./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec0_product05.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec0_product05.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 74a12e124f66b10df64ef68155d31c3be83012aab827a45870f5335a6569b75a --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:51:50,513 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:51:50,515 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:51:50,558 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:51:50,558 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:51:50,561 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:51:50,563 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:51:50,567 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:51:50,569 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:51:50,570 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:51:50,571 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:51:50,571 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:51:50,572 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:51:50,573 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:51:50,574 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:51:50,575 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:51:50,575 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:51:50,576 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:51:50,577 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:51:50,579 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:51:50,580 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:51:50,587 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:51:50,598 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:51:50,599 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:51:50,606 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:51:50,607 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:51:50,607 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:51:50,608 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:51:50,608 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:51:50,609 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:51:50,610 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:51:50,610 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:51:50,612 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:51:50,613 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:51:50,614 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:51:50,614 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:51:50,614 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:51:50,615 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:51:50,615 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:51:50,616 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:51:50,616 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:51:50,617 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:51:50,653 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:51:50,654 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:51:50,654 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:51:50,654 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:51:50,658 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:51:50,658 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:51:50,659 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:51:50,659 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:51:50,659 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:51:50,659 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:51:50,660 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:51:50,661 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:51:50,661 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:51:50,661 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:51:50,661 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:51:50,661 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:51:50,661 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:51:50,662 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:51:50,662 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:51:50,662 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:51:50,662 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:51:50,662 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:51:50,662 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:51:50,663 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:51:50,663 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:51:50,663 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:51:50,663 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:51:50,664 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:51:50,664 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:51:50,665 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:51:50,665 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:51:50,665 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:51:50,665 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:51:50,665 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 74a12e124f66b10df64ef68155d31c3be83012aab827a45870f5335a6569b75a [2022-02-20 17:51:50,855 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:51:50,878 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:51:50,880 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:51:50,881 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:51:50,881 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:51:50,882 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec0_product05.cil.c [2022-02-20 17:51:50,932 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/310a4b25d/ae7d794fe84f4771b3d997dfdb63f658/FLAGd55f2e508 [2022-02-20 17:51:51,499 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:51:51,500 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product05.cil.c [2022-02-20 17:51:51,516 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/310a4b25d/ae7d794fe84f4771b3d997dfdb63f658/FLAGd55f2e508 [2022-02-20 17:51:51,761 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/310a4b25d/ae7d794fe84f4771b3d997dfdb63f658 [2022-02-20 17:51:51,764 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:51:51,766 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:51:51,768 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:51:51,768 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:51:51,770 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:51:51,771 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:51:51" (1/1) ... [2022-02-20 17:51:51,773 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5c1e3daf and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:51, skipping insertion in model container [2022-02-20 17:51:51,773 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:51:51" (1/1) ... [2022-02-20 17:51:51,778 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:51:51,835 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:51:52,041 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product05.cil.c[4289,4302] [2022-02-20 17:51:52,334 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:51:52,344 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:51:52,369 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_product05.cil.c[4289,4302] [2022-02-20 17:51:52,466 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:51:52,494 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:51:52,494 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52 WrapperNode [2022-02-20 17:51:52,494 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:51:52,496 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:51:52,496 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:51:52,496 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:51:52,502 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,536 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,591 INFO L137 Inliner]: procedures = 107, calls = 125, calls flagged for inlining = 37, calls inlined = 30, statements flattened = 580 [2022-02-20 17:51:52,596 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:51:52,597 