.cse1 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 |old(~__ste_email_isSigned0~0)|))) (.cse4 (< ~rjh~0 2)) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 (not (= 0 ~__ste_Client_Keyring0_User0~0)) .cse1 .cse2 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse3 .cse4 (not (= |old(~__ste_email_to0~0)| ~__ste_Client_Keyring0_User0~0)) .cse5 .cse6) (or .cse0 .cse1 .cse2 (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 1 sendEmail_~sender)) .cse3 .cse4 .cse5 .cse6))) [2018-12-02 00:14:49,671 INFO L448 ceAbstractionStarter]: For program point L287-1(line 287) no Hoare annotation was computed. [2018-12-02 00:14:49,671 INFO L444 ceAbstractionStarter]: At program point sendEmailENTRY(lines 281 293) the Hoare annotation is: (let ((.cse0 (not (= 1 |sendEmail_#in~sender|))) (.cse1 (not (= 0 |old(~__ste_email_isEncrypted0~0)|))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 |old(~__ste_email_isSigned0~0)|))) (.cse4 (< ~rjh~0 2)) (.cse5 (< ~chuck~0 3)) (.cse6 (not (= 1 ~bob~0)))) (and (or .cse0 (not (= 0 ~__ste_Client_Keyring0_User0~0)) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse1 .cse2 .cse3 .cse4 (not (= |old(~__ste_email_to0~0)| ~__ste_Client_Keyring0_User0~0)) .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse3 .cse4 (and (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0)) .cse5 .cse6))) [2018-12-02 00:14:49,672 INFO L448 ceAbstractionStarter]: For program point sendEmailFINAL(lines 281 293) no Hoare annotation was computed. [2018-12-02 00:14:49,672 INFO L448 ceAbstractionStarter]: For program point L686(lines 686 692) no Hoare annotation was computed. [2018-12-02 00:14:49,672 INFO L448 ceAbstractionStarter]: For program point isEncryptedFINAL(lines 678 696) no Hoare annotation was computed. [2018-12-02 00:14:49,672 INFO L448 ceAbstractionStarter]: For program point L682(lines 682 693) no Hoare annotation was computed. [2018-12-02 00:14:49,673 INFO L448 ceAbstractionStarter]: For program point isEncryptedEXIT(lines 678 696) no Hoare annotation was computed. [2018-12-02 00:14:49,673 INFO L451 ceAbstractionStarter]: At program point isEncryptedENTRY(lines 678 696) the Hoare annotation is: true [2018-12-02 00:14:49,673 INFO L448 ceAbstractionStarter]: For program point L417(lines 417 431) no Hoare annotation was computed. [2018-12-02 00:14:49,673 INFO L448 ceAbstractionStarter]: For program point L417-1(lines 387 434) no Hoare annotation was computed. [2018-12-02 00:14:49,673 INFO L448 ceAbstractionStarter]: For program point L413(line 413) no Hoare annotation was computed. [2018-12-02 00:14:49,673 INFO L448 ceAbstractionStarter]: For program point verifyEXIT(lines 387 434) no Hoare annotation was computed. [2018-12-02 00:14:49,673 INFO L444 ceAbstractionStarter]: At program point L424(line 424) the Hoare annotation is: (let ((.cse9 (= 1 |verify_#in~msg|))) (let ((.cse8 (not .cse9)) (.cse0 (= verify_~msg |verify_#in~msg|)) (.cse12 (= 0 ~__ste_email_isSigned0~0))) (let ((.cse3 (= 0 ~__ste_client_privateKey0~0)) (.cse6 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse1 (not (= ~queue_empty~0 1))) (.cse7 (= verify_~tmp~7 1)) (.cse10 (not .cse12)) (.cse2 (< ~rjh~0 2)) (.cse11 (and .cse8 (<= 2 ~rjh~0) .cse0 .cse12)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse2 .cse7 .cse3 .cse4 .cse5 .cse8) (or .cse9 .cse0 .cse2 .cse3 .cse4 .cse5) (or .cse9 .cse10 .cse2 .cse11 .cse4 .cse5) (or (and .cse0 .cse6) .cse1 (and .cse7 .cse0) .cse10 .cse2 .cse11 .cse4 .cse5))))) [2018-12-02 00:14:49,673 INFO L451 ceAbstractionStarter]: At program point verifyENTRY(lines 387 434) the Hoare annotation is: true [2018-12-02 00:14:49,673 INFO L448 ceAbstractionStarter]: For program point L422(lines 422 428) no Hoare annotation was computed. [2018-12-02 00:14:49,673 INFO L444 ceAbstractionStarter]: At program point L420(line 420) the Hoare annotation is: (let ((.cse9 (= 1 |verify_#in~msg|))) (let ((.cse8 (not .cse9)) (.cse0 (= verify_~msg |verify_#in~msg|)) (.cse12 (= 0 ~__ste_email_isSigned0~0))) (let ((.cse3 (= 0 ~__ste_client_privateKey0~0)) (.cse6 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse1 (not (= ~queue_empty~0 1))) (.cse7 (= verify_~tmp~7 1)) (.cse10 (not .cse12)) (.cse2 (< ~rjh~0 2)) (.cse11 (and .cse8 (<= 2 ~rjh~0) .cse0 .cse12)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse2 .cse7 .cse3 .cse4 .cse5 .cse8) (or .cse9 .cse0 .cse2 .cse3 .cse4 .cse5) (or .cse9 .cse10 .cse2 .cse11 .cse4 .cse5) (or (and .cse0 .cse6) .cse1 (and .cse7 .cse0) .cse10 .cse2 .cse11 .cse4 .cse5))))) [2018-12-02 00:14:49,673 INFO L448 ceAbstractionStarter]: For program point L420-1(line 420) no Hoare annotation was computed. [2018-12-02 00:14:49,675 INFO L444 ceAbstractionStarter]: At program point L414(line 414) the Hoare annotation is: (let ((.cse9 (= 1 |verify_#in~msg|))) (let ((.cse8 (not .cse9)) (.cse0 (= verify_~msg |verify_#in~msg|)) (.cse12 (= 0 ~__ste_email_isSigned0~0))) (let ((.cse3 (= 0 ~__ste_client_privateKey0~0)) (.cse6 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse1 (not (= ~queue_empty~0 1))) (.cse7 (= verify_~tmp~7 1)) (.cse10 (not .cse12)) (.cse2 (< ~rjh~0 2)) (.cse11 (and .cse8 (<= 2 ~rjh~0) .cse0 .cse12)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse2 .cse7 .cse3 .cse4 .cse5 .cse8) (or .cse9 .cse0 .cse2 .cse3 .cse4 .cse5) (or .cse9 .cse10 .cse2 .cse11 .cse4 .cse5) (or (and .cse0 .cse6) .cse1 (and .cse7 .cse0) .cse10 .cse2 .cse11 .cse4 .cse5))))) [2018-12-02 00:14:49,675 INFO L448 ceAbstractionStarter]: For program point L414-1(line 414) no Hoare annotation was computed. [2018-12-02 00:14:49,675 INFO L448 ceAbstractionStarter]: For program point L404(lines 404 408) no Hoare annotation was computed. [2018-12-02 00:14:49,675 INFO L444 ceAbstractionStarter]: At program point L404-1(lines 400 411) the Hoare annotation is: (let ((.cse9 (= 1 |verify_#in~msg|))) (let ((.cse8 (not .cse9)) (.cse0 (= verify_~msg |verify_#in~msg|)) (.cse12 (= 0 ~__ste_email_isSigned0~0))) (let ((.cse3 (= 0 ~__ste_client_privateKey0~0)) (.cse6 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse1 (not (= ~queue_empty~0 1))) (.cse7 (= verify_~tmp~7 1)) (.cse10 (not .cse12)) (.cse2 (< ~rjh~0 2)) (.cse11 (and .cse8 (<= 2 ~rjh~0) .cse0 .cse12)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse2 .cse7 .cse3 .cse4 .cse5 .cse8) (or .cse9 .cse0 .cse2 .cse3 .cse4 .cse5) (or .cse9 .cse10 .cse2 .cse11 .cse4 .cse5) (or (and .cse0 .cse6) .cse1 (and .cse7 .cse0) .cse10 .cse2 .cse11 .cse4 .cse5))))) [2018-12-02 00:14:49,676 INFO L444 ceAbstractionStarter]: At program point L402(line 402) the Hoare annotation is: (let ((.cse9 (= 1 |verify_#in~msg|))) (let ((.cse8 (not .cse9)) (.cse0 (= verify_~msg |verify_#in~msg|)) (.cse12 (= 0 ~__ste_email_isSigned0~0))) (let ((.cse3 (= 0 ~__ste_client_privateKey0~0)) (.cse6 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse1 (not (= ~queue_empty~0 1))) (.cse7 (= verify_~tmp~7 1)) (.cse10 (not .cse12)) (.cse2 (< ~rjh~0 2)) (.cse11 (and .cse8 (<= 2 ~rjh~0) .cse0 .cse12)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse2 .cse7 .cse3 .cse4 .cse5 .cse8) (or .cse9 .cse0 .cse2 .cse3 .cse4 .cse5) (or .cse9 .cse10 .cse2 .cse11 .cse4 .cse5) (or (and .cse0 .cse6) .cse1 (and .cse7 .cse0) .cse10 .cse2 .cse11 .cse4 .cse5))))) [2018-12-02 00:14:49,676 INFO L448 ceAbstractionStarter]: For program point L402-1(line 402) no Hoare annotation was computed. [2018-12-02 00:14:49,676 INFO L448 ceAbstractionStarter]: For program point L400(lines 400 411) no Hoare annotation was computed. [2018-12-02 00:14:49,676 INFO L444 ceAbstractionStarter]: At program point L398(line 398) the Hoare annotation is: (let ((.cse1 (not (= 0 ~__ste_email_isSigned0~0))) (.cse0 (= 1 |verify_#in~msg|)) (.cse6 (not (= ~queue_empty~0 1))) (.cse3 (= verify_~msg |verify_#in~msg|)) (.cse2 (< ~rjh~0 2)) (.cse7 (= 0 ~__ste_client_privateKey0~0)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse3 .cse2 .cse4 .cse5) (or .cse0 .cse3 .cse2 .cse7 .cse4 .cse5) (or .cse6 .cse3 .cse2 .cse7 .cse4 .cse5))) [2018-12-02 00:14:49,676 INFO L448 ceAbstractionStarter]: For program point L398-1(line 398) no Hoare annotation was computed. [2018-12-02 00:14:49,676 INFO L444 ceAbstractionStarter]: At program point L419(line 419) the Hoare annotation is: (let ((.cse9 (= 1 |verify_#in~msg|))) (let ((.cse8 (not .cse9)) (.cse0 (= verify_~msg |verify_#in~msg|)) (.cse12 (= 0 ~__ste_email_isSigned0~0))) (let ((.cse3 (= 0 ~__ste_client_privateKey0~0)) (.cse6 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse1 (not (= ~queue_empty~0 1))) (.cse7 (= verify_~tmp~7 1)) (.cse10 (not .cse12)) (.cse2 (< ~rjh~0 2)) (.cse11 (and .cse8 (<= 2 ~rjh~0) .cse0 .cse12)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse2 .cse7 .cse3 .cse4 .cse5 .cse8) (or .cse9 .cse0 .cse2 .cse3 .cse4 .cse5) (or .cse9 .cse10 .cse2 .cse11 .cse4 .cse5) (or (and .cse0 .cse6) .cse1 (and .cse7 .cse0) .cse10 .cse2 .cse11 .cse4 .cse5))))) [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point L419-1(line 419) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point L704(lines 704 708) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point L704-2(lines 697 712) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point L701(lines 701 709) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point setEmailIsEncryptedEXIT(lines 697 712) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L444 ceAbstractionStarter]: At program point setEmailIsEncryptedENTRY(lines 697 712) the Hoare annotation is: (let ((.cse1 (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|)) (.cse0 (< ~rjh~0 2)) (.cse2 (< ~chuck~0 3)) (.cse3 (not (= 1 ~bob~0)))) (and (or .cse0 (= 0 ~__ste_client_privateKey0~0) .cse1 .cse2 .cse3) (or .cse1 (not (= 0 ~__ste_email_isSigned0~0)) .cse0 .cse2 .cse3))) [2018-12-02 00:14:49,679 INFO L451 ceAbstractionStarter]: At program point incoming__wrappee__VerifyENTRY(lines 