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:51:52,597 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:51:52,597 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:51:52,604 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,604 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,616 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,617 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,652 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,658 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,660 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,663 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:51:52,664 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:51:52,664 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:51:52,664 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:51:52,666 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (1/1) ... [2022-02-20 17:51:52,687 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:51:52,697 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:51:52,707 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:51:52,711 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:51:52,741 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:51:52,742 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:51:52,742 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:51:52,742 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:51:52,742 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:51:52,742 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:51:52,742 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:51:52,743 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:51:52,744 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:51:52,744 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:51:52,745 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:51:52,746 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:51:52,746 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:51:52,746 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:51:52,746 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:51:52,747 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:51:52,747 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:51:52,747 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:51:52,747 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:51:52,909 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:51:52,924 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:51:53,496 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:51:53,503 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:51:53,503 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:51:53,504 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:51:53 BoogieIcfgContainer [2022-02-20 17:51:53,505 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:51:53,506 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:51:53,506 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:51:53,509 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:51:53,509 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:51:51" (1/3) ... [2022-02-20 17:51:53,509 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2ca0032f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:51:53, skipping insertion in model container [2022-02-20 17:51:53,510 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:51:52" (2/3) ... [2022-02-20 17:51:53,510 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2ca0032f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:51:53, skipping insertion in model container [2022-02-20 17:51:53,510 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:51:53" (3/3) ... [2022-02-20 17:51:53,511 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec0_product05.cil.c [2022-02-20 17:51:53,515 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:51:53,515 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:51:53,559 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:51:53,564 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:51:53,564 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:51:53,582 INFO L276 IsEmpty]: Start isEmpty. Operand has 131 states, 108 states have (on average 1.4814814814814814) internal successors, (160), 110 states have internal predecessors, (160), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (14), 14 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 17:51:53,590 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 76 [2022-02-20 17:51:53,590 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:51:53,590 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:51:53,591 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:51:53,595 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:51:53,595 INFO L85 PathProgramCache]: Analyzing trace with hash -222738457, now seen corresponding path program 1 times [2022-02-20 17:51:53,601 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:51:53,602 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [635947348] [2022-02-20 17:51:53,602 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:51:53,602 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:51:53,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:53,884 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:51:53,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:53,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:53,898 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:53,898 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:53,898 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {134#true} {134#true} #410#return; {134#true} is VALID [2022-02-20 17:51:53,901 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:51:53,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:53,941 INFO L290 TraceCheckUtils]: 0: Hoare triple {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {173#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:51:53,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {173#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {174#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:53,943 INFO L290 TraceCheckUtils]: 2: Hoare triple {174#(= |setClientId_#in~handle| 1)} assume true; {174#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:53,944 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {174#(= |setClientId_#in~handle| 1)} {140#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #412#return; {135#false} is VALID [2022-02-20 17:51:53,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:51:53,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:53,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:53,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:53,958 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:53,958 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {134#true} {135#false} #414#return; {135#false} is VALID [2022-02-20 17:51:53,966 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-02-20 17:51:53,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:53,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {175#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:53,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:53,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:53,982 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {134#true} {135#false} #404#return; {135#false} is VALID [2022-02-20 17:51:53,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 34 [2022-02-20 17:51:53,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:54,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {176#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,018 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,018 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,018 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {134#true} {135#false} #406#return; {135#false} is VALID [2022-02-20 17:51:54,019 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 45 [2022-02-20 17:51:54,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:54,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {175#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,028 