214 224) the Hoare annotation is: true [2018-12-02 00:14:49,679 INFO L444 ceAbstractionStarter]: At program point L219(line 219) the Hoare annotation is: (let ((.cse2 (= 0 ~__ste_client_privateKey0~0)) (.cse3 (= 1 |incoming__wrappee__Verify_#in~msg|)) (.cse6 (not (= ~queue_empty~0 1))) (.cse7 (not (= 0 ~__ste_email_isSigned0~0))) (.cse1 (< ~rjh~0 2)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0))) (.cse0 (= incoming__wrappee__Verify_~msg |incoming__wrappee__Verify_#in~msg|))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse6 .cse1 .cse2 .cse4 .cse5) (or .cse7 .cse1 .cse3 .cse0 .cse4 .cse5) (or .cse6 .cse7 .cse1 .cse4 .cse5 .cse0))) [2018-12-02 00:14:49,679 INFO L444 ceAbstractionStarter]: At program point L219-1(line 219) the Hoare annotation is: (let ((.cse2 (= 0 ~__ste_client_privateKey0~0)) (.cse3 (= 1 |incoming__wrappee__Verify_#in~msg|)) (.cse6 (not (= ~queue_empty~0 1))) (.cse7 (not (= 0 ~__ste_email_isSigned0~0))) (.cse1 (< ~rjh~0 2)) (.cse4 (< ~chuck~0 3)) (.cse5 (not (= 1 ~bob~0))) (.cse0 (= incoming__wrappee__Verify_~msg |incoming__wrappee__Verify_#in~msg|))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse6 .cse1 .cse2 .cse4 .cse5) (or .cse7 .cse1 .cse3 .cse0 .cse4 .cse5) (or .cse6 .cse7 .cse1 .cse4 .cse5 .cse0))) [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point incoming__wrappee__VerifyFINAL(lines 214 224) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point incoming__wrappee__VerifyEXIT(lines 214 224) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point getEmailSignKeyEXIT(lines 789 807) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L448 ceAbstractionStarter]: For program point L797(lines 797 803) no Hoare annotation was computed. [2018-12-02 00:14:49,679 INFO L451 ceAbstractionStarter]: At program point getEmailSignKeyENTRY(lines 789 807) the Hoare annotation is: true [2018-12-02 00:14:49,683 INFO L448 ceAbstractionStarter]: For program point getEmailSignKeyFINAL(lines 789 807) no Hoare annotation was computed. [2018-12-02 00:14:49,683 INFO L448 ceAbstractionStarter]: For program point L793(lines 793 804) no Hoare annotation was computed. [2018-12-02 00:14:49,683 INFO L451 ceAbstractionStarter]: At program point setClientPrivateKeyENTRY(lines 1702 1721) the Hoare annotation is: true [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point setClientPrivateKeyEXIT(lines 1702 1721) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point L1712(lines 1712 1716) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point L1712-2(lines 1702 1721) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point L1709(lines 1709 1717) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point L1706(lines 1706 1718) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L444 ceAbstractionStarter]: At program point L2510(line 2510) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point chuckKeyAddEXIT(lines 2504 2515) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point L2509(line 2509) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L451 ceAbstractionStarter]: At program point L2510-1(line 2510) the Hoare annotation is: true [2018-12-02 00:14:49,684 INFO L444 ceAbstractionStarter]: At program point chuckKeyAddENTRY(lines 2504 2515) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point chuckKeyAddFINAL(lines 2504 2515) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point L1729(lines 1729 1745) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L451 ceAbstractionStarter]: At program point getClientKeyringSizeENTRY(lines 1725 1748) the Hoare annotation is: true [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point getClientKeyringSizeEXIT(lines 1725 1748) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point L1737(lines 1737 1743) no Hoare annotation was computed. [2018-12-02 00:14:49,684 INFO L448 ceAbstractionStarter]: For program point getClientKeyringSizeFINAL(lines 1725 1748) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L1733(lines 1733 1744) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L589(lines 589 593) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L589-2(lines 582 597) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L586(lines 586 594) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point setEmailToEXIT(lines 582 597) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L444 ceAbstractionStarter]: At program point setEmailToENTRY(lines 582 597) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (< ~rjh~0 2) (not (= |old(~__ste_email_to0~0)| ~__ste_Client_Keyring0_User0~0)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,687 INFO L451 ceAbstractionStarter]: At program point setEmailIsSignatureVerifiedENTRY(lines 845 860) the Hoare annotation is: true [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L849(lines 849 857) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point setEmailIsSignatureVerifiedEXIT(lines 845 860) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L852(lines 852 856) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L852-2(lines 845 860) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point is_queue_emptyEXIT(lines 304 312) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L451 ceAbstractionStarter]: At program point is_queue_emptyENTRY(lines 304 312) the Hoare annotation is: true [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point is_queue_emptyFINAL(lines 304 312) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L2461-1(line 2461) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L451 ceAbstractionStarter]: At program point L2461(line 2461) the Hoare annotation is: true [2018-12-02 00:14:49,687 INFO L451 ceAbstractionStarter]: At program point L2458(line 2458) the Hoare annotation is: true [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L2456(line 2456) no Hoare annotation was computed. [2018-12-02 00:14:49,687 INFO L448 ceAbstractionStarter]: For program point L2458-1(line 2458) no Hoare annotation was computed. [2018-12-02 00:14:49,688 INFO L444 ceAbstractionStarter]: At program point L2454(line 2454) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,688 INFO L451 ceAbstractionStarter]: At program point L2455-1(line 2455) the Hoare annotation is: true [2018-12-02 00:14:49,688 INFO L448 ceAbstractionStarter]: For program point bobKeyAddEXIT(lines 2446 2467) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L444 ceAbstractionStarter]: At program point L2455(line 2455) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L2454-1(line 2454) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L444 ceAbstractionStarter]: At program point bobKeyAddENTRY(lines 2446 2467) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point bobKeyAddFINAL(lines 2446 2467) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point getClientKeyringPublicKeyEXIT(lines 1910 1963) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1947(lines 1947 1953) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1914(lines 1914 1960) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1943(lines 1943 1954) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1933(lines 1933 1939) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1929(lines 1929 1940) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point getClientKeyringPublicKeyFINAL(lines 1910 1963) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1919(lines 1919 1925) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1915(lines 1915 1926) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L451 ceAbstractionStarter]: At program point getClientKeyringPublicKeyENTRY(lines 1910 1963) the Hoare annotation is: true [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1942(lines 1942 1958) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L1928(lines 1928 1959) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point setEmailSignKeyEXIT(lines 808 823) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L815(lines 815 819) no Hoare annotation was computed. [2018-12-02 00:14:49,691 INFO L448 ceAbstractionStarter]: For program point L815-2(lines 808 823) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L448 ceAbstractionStarter]: For program point L812(lines 812 820) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L451 ceAbstractionStarter]: At program point setEmailSignKeyENTRY(lines 808 823) the Hoare annotation is: true [2018-12-02 00:14:49,695 INFO L448 ceAbstractionStarter]: For program point generateKeyPairFINAL(lines 356 365) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L451 ceAbstractionStarter]: At program point generateKeyPairENTRY(lines 356 365) the Hoare annotation is: true [2018-12-02 00:14:49,695 INFO L451 ceAbstractionStarter]: At program point L361(line 361) the Hoare annotation is: true [2018-12-02 00:14:49,695 INFO L448 ceAbstractionStarter]: For program point generateKeyPairEXIT(lines 356 365) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L444 ceAbstractionStarter]: At program point L2352(line 2352) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (<= |setup_chuck__wrappee__Base_#in~chuck___0| setup_chuck__wrappee__Base_~chuck___0) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (< ~rjh~0 2) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0)) (< ~chuck~0 3) (not (= 1 ~bob~0))) [2018-12-02 00:14:49,695 INFO L451 ceAbstractionStarter]: At program point setup_chuck__wrappee__BaseENTRY(lines 2347 2356) the Hoare annotation is: true [2018-12-02 00:14:49,695 INFO L448 ceAbstractionStarter]: For program point setup_chuck__wrappee__BaseFINAL(lines 2347 2356) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L448 ceAbstractionStarter]: For program point setup_chuck__wrappee__BaseEXIT(lines 2347 2356) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L448 ceAbstractionStarter]: For program point