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,028 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {134#true} {135#false} #392#return; {135#false} is VALID [2022-02-20 17:51:54,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 51 [2022-02-20 17:51:54,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:54,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {134#true} ~handle := #in~handle;havoc ~retValue_acc~4; {134#true} is VALID [2022-02-20 17:51:54,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {134#true} is VALID [2022-02-20 17:51:54,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {134#true} {135#false} #394#return; {135#false} is VALID [2022-02-20 17:51:54,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:51:54,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:54,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {176#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,050 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {134#true} {135#false} #396#return; {135#false} is VALID [2022-02-20 17:51:54,050 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:51:54,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:54,056 INFO L290 TraceCheckUtils]: 0: Hoare triple {134#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {134#true} is VALID [2022-02-20 17:51:54,056 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,056 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {134#true} {135#false} #398#return; {135#false} is VALID [2022-02-20 17:51:54,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {134#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {134#true} is VALID [2022-02-20 17:51:54,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {134#true} is VALID [2022-02-20 17:51:54,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {134#true} is VALID [2022-02-20 17:51:54,058 INFO L290 TraceCheckUtils]: 3: Hoare triple {134#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {134#true} is VALID [2022-02-20 17:51:54,059 INFO L290 TraceCheckUtils]: 4: Hoare triple {134#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {134#true} is VALID [2022-02-20 17:51:54,059 INFO L290 TraceCheckUtils]: 5: Hoare triple {134#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {134#true} is VALID [2022-02-20 17:51:54,065 INFO L272 TraceCheckUtils]: 6: Hoare triple {134#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:54,065 INFO L290 TraceCheckUtils]: 7: Hoare triple {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,065 INFO L290 TraceCheckUtils]: 8: Hoare triple {134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,066 INFO L290 TraceCheckUtils]: 9: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,066 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {134#true} {134#true} #410#return; {134#true} is VALID [2022-02-20 17:51:54,067 INFO L290 TraceCheckUtils]: 11: Hoare triple {134#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {140#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:51:54,069 INFO L272 TraceCheckUtils]: 12: Hoare triple {140#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:54,070 INFO L290 TraceCheckUtils]: 13: Hoare triple {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {173#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:51:54,070 INFO L290 TraceCheckUtils]: 14: Hoare triple {173#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {174#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:54,071 INFO L290 TraceCheckUtils]: 15: Hoare triple {174#(= |setClientId_#in~handle| 1)} assume true; {174#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:54,072 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {174#(= |setClientId_#in~handle| 1)} {140#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #412#return; {135#false} is VALID [2022-02-20 17:51:54,072 INFO L290 TraceCheckUtils]: 17: Hoare triple {135#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {135#false} is VALID [2022-02-20 17:51:54,072 INFO L272 TraceCheckUtils]: 18: Hoare triple {135#false} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:54,073 INFO L290 TraceCheckUtils]: 19: Hoare triple {172#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,073 INFO L290 TraceCheckUtils]: 20: Hoare triple {134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,073 INFO L290 TraceCheckUtils]: 21: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,073 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {134#true} {135#false} #414#return; {135#false} is VALID [2022-02-20 17:51:54,074 INFO L290 TraceCheckUtils]: 23: Hoare triple {135#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {135#false} is VALID [2022-02-20 17:51:54,074 INFO L290 TraceCheckUtils]: 24: Hoare triple {135#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {135#false} is VALID [2022-02-20 17:51:54,074 INFO L290 TraceCheckUtils]: 25: Hoare triple {135#false} assume false; {135#false} is VALID [2022-02-20 17:51:54,075 INFO L290 TraceCheckUtils]: 26: Hoare triple {135#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {135#false} is VALID [2022-02-20 17:51:54,075 INFO L272 TraceCheckUtils]: 27: Hoare triple {135#false} call sendEmail(~bob~0, ~rjh~0); {135#false} is VALID [2022-02-20 17:51:54,075 INFO L290 TraceCheckUtils]: 28: Hoare triple {135#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {135#false} is VALID [2022-02-20 17:51:54,087 INFO L272 TraceCheckUtils]: 29: Hoare triple {135#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {175#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:51:54,087 INFO L290 TraceCheckUtils]: 30: Hoare triple {175#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,087 INFO L290 TraceCheckUtils]: 31: Hoare triple {134#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,088 INFO L290 TraceCheckUtils]: 32: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,088 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {134#true} {135#false} #404#return; {135#false} is VALID [2022-02-20 17:51:54,088 INFO L272 TraceCheckUtils]: 34: Hoare triple {135#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {176#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:51:54,089 INFO L290 TraceCheckUtils]: 35: Hoare triple {176#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,089 INFO L290 TraceCheckUtils]: 36: Hoare triple {134#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,089 INFO L290 TraceCheckUtils]: 37: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,093 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {134#true} {135#false} #406#return; {135#false} is VALID [2022-02-20 17:51:54,093 INFO L290 TraceCheckUtils]: 39: Hoare triple {135#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {135#false} is VALID [2022-02-20 17:51:54,093 INFO L290 TraceCheckUtils]: 40: Hoare triple {135#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {135#false} is VALID [2022-02-20 17:51:54,094 INFO L272 TraceCheckUtils]: 41: Hoare triple {135#false} call outgoing(~sender#1, ~email~0#1); {135#false} is VALID [2022-02-20 17:51:54,094 INFO L290 TraceCheckUtils]: 42: Hoare triple {135#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {135#false} is VALID [2022-02-20 17:51:54,094 INFO L290 TraceCheckUtils]: 43: Hoare triple {135#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {135#false} is VALID [2022-02-20 17:51:54,094 INFO L290 TraceCheckUtils]: 44: Hoare triple {135#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {135#false} is VALID [2022-02-20 17:51:54,095 INFO L272 TraceCheckUtils]: 45: Hoare triple {135#false} call setEmailFrom(~msg#1, ~tmp~10#1); {175#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:51:54,095 INFO L290 TraceCheckUtils]: 46: Hoare triple {175#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,095 INFO L290 TraceCheckUtils]: 47: Hoare triple {134#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,095 INFO L290 TraceCheckUtils]: 48: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,095 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {134#true} {135#false} #392#return; {135#false} is VALID [2022-02-20 17:51:54,096 INFO L290 TraceCheckUtils]: 50: Hoare triple {135#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {135#false} is VALID [2022-02-20 17:51:54,096 INFO L272 TraceCheckUtils]: 51: Hoare triple {135#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {134#true} is VALID [2022-02-20 17:51:54,096 INFO L290 TraceCheckUtils]: 52: Hoare triple {134#true} ~handle := #in~handle;havoc ~retValue_acc~4; {134#true} is VALID [2022-02-20 17:51:54,096 INFO L290 TraceCheckUtils]: 53: Hoare triple {134#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {134#true} is VALID [2022-02-20 17:51:54,097 INFO L290 TraceCheckUtils]: 54: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,099 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {134#true} {135#false} #394#return; {135#false} is VALID [2022-02-20 17:51:54,099 INFO L290 TraceCheckUtils]: 56: Hoare triple {135#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {135#false} is VALID [2022-02-20 17:51:54,099 INFO L290 TraceCheckUtils]: 57: Hoare triple {135#false} assume { :end_inline_deliver } true; {135#false} is VALID [2022-02-20 17:51:54,099 INFO L290 TraceCheckUtils]: 58: Hoare triple {135#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {135#false} is VALID [2022-02-20 17:51:54,100 INFO L290 TraceCheckUtils]: 59: Hoare triple {135#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {135#false} is VALID [2022-02-20 17:51:54,100 INFO L290 TraceCheckUtils]: 60: Hoare triple {135#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {135#false} is VALID [2022-02-20 17:51:54,100 INFO L290 TraceCheckUtils]: 61: Hoare triple {135#false} assume 0 != incoming_~fwreceiver~0#1; {135#false} is VALID [2022-02-20 17:51:54,100 INFO L272 TraceCheckUtils]: 62: Hoare triple {135#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {176#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:51:54,101 INFO L290 TraceCheckUtils]: 63: Hoare triple {176#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,101 INFO L290 TraceCheckUtils]: 64: Hoare triple {134#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,101 INFO L290 TraceCheckUtils]: 65: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,101 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {134#true} {135#false} #396#return; {135#false} is VALID [2022-02-20 17:51:54,104 INFO L290 TraceCheckUtils]: 67: Hoare triple {135#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {135#false} is VALID [2022-02-20 17:51:54,104 INFO L272 TraceCheckUtils]: 68: Hoare triple {135#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {134#true} is VALID [2022-02-20 17:51:54,104 INFO L290 TraceCheckUtils]: 69: Hoare triple {134#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {134#true} is VALID [2022-02-20 17:51:54,105 INFO L290 TraceCheckUtils]: 70: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,105 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {134#true} {135#false} #398#return; {135#false} is VALID [2022-02-20 17:51:54,105 INFO L290 TraceCheckUtils]: 72: Hoare triple {135#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {135#false} is VALID [2022-02-20 17:51:54,105 INFO L290 TraceCheckUtils]: 73: Hoare triple {135#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {135#false} is VALID [2022-02-20 17:51:54,106 INFO L290 TraceCheckUtils]: 74: Hoare triple {135#false} assume !false; {135#false} is VALID [2022-02-20 17:51:54,106 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2022-02-20 17:51:54,108 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:51:54,108 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [635947348] [2022-02-20 17:51:54,109 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [635947348] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:51:54,109 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [376507134] [2022-02-20 17:51:54,109 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:51:54,109 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:51:54,110 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:51:54,115 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:51:54,145 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:51:54,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:54,393 INFO L263 TraceCheckSpWp]: Trace formula consists of 807 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:51:54,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:54,496 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:51:54,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {134#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {134#true} is VALID [2022-02-20 17:51:54,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {134#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {134#true} is VALID [2022-02-20 17:51:54,731 INFO L290 TraceCheckUtils]: 2: Hoare triple {134#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {134#true} is VALID [2022-02-20 17:51:54,731 INFO L290 TraceCheckUtils]: 3: Hoare triple {134#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {134#true} is VALID [2022-02-20 17:51:54,732 INFO L290 TraceCheckUtils]: 4: Hoare triple {134#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {134#true} is VALID [2022-02-20 17:51:54,733 INFO L290 TraceCheckUtils]: 5: Hoare triple {134#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {134#true} is VALID [2022-02-20 17:51:54,740 INFO L272 TraceCheckUtils]: 6: Hoare triple {134#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {134#true} is VALID [2022-02-20 17:51:54,741 INFO L290 TraceCheckUtils]: 7: Hoare triple {134#true} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,743 INFO L290 TraceCheckUtils]: 8: Hoare triple {134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,743 INFO L290 TraceCheckUtils]: 9: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,743 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {134#true} {134#true} #410#return; {134#true} is VALID [2022-02-20 17:51:54,744 INFO L290 TraceCheckUtils]: 11: Hoare triple {134#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {134#true} is VALID [2022-02-20 17:51:54,744 INFO L272 TraceCheckUtils]: 12: Hoare triple {134#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {134#true} is VALID [2022-02-20 17:51:54,744 INFO L290 TraceCheckUtils]: 13: Hoare triple {134#true} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,744 INFO L290 TraceCheckUtils]: 14: Hoare triple {134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,744 INFO L290 TraceCheckUtils]: 15: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,744 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {134#true} {134#true} #412#return; {134#true} is VALID [2022-02-20 17:51:54,745 INFO L290 TraceCheckUtils]: 17: Hoare triple {134#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {134#true} is VALID [2022-02-20 17:51:54,746 INFO L272 TraceCheckUtils]: 18: Hoare triple {134#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {134#true} is VALID [2022-02-20 17:51:54,746 INFO L290 TraceCheckUtils]: 19: Hoare triple {134#true} ~handle := #in~handle;~value := #in~value; {134#true} is VALID [2022-02-20 17:51:54,746 INFO L290 TraceCheckUtils]: 20: Hoare triple {134#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {134#true} is VALID [2022-02-20 17:51:54,747 INFO L290 TraceCheckUtils]: 21: Hoare triple {134#true} assume true; {134#true} is VALID [2022-02-20 17:51:54,747 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {134#true} {134#true} #414#return; {134#true} is VALID [2022-02-20 17:51:54,747 INFO L290 TraceCheckUtils]: 23: Hoare triple {134#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {134#true} is VALID [2022-02-20 17:51:54,747 INFO L290 TraceCheckUtils]: 24: Hoare triple {134#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {134#true} is VALID [2022-02-20 17:51:54,748 INFO L290 TraceCheckUtils]: 25: Hoare triple {134#true} assume false; {135#false} is VALID [2022-02-20 17:51:54,748 INFO L290 TraceCheckUtils]: 26: Hoare triple {135#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {135#false} is VALID [2022-02-20 17:51:54,748 INFO L272 TraceCheckUtils]: 27: Hoare