ULTIMATE.initFINAL(line -1) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L444 ceAbstractionStarter]: At program point ULTIMATE.initENTRY(line -1) the Hoare annotation is: (and (= |old(~__ste_email_isSigned0~0)| ~__ste_email_isSigned0~0) (= ~__ste_email_isEncrypted0~0 |old(~__ste_email_isEncrypted0~0)|)) [2018-12-02 00:14:49,695 INFO L448 ceAbstractionStarter]: For program point ULTIMATE.initEXIT(line -1) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L448 ceAbstractionStarter]: For program point chuckKeyAddRjhFINAL(lines 2516 2527) no Hoare annotation was computed. [2018-12-02 00:14:49,695 INFO L444 ceAbstractionStarter]: At program point L2522(line 2522) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,696 INFO L444 ceAbstractionStarter]: At program point chuckKeyAddRjhENTRY(lines 2516 2527) the Hoare annotation is: (let ((.cse0 (not (= 0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse1 (not (= 0 ~__ste_email_isEncrypted0~0))) (.cse2 (not (= ~queue_empty~0 1))) (.cse3 (not (= 0 ~__ste_email_isSigned0~0))) (.cse4 (< ~rjh~0 2)) (.cse5 (not (= ~__ste_email_to0~0 |old(~__ste_Client_Keyring0_User0~0)|))) (.cse6 (< ~chuck~0 3)) (.cse7 (not (= 1 ~bob~0)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (= |old(~__ste_Client_Keyring0_User0~0)| |old(~__ste_Client_Keyring0_User1~0)|)) .cse4 .cse5 .cse6 .cse7 (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0)) (or .cse0 .cse1 (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) .cse2 .cse3 .cse4 .cse5 .cse6 .cse7))) [2018-12-02 00:14:49,698 INFO L448 ceAbstractionStarter]: For program point L2521(line 2521) no Hoare annotation was computed. [2018-12-02 00:14:49,698 INFO L451 ceAbstractionStarter]: At program point L2522-1(line 2522) the Hoare annotation is: true [2018-12-02 00:14:49,698 INFO L448 ceAbstractionStarter]: For program point chuckKeyAddRjhEXIT(lines 2516 2527) no Hoare annotation was computed. [2018-12-02 00:14:49,698 INFO L448 ceAbstractionStarter]: For program point L2418-1(line 2418) no Hoare annotation was computed. [2018-12-02 00:14:49,698 INFO L448 ceAbstractionStarter]: For program point setupEXIT(lines 2402 2424) no Hoare annotation was computed. [2018-12-02 00:14:49,698 INFO L451 ceAbstractionStarter]: At program point setupENTRY(lines 2402 2424) the Hoare annotation is: true [2018-12-02 00:14:49,698 INFO L444 ceAbstractionStarter]: At program point L2414(line 2414) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0)) (and (= 1 ~bob~0) (<= 2 ~rjh~0))) [2018-12-02 00:14:49,699 INFO L448 ceAbstractionStarter]: For program point L2414-1(line 2414) no Hoare annotation was computed. [2018-12-02 00:14:49,699 INFO L448 ceAbstractionStarter]: For program point setupFINAL(lines 2402 2424) no Hoare annotation was computed. [2018-12-02 00:14:49,699 INFO L444 ceAbstractionStarter]: At program point L2410(line 2410) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (= 1 ~bob~0) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0))) [2018-12-02 00:14:49,699 INFO L448 ceAbstractionStarter]: For program point L2410-1(line 2410) no Hoare annotation was computed. [2018-12-02 00:14:49,699 INFO L444 ceAbstractionStarter]: At program point L2418(line 2418) the Hoare annotation is: (or (not (= 0 ~__ste_Client_Keyring0_User0~0)) (not (= 0 ~__ste_email_isEncrypted0~0)) (not (= ~queue_empty~0 1)) (not (= 0 ~__ste_email_isSigned0~0)) (not (= ~__ste_Client_Keyring0_User0~0 ~__ste_Client_Keyring0_User1~0)) (not (= ~__ste_email_to0~0 ~__ste_Client_Keyring0_User0~0)) (and (<= 3 ~chuck~0) (= 1 ~bob~0) (<= 2 ~rjh~0))) [2018-12-02 00:14:49,699 INFO L448 ceAbstractionStarter]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2018-12-02 00:14:49,699 INFO L444 ceAbstractionStarter]: At program point L-1(line -1) the Hoare annotation is: (and (= ~__ste_Client_Keyring0_User1~0 ~__ste_Client_Keyring0_User0~0) (= 0 ~__ste_email_isSigned0~0) (= 0 ~__ste_email_isEncrypted0~0) (= 0 ~__ste_Client_Keyring0_User0~0) (= ~__ste_Client_Keyring0_User0~0 ~__ste_email_to0~0) (= ~queue_empty~0 1)) [2018-12-02 00:14:49,699 INFO L451 ceAbstractionStarter]: At program point ULTIMATE.startENTRY(line -1) the Hoare annotation is: true [2018-12-02 00:14:49,699 INFO L448 ceAbstractionStarter]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point getEmailFromFINAL(lines 526 544) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point getEmailFromEXIT(lines 526 544) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L451 ceAbstractionStarter]: At program point getEmailFromENTRY(lines 526 544) the Hoare annotation is: true [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L534(lines 534 540) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L530(lines 530 541) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L1759(lines 1759 1763) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L1759-2(lines 1749 1768) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L1756(lines 1756 1764) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L1753(lines 1753 1765) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point setClientKeyringSizeEXIT(lines 1749 1768) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L451 ceAbstractionStarter]: At program point setClientKeyringSizeENTRY(lines 1749 1768) the Hoare annotation is: true [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L2144(lines 2144 2152) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L2147-2(lines 2137 2156) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L2141(lines 2141 2153) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point setClientIdEXIT(lines 2137 2156) no Hoare annotation was computed. [2018-12-02 00:14:49,706 INFO L451 ceAbstractionStarter]: At program point setClientIdENTRY(lines 2137 2156) the Hoare annotation is: true [2018-12-02 00:14:49,706 INFO L448 ceAbstractionStarter]: For program point L2147(lines 2147 2151) no Hoare annotation was computed. [2018-12-02 00:14:49,723 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 02.12 12:14:49 BoogieIcfgContainer [2018-12-02 00:14:49,723 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2018-12-02 00:14:49,724 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2018-12-02 00:14:49,724 INFO L271 PluginConnector]: Initializing Witness Printer... [2018-12-02 00:14:49,724 INFO L276 PluginConnector]: Witness Printer initialized [2018-12-02 00:14:49,724 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.12 12:13:45" (3/4) ... [2018-12-02 00:14:49,727 INFO L144 WitnessPrinter]: Generating witness for correct program [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure bobKeyChange [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isSigned [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure mail [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure valid_product [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure get_queued_client [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isKeyPairValid [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure sign [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure main [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure rjhKeyChange [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_rjh [2018-12-02 00:14:49,735 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailIsSigned [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientPrivateKey [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure rjhKeyAdd [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure bobToRjh [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_bob [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailEncryptionKey [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure select_features [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_bob__wrappee__Base [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailEncryptionKey [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing__wrappee__Keys [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure incoming [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure createEmail [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure rjhDeletePrivateKey [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure test [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailTo [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure get_queued_email [2018-12-02 00:14:49,736 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure incoming__wrappee__Sign [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientKeyringUser [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isReadable__wrappee__Keys [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __utac_acc__SignForward_spec__1 [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringUser [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailFrom [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isReadable [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __automaton_fail [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringPublicKey [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_rjh__wrappee__Base [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure select_helpers [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientId [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deliver [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure createClientKeyringEntry [2018-12-02 00:14:49,737 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_chuck [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure findPublicKey [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure outgoing__wrappee__Encrypt [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure sendEmail [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isEncrypted [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure verify [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailIsEncrypted [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure incoming__wrappee__Verify [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailSignKey [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientPrivateKey [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure chuckKeyAdd [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientKeyringSize [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailTo [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailIsSignatureVerified [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure is_queue_empty [2018-12-02 00:14:49,738 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure bobKeyAdd [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getClientKeyringPublicKey [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setEmailSignKey [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure generateKeyPair [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setup_chuck__wrappee__Base [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ULTIMATE.init [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure chuckKeyAddRjh [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setup [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure getEmailFrom [2018-12-02 00:14:49,739 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientKeyringSize [2018-12-02 00:14:49,740 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure setClientId [2018-12-02 00:14:49,753 INFO L905 BoogieBacktranslator]: Reduced CFG by removing 99 nodes and edges [2018-12-02 00:14:49,754 INFO L905 BoogieBacktranslator]: Reduced CFG by removing 48 nodes and edges [2018-12-02 00:14:49,755 INFO L905 BoogieBacktranslator]: Reduced CFG by removing 8 nodes and edges [2018-12-02 00:14:49,756 INFO L905 BoogieBacktranslator]: Reduced CFG by removing 4 nodes and edges [2018-12-02 00:14:49,756 INFO L905 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2018-12-02 00:14:49,781 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,781 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,781 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,781 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,781 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,781 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,782 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,782 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,782 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,782 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,782 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,783 WARN L221 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) [2018-12-02 00:14:49,856 INFO L145 WitnessManager]: Wrote witness to /tmp/vcloud-vcloud-master/worker/working_dir_fb989cd2-40ab-4939-9a46-955aed575b08/bin-2019/uautomizer/witness.graphml [2018-12-02 00:14:49,856 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2018-12-02 00:14:49,856 INFO L168 Benchmark]: Toolchain (without parser) took 66059.22 ms. Allocated memory was 1.0 GB in the beginning and 4.2 GB in the end (delta: 3.1 GB). Free memory was 956.0 MB in the beginning and 3.5 GB in the end (delta: -2.5 GB). Peak memory consumption was 614.0 MB. Max. memory is 11.5 GB. [2018-12-02 00:14:49,857 INFO L168 Benchmark]: CDTParser took 0.11 ms. Allocated memory is still 1.0 GB. Free memory is still 982.3 MB. There was no memory consumed. Max. memory is 11.5 GB. [2018-12-02 00:14:49,857 INFO L168 Benchmark]: CACSL2BoogieTranslator took 536.45 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 147.8 MB). Free memory was 956.0 MB in the beginning and 1.1 GB in the end (delta: -140.2 MB). Peak memory consumption was 42.3 MB. Max. memory is 11.5 GB. [2018-12-02 00:14:49,857 INFO L168 Benchmark]: Boogie Procedure Inliner took 27.83 ms. Allocated memory is still 1.2 GB. Free memory is still 1.1 GB. There was no memory consumed. Max. memory is 11.5 GB. [2018-12-02 00:14:49,857 INFO L168 Benchmark]: Boogie Preprocessor took 38.88 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 7.0 MB). Peak memory consumption was 7.0 MB. Max. memory is 11.5 GB. [2018-12-02 00:14:49,857 INFO L168 Benchmark]: RCFGBuilder took 707.06 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 946.4 MB in the end (delta: 142.8 MB). Peak memory consumption was 142.8 MB. Max. memory is 11.5 GB. [2018-12-02 00:14:49,857 INFO L168 Benchmark]: TraceAbstraction took 64613.64 ms. Allocated memory was 1.2 GB in the beginning and 4.2 GB in the end (delta: 3.0 GB). Free memory was 946.4 MB in the beginning and 3.5 GB in the end (delta: -2.6 GB). Peak memory consumption was 3.2 GB. Max. memory is 11.5 GB. [2018-12-02 00:14:49,858 INFO L168 Benchmark]: Witness Printer took 132.32 ms. Allocated memory is still 4.2 GB. Free memory was 3.5 GB in the beginning and 3.5 GB in the end (delta: 63.9 MB). Peak memory consumption was 63.9 MB. Max. memory