triple {135#false} call sendEmail(~bob~0, ~rjh~0); {135#false} is VALID [2022-02-20 17:51:54,748 INFO L290 TraceCheckUtils]: 28: Hoare triple {135#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {135#false} is VALID [2022-02-20 17:51:54,748 INFO L272 TraceCheckUtils]: 29: Hoare triple {135#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {135#false} is VALID [2022-02-20 17:51:54,749 INFO L290 TraceCheckUtils]: 30: Hoare triple {135#false} ~handle := #in~handle;~value := #in~value; {135#false} is VALID [2022-02-20 17:51:54,749 INFO L290 TraceCheckUtils]: 31: Hoare triple {135#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {135#false} is VALID [2022-02-20 17:51:54,749 INFO L290 TraceCheckUtils]: 32: Hoare triple {135#false} assume true; {135#false} is VALID [2022-02-20 17:51:54,749 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {135#false} {135#false} #404#return; {135#false} is VALID [2022-02-20 17:51:54,749 INFO L272 TraceCheckUtils]: 34: Hoare triple {135#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {135#false} is VALID [2022-02-20 17:51:54,750 INFO L290 TraceCheckUtils]: 35: Hoare triple {135#false} ~handle := #in~handle;~value := #in~value; {135#false} is VALID [2022-02-20 17:51:54,750 INFO L290 TraceCheckUtils]: 36: Hoare triple {135#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {135#false} is VALID [2022-02-20 17:51:54,750 INFO L290 TraceCheckUtils]: 37: Hoare triple {135#false} assume true; {135#false} is VALID [2022-02-20 17:51:54,750 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {135#false} {135#false} #406#return; {135#false} is VALID [2022-02-20 17:51:54,750 INFO L290 TraceCheckUtils]: 39: Hoare triple {135#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {135#false} is VALID [2022-02-20 17:51:54,751 INFO L290 TraceCheckUtils]: 40: Hoare triple {135#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {135#false} is VALID [2022-02-20 17:51:54,751 INFO L272 TraceCheckUtils]: 41: Hoare triple {135#false} call outgoing(~sender#1, ~email~0#1); {135#false} is VALID [2022-02-20 17:51:54,751 INFO L290 TraceCheckUtils]: 42: Hoare triple {135#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {135#false} is VALID [2022-02-20 17:51:54,751 INFO L290 TraceCheckUtils]: 43: Hoare triple {135#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {135#false} is VALID [2022-02-20 17:51:54,752 INFO L290 TraceCheckUtils]: 44: Hoare triple {135#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {135#false} is VALID [2022-02-20 17:51:54,752 INFO L272 TraceCheckUtils]: 45: Hoare triple {135#false} call setEmailFrom(~msg#1, ~tmp~10#1); {135#false} is VALID [2022-02-20 17:51:54,752 INFO L290 TraceCheckUtils]: 46: Hoare triple {135#false} ~handle := #in~handle;~value := #in~value; {135#false} is VALID [2022-02-20 17:51:54,752 INFO L290 TraceCheckUtils]: 47: Hoare triple {135#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {135#false} is VALID [2022-02-20 17:51:54,752 INFO L290 TraceCheckUtils]: 48: Hoare triple {135#false} assume true; {135#false} is VALID [2022-02-20 17:51:54,753 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {135#false} {135#false} #392#return; {135#false} is VALID [2022-02-20 17:51:54,753 INFO L290 TraceCheckUtils]: 50: Hoare triple {135#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {135#false} is VALID [2022-02-20 17:51:54,761 INFO L272 TraceCheckUtils]: 51: Hoare triple {135#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {135#false} is VALID [2022-02-20 17:51:54,762 INFO L290 TraceCheckUtils]: 52: Hoare triple {135#false} ~handle := #in~handle;havoc ~retValue_acc~4; {135#false} is VALID [2022-02-20 17:51:54,762 INFO L290 TraceCheckUtils]: 53: Hoare triple {135#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {135#false} is VALID [2022-02-20 17:51:54,762 INFO L290 TraceCheckUtils]: 54: Hoare triple {135#false} assume true; {135#false} is VALID [2022-02-20 17:51:54,762 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {135#false} {135#false} #394#return; {135#false} is VALID [2022-02-20 17:51:54,762 INFO L290 TraceCheckUtils]: 56: Hoare triple {135#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {135#false} is VALID [2022-02-20 17:51:54,763 INFO L290 TraceCheckUtils]: 57: Hoare triple {135#false} assume { :end_inline_deliver } true; {135#false} is VALID [2022-02-20 17:51:54,763 INFO L290 TraceCheckUtils]: 58: Hoare triple {135#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {135#false} is VALID [2022-02-20 17:51:54,763 INFO L290 TraceCheckUtils]: 59: Hoare triple {135#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {135#false} is VALID [2022-02-20 17:51:54,763 INFO L290 TraceCheckUtils]: 60: Hoare triple {135#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {135#false} is VALID [2022-02-20 17:51:54,763 INFO L290 TraceCheckUtils]: 61: Hoare triple {135#false} assume 0 != incoming_~fwreceiver~0#1; {135#false} is VALID [2022-02-20 17:51:54,764 INFO L272 TraceCheckUtils]: 62: Hoare triple {135#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {135#false} is VALID [2022-02-20 17:51:54,764 INFO L290 TraceCheckUtils]: 63: Hoare triple {135#false} ~handle := #in~handle;~value := #in~value; {135#false} is VALID [2022-02-20 17:51:54,764 INFO L290 TraceCheckUtils]: 64: Hoare triple {135#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {135#false} is VALID [2022-02-20 17:51:54,764 INFO L290 TraceCheckUtils]: 65: Hoare triple {135#false} assume true; {135#false} is VALID [2022-02-20 17:51:54,764 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {135#false} {135#false} #396#return; {135#false} is VALID [2022-02-20 17:51:54,765 INFO L290 TraceCheckUtils]: 67: Hoare triple {135#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {135#false} is VALID [2022-02-20 17:51:54,765 INFO L272 TraceCheckUtils]: 68: Hoare triple {135#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {135#false} is VALID [2022-02-20 17:51:54,765 INFO L290 TraceCheckUtils]: 69: Hoare triple {135#false} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {135#false} is VALID [2022-02-20 17:51:54,765 INFO L290 TraceCheckUtils]: 70: Hoare triple {135#false} assume true; {135#false} is VALID [2022-02-20 17:51:54,765 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {135#false} {135#false} #398#return; {135#false} is VALID [2022-02-20 17:51:54,765 INFO L290 TraceCheckUtils]: 72: Hoare triple {135#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {135#false} is VALID [2022-02-20 17:51:54,766 INFO L290 TraceCheckUtils]: 73: Hoare triple {135#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {135#false} is VALID [2022-02-20 17:51:54,766 INFO L290 TraceCheckUtils]: 74: Hoare triple {135#false} assume !false; {135#false} is VALID [2022-02-20 17:51:54,766 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 20 trivial. 0 not checked. [2022-02-20 17:51:54,766 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:51:54,767 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [376507134] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:51:54,767 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:51:54,767 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [8] total 8 [2022-02-20 17:51:54,769 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1294811216] [2022-02-20 17:51:54,770 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:51:54,774 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 21.5) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 75 [2022-02-20 17:51:54,776 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:51:54,778 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 21.5) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:54,848 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:51:54,848 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:51:54,848 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:51:54,865 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:51:54,865 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:51:54,868 INFO L87 Difference]: Start difference. First operand has 131 states, 108 states have (on average 1.4814814814814814) internal successors, (160), 110 states have internal predecessors, (160), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (14), 14 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 21.5) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:55,042 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:55,043 INFO L93 Difference]: Finished difference Result 212 states and 295 transitions. [2022-02-20 17:51:55,043 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:51:55,043 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 21.5) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 75 [2022-02-20 17:51:55,044 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:51:55,045 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 21.5) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:55,058 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 295 transitions. [2022-02-20 17:51:55,058 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 21.5) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:55,065 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 295 transitions. [2022-02-20 17:51:55,066 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 295 transitions. [2022-02-20 17:51:55,339 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 295 edges. 295 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:51:55,353 INFO L225 Difference]: With dead ends: 212 [2022-02-20 17:51:55,355 INFO L226 Difference]: Without dead ends: 124 [2022-02-20 17:51:55,358 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 96 GetRequests, 90 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:51:55,363 INFO L933 BasicCegarLoop]: 184 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 184 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:51:55,365 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 184 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:51:55,381 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 124 states. [2022-02-20 17:51:55,401 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 124 to 124. [2022-02-20 17:51:55,402 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:51:55,403 INFO L82 GeneralOperation]: Start isEquivalent. First operand 124 states. Second operand has 124 states, 102 states have (on average 1.4607843137254901) internal successors, (149), 103 states have internal predecessors, (149), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 17:51:55,406 INFO L74 IsIncluded]: Start isIncluded. First operand 124 states. Second operand has 124 states, 102 states have (on average 1.4607843137254901) internal successors, (149), 103 states have internal predecessors, (149), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 17:51:55,408 INFO L87 Difference]: Start difference. First operand 124 states. Second operand has 124 states, 102 states have (on average 1.4607843137254901) internal successors, (149), 103 states have internal predecessors, (149), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 17:51:55,421 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:55,421 INFO L93 Difference]: Finished difference Result 124 states and 176 transitions. [2022-02-20 17:51:55,421 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 176 transitions. [2022-02-20 17:51:55,427 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:51:55,427 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:51:55,428 INFO L74 IsIncluded]: Start isIncluded. First operand has 124 states, 102 states have (on average 1.4607843137254901) internal successors, (149), 103 states have internal predecessors, (149), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) Second operand 124 states. [2022-02-20 17:51:55,428 INFO L87 Difference]: Start difference. First operand has 124 states, 102 states have (on average 1.4607843137254901) internal successors, (149), 103 states have internal predecessors, (149), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) Second operand 124 states. [2022-02-20 17:51:55,436 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:55,436 INFO L93 Difference]: Finished difference Result 124 states and 176 transitions. [2022-02-20 17:51:55,437 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 176 transitions. [2022-02-20 17:51:55,437 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:51:55,438 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:51:55,438 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:51:55,438 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:51:55,439 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 102 states have (on average 1.4607843137254901) internal successors, (149), 103 states have internal predecessors, (149), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 17:51:55,445 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 176 transitions. [2022-02-20 17:51:55,446 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 176 transitions. Word has length 75 [2022-02-20 17:51:55,446 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:51:55,446 INFO L470 AbstractCegarLoop]: Abstraction has 124 states and 176 transitions. [2022-02-20 17:51:55,447 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 21.5) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:55,447 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 176 transitions. [2022-02-20 17:51:55,449 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 77 [2022-02-20 17:51:55,449 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:51:55,449 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:51:55,469 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:51:55,656 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:51:55,657 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:51:55,657 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:51:55,657 INFO L85 PathProgramCache]: Analyzing trace with hash 61296615, now seen corresponding path program 1 times [2022-02-20 17:51:55,658 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:51:55,658 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [85392571] [2022-02-20 17:51:55,658 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:51:55,658 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:51:55,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,743 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:51:55,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,752 INFO L290 TraceCheckUtils]: 0: Hoare triple {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,752 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,753 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,753 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1142#true} {1142#true} #410#return; {1142#true} is VALID [2022-02-20 17:51:55,753 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:51:55,762 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,783 INFO L290 TraceCheckUtils]: 0: Hoare triple {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1181#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:51:55,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {1181#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1182#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:55,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {1182#(= |setClientId_#in~handle| 1)} assume true; {1182#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:55,785 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1182#(= |setClientId_#in~handle| 1)} {1148#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #412#return; {1143#false} is VALID [2022-02-20 17:51:55,786 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:51:55,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,792 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,793 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1142#true} {1143#false} #414#return; {1143#false} is VALID [2022-02-20 17:51:55,799 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:51:55,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,804 INFO L290 TraceCheckUtils]: 0: Hoare triple {1183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,804 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,805 