is 11.5 GB. [2018-12-02 00:14:49,859 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.11 ms. Allocated memory is still 1.0 GB. Free memory is still 982.3 MB. There was no memory consumed. Max. memory is 11.5 GB. * CACSL2BoogieTranslator took 536.45 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 147.8 MB). Free memory was 956.0 MB in the beginning and 1.1 GB in the end (delta: -140.2 MB). Peak memory consumption was 42.3 MB. Max. memory is 11.5 GB. * Boogie Procedure Inliner took 27.83 ms. Allocated memory is still 1.2 GB. Free memory is still 1.1 GB. There was no memory consumed. Max. memory is 11.5 GB. * Boogie Preprocessor took 38.88 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 7.0 MB). Peak memory consumption was 7.0 MB. Max. memory is 11.5 GB. * RCFGBuilder took 707.06 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 946.4 MB in the end (delta: 142.8 MB). Peak memory consumption was 142.8 MB. Max. memory is 11.5 GB. * TraceAbstraction took 64613.64 ms. Allocated memory was 1.2 GB in the beginning and 4.2 GB in the end (delta: 3.0 GB). Free memory was 946.4 MB in the beginning and 3.5 GB in the end (delta: -2.6 GB). Peak memory consumption was 3.2 GB. Max. memory is 11.5 GB. * Witness Printer took 132.32 ms. Allocated memory is still 4.2 GB. Free memory was 3.5 GB in the beginning and 3.5 GB in the end (delta: 63.9 MB). Peak memory consumption was 63.9 MB. Max. memory is 11.5 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - PositiveResult [Line: 440]: call of __VERIFIER_error() unreachable For all program executions holds that call of __VERIFIER_error() unreachable at this location - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 956]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 1020]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 931]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 908]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 917]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 984]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 970]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 1034]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 942]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 1009]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 909]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - InvariantResult [Line: 995]: Loop Invariant Derived loop invariant: ((((((((!(0 == \old(__ste_Client_Keyring0_User0)) || !(0 == \old(__ste_email_isEncrypted0))) || !(queue_empty == 1)) || !(0 == \old(__ste_email_isSigned0))) || !(\old(__ste_Client_Keyring0_User0) == \old(__ste_Client_Keyring0_User1))) || (0 == __ste_email_isSigned0 && 0 == __ste_email_isEncrypted0)) || rjh < 2) || !(\old(__ste_email_to0) == \old(__ste_Client_Keyring0_User0))) || chuck < 3) || !(1 == bob) - StatisticsResult: Ultimate Automizer benchmark data CFG has 68 procedures, 469 locations, 1 error locations. SAFE Result, 64.5s OverallTime, 18 OverallIterations, 4 TraceHistogramMax, 20.7s AutomataDifference, 0.0s DeadEndRemovalTime, 32.2s HoareAnnotationTime, HoareTripleCheckerStatistics: 12439 SDtfs, 12224 SDslu, 105891 SDs, 0 SdLazy, 27443 SolverSat, 3856 SolverUnsat, 0 SolverUnknown, 0 SolverNotchecked, 10.5s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 2206 GetRequests, 1797 SyntacticMatches, 3 SemanticMatches, 406 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4685 ImplicationChecksByTransitivity, 3.3s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=54036occurred in iteration=14, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s AbstIntTime, 0 AbstIntIterations, 0 AbstIntStrong, NaN AbsIntWeakeningRatio, NaN AbsIntAvgWeakeningVarsNumRemoved, NaN AbsIntAvgWeakenedConjuncts, 0.0s DumpTime, AutomataMinimizationStatistics: 6.1s AutomataMinimizationTime, 18 MinimizatonAttempts, 12267 StatesRemovedByMinimization, 16 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 167 LocationsWithAnnotation, 65809 PreInvPairs, 75596 NumberOfFragments, 9534 HoareAnnotationTreeSize, 65809 FomulaSimplifications, 142340 FormulaSimplificationTreeSizeReduction, 5.8s HoareSimplificationTime, 167 FomulaSimplificationsInter, 438758 FormulaSimplificationTreeSizeReductionInter, 25.7s HoareSimplificationTimeInter, RefinementEngineStatistics: TraceCheckStatistics: 0.4s SsaConstructionTime, 1.3s SatisfiabilityAnalysisTime, 2.4s InterpolantComputationTime, 6235 NumberOfCodeBlocks, 6128 NumberOfCodeBlocksAsserted, 24 NumberOfCheckSat, 6211 ConstructedInterpolants, 0 QuantifiedInterpolants, 2213387 SizeOfPredicates, 23 NumberOfNonLiveVariables, 17081 ConjunctsInSsa, 46 ConjunctsInUnsatCore, 24 InterpolantComputations, 18 PerfectInterpolantSequences, 2028/2055 InterpolantCoveringCapability, InvariantSynthesisStatistics: No data available, InterpolantConsolidationStatistics: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be correct! Received shutdown request...