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1142#true} {1143#false} #404#return; {1143#false} is VALID [2022-02-20 17:51:55,814 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2022-02-20 17:51:55,815 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {1184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,819 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,819 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1142#true} {1143#false} #406#return; {1143#false} is VALID [2022-02-20 17:51:55,819 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2022-02-20 17:51:55,820 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,823 INFO L290 TraceCheckUtils]: 0: Hoare triple {1183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,824 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,824 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,824 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1142#true} {1143#false} #392#return; {1143#false} is VALID [2022-02-20 17:51:55,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:51:55,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,828 INFO L290 TraceCheckUtils]: 0: Hoare triple {1142#true} ~handle := #in~handle;havoc ~retValue_acc~4; {1142#true} is VALID [2022-02-20 17:51:55,828 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {1142#true} is VALID [2022-02-20 17:51:55,828 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,828 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1142#true} {1143#false} #394#return; {1143#false} is VALID [2022-02-20 17:51:55,828 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:51:55,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,833 INFO L290 TraceCheckUtils]: 0: Hoare triple {1184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,833 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,833 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,834 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1142#true} {1143#false} #396#return; {1143#false} is VALID [2022-02-20 17:51:55,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:51:55,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:55,838 INFO L290 TraceCheckUtils]: 0: Hoare triple {1142#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {1142#true} is VALID [2022-02-20 17:51:55,838 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,838 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1142#true} {1143#false} #398#return; {1143#false} is VALID [2022-02-20 17:51:55,839 INFO L290 TraceCheckUtils]: 0: Hoare triple {1142#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {1142#true} is VALID [2022-02-20 17:51:55,839 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {1142#true} is VALID [2022-02-20 17:51:55,839 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1142#true} is VALID [2022-02-20 17:51:55,839 INFO L290 TraceCheckUtils]: 3: Hoare triple {1142#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {1142#true} is VALID [2022-02-20 17:51:55,839 INFO L290 TraceCheckUtils]: 4: Hoare triple {1142#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {1142#true} is VALID [2022-02-20 17:51:55,840 INFO L290 TraceCheckUtils]: 5: Hoare triple {1142#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {1142#true} is VALID [2022-02-20 17:51:55,841 INFO L272 TraceCheckUtils]: 6: Hoare triple {1142#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:55,841 INFO L290 TraceCheckUtils]: 7: Hoare triple {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,841 INFO L290 TraceCheckUtils]: 8: Hoare triple {1142#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,841 INFO L290 TraceCheckUtils]: 9: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,841 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {1142#true} {1142#true} #410#return; {1142#true} is VALID [2022-02-20 17:51:55,842 INFO L290 TraceCheckUtils]: 11: Hoare triple {1142#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {1148#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:51:55,843 INFO L272 TraceCheckUtils]: 12: Hoare triple {1148#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:55,843 INFO L290 TraceCheckUtils]: 13: Hoare triple {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1181#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:51:55,844 INFO L290 TraceCheckUtils]: 14: Hoare triple {1181#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1182#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:55,844 INFO L290 TraceCheckUtils]: 15: Hoare triple {1182#(= |setClientId_#in~handle| 1)} assume true; {1182#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:55,845 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {1182#(= |setClientId_#in~handle| 1)} {1148#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #412#return; {1143#false} is VALID [2022-02-20 17:51:55,845 INFO L290 TraceCheckUtils]: 17: Hoare triple {1143#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {1143#false} is VALID [2022-02-20 17:51:55,845 INFO L272 TraceCheckUtils]: 18: Hoare triple {1143#false} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:55,846 INFO L290 TraceCheckUtils]: 19: Hoare triple {1180#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,846 INFO L290 TraceCheckUtils]: 20: Hoare triple {1142#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,846 INFO L290 TraceCheckUtils]: 21: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,846 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1142#true} {1143#false} #414#return; {1143#false} is VALID [2022-02-20 17:51:55,846 INFO L290 TraceCheckUtils]: 23: Hoare triple {1143#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {1143#false} is VALID [2022-02-20 17:51:55,847 INFO L290 TraceCheckUtils]: 24: Hoare triple {1143#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {1143#false} is VALID [2022-02-20 17:51:55,847 INFO L290 TraceCheckUtils]: 25: Hoare triple {1143#false} assume !false; {1143#false} is VALID [2022-02-20 17:51:55,847 INFO L290 TraceCheckUtils]: 26: Hoare triple {1143#false} assume !(test_~splverifierCounter~0#1 < 4); {1143#false} is VALID [2022-02-20 17:51:55,847 INFO L290 TraceCheckUtils]: 27: Hoare triple {1143#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {1143#false} is VALID [2022-02-20 17:51:55,847 INFO L272 TraceCheckUtils]: 28: Hoare triple {1143#false} call sendEmail(~bob~0, ~rjh~0); {1143#false} is VALID [2022-02-20 17:51:55,848 INFO L290 TraceCheckUtils]: 29: Hoare triple {1143#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {1143#false} is VALID [2022-02-20 17:51:55,848 INFO L272 TraceCheckUtils]: 30: Hoare triple {1143#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {1183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:51:55,848 INFO L290 TraceCheckUtils]: 31: Hoare triple {1183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,848 INFO L290 TraceCheckUtils]: 32: Hoare triple {1142#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,848 INFO L290 TraceCheckUtils]: 33: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,849 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {1142#true} {1143#false} #404#return; {1143#false} is VALID [2022-02-20 17:51:55,849 INFO L272 TraceCheckUtils]: 35: Hoare triple {1143#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {1184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:51:55,849 INFO L290 TraceCheckUtils]: 36: Hoare triple {1184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,849 INFO L290 TraceCheckUtils]: 37: Hoare triple {1142#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,849 INFO L290 TraceCheckUtils]: 38: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,850 INFO L284 TraceCheckUtils]: 39: Hoare quadruple {1142#true} {1143#false} #406#return; {1143#false} is VALID [2022-02-20 17:51:55,850 INFO L290 TraceCheckUtils]: 40: Hoare triple {1143#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {1143#false} is VALID [2022-02-20 17:51:55,850 INFO L290 TraceCheckUtils]: 41: Hoare triple {1143#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {1143#false} is VALID [2022-02-20 17:51:55,850 INFO L272 TraceCheckUtils]: 42: Hoare triple {1143#false} call outgoing(~sender#1, ~email~0#1); {1143#false} is VALID [2022-02-20 17:51:55,850 INFO L290 TraceCheckUtils]: 43: Hoare triple {1143#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {1143#false} is VALID [2022-02-20 17:51:55,851 INFO L290 TraceCheckUtils]: 44: Hoare triple {1143#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {1143#false} is VALID [2022-02-20 17:51:55,851 INFO L290 TraceCheckUtils]: 45: Hoare triple {1143#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {1143#false} is VALID [2022-02-20 17:51:55,851 INFO L272 TraceCheckUtils]: 46: Hoare triple {1143#false} call setEmailFrom(~msg#1, ~tmp~10#1); {1183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:51:55,851 INFO L290 TraceCheckUtils]: 47: Hoare triple {1183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,851 INFO L290 TraceCheckUtils]: 48: Hoare triple {1142#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,852 INFO L290 TraceCheckUtils]: 49: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,852 INFO L284 TraceCheckUtils]: 50: Hoare quadruple {1142#true} {1143#false} #392#return; {1143#false} is VALID [2022-02-20 17:51:55,852 INFO L290 TraceCheckUtils]: 51: Hoare triple {1143#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {1143#false} is VALID [2022-02-20 17:51:55,852 INFO L272 TraceCheckUtils]: 52: Hoare triple {1143#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {1142#true} is VALID [2022-02-20 17:51:55,852 INFO L290 TraceCheckUtils]: 53: Hoare triple {1142#true} ~handle := #in~handle;havoc ~retValue_acc~4; {1142#true} is VALID [2022-02-20 17:51:55,853 INFO L290 TraceCheckUtils]: 54: Hoare triple {1142#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {1142#true} is VALID [2022-02-20 17:51:55,853 INFO L290 TraceCheckUtils]: 55: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,853 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {1142#true} {1143#false} #394#return; {1143#false} is VALID [2022-02-20 17:51:55,853 INFO L290 TraceCheckUtils]: 57: Hoare triple {1143#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {1143#false} is VALID [2022-02-20 17:51:55,853 INFO L290 TraceCheckUtils]: 58: Hoare triple {1143#false} assume { :end_inline_deliver } true; {1143#false} is VALID [2022-02-20 17:51:55,853 INFO L290 TraceCheckUtils]: 59: Hoare triple {1143#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {1143#false} is VALID [2022-02-20 17:51:55,854 INFO L290 TraceCheckUtils]: 60: Hoare triple {1143#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {1143#false} is VALID [2022-02-20 17:51:55,854 INFO L290 TraceCheckUtils]: 61: Hoare triple {1143#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {1143#false} is VALID [2022-02-20 17:51:55,854 INFO L290 TraceCheckUtils]: 62: Hoare triple {1143#false} assume 0 != incoming_~fwreceiver~0#1; {1143#false} is VALID [2022-02-20 17:51:55,854 INFO L272 TraceCheckUtils]: 63: Hoare triple {1143#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {1184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:51:55,854 INFO L290 TraceCheckUtils]: 64: Hoare triple {1184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:55,855 INFO L290 TraceCheckUtils]: 65: Hoare triple {1142#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:55,855 INFO L290 TraceCheckUtils]: 66: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,855 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {1142#true} {1143#false} #396#return; {1143#false} is VALID [2022-02-20 17:51:55,855 INFO L290 TraceCheckUtils]: 68: Hoare triple {1143#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {1143#false} is VALID [2022-02-20 17:51:55,855 INFO L272 TraceCheckUtils]: 69: Hoare triple {1143#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {1142#true} is VALID [2022-02-20 17:51:55,856 INFO L290 TraceCheckUtils]: 70: Hoare triple {1142#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {1142#true} is VALID [2022-02-20 17:51:55,856 INFO L290 TraceCheckUtils]: 71: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:55,856 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {1142#true} {1143#false} #398#return; {1143#false} is VALID [2022-02-20 17:51:55,856 INFO L290 TraceCheckUtils]: 73: Hoare triple {1143#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {1143#false} is VALID [2022-02-20 17:51:55,856 INFO L290 TraceCheckUtils]: 74: Hoare triple {1143#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {1143#false} is VALID [2022-02-20 17:51:55,856 INFO L290 TraceCheckUtils]: 75: Hoare triple {1143#false} assume !false; {1143#false} is VALID [2022-02-20 17:51:55,857 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2022-02-20 17:51:55,857 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:51:55,857 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [85392571] [2022-02-20 17:51:55,858 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [85392571] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:51:55,858 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1267609079] [2022-02-20 17:51:55,858 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:51:55,858 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:51:55,858 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:51:55,860 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:51:55,886 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:51:56,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:56,069 INFO L263 TraceCheckSpWp]: Trace formula consists of 808 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:51:56,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:56,124 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:51:56,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {1142#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {1142#true} is VALID [2022-02-20 17:51:56,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {1142#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {1142#true} is VALID [2022-02-20 17:51:56,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {1142#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1142#true} is VALID [2022-02-20 17:51:56,289 INFO L290 TraceCheckUtils]: 3: Hoare triple {1142#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {1142#true} is VALID [2022-02-20 17:51:56,290 INFO L290 TraceCheckUtils]: 4: Hoare triple {1142#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {1142#true} is VALID [2022-02-20 17:51:56,290 INFO L290 TraceCheckUtils]: 5: Hoare triple {1142#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {1142#true} is VALID [2022-02-20 17:51:56,290 INFO L272 TraceCheckUtils]: 6: Hoare triple {1142#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {1142#true} is VALID [2022-02-20 17:51:56,290 INFO L290 TraceCheckUtils]: 7: Hoare triple {1142#true} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:56,290 INFO L290 TraceCheckUtils]: 8: Hoare triple {1142#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:56,291 INFO L290 TraceCheckUtils]: 9: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:56,291 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {1142#true} {1142#true} #410#return; {1142#true} is VALID [2022-02-20 17:51:56,291 INFO L290 TraceCheckUtils]: 11: Hoare triple {1142#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {1142#true} is VALID [2022-02-20 17:51:56,291 INFO L272 TraceCheckUtils]: 12: Hoare triple {1142#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {1142#true} is VALID [2022-02-20 17:51:56,291 INFO L290 TraceCheckUtils]: 13: Hoare triple {1142#true} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:56,291 INFO L290 TraceCheckUtils]: 14: Hoare triple {1142#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:56,292 INFO L290 TraceCheckUtils]: 15: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:56,292 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {1142#true} {1142#true} #412#return; {1142#true} is VALID [2022-02-20 17:51:56,292 INFO L290 TraceCheckUtils]: 17: Hoare triple {1142#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {1142#true} is VALID [2022-02-20 17:51:56,292 INFO L272 TraceCheckUtils]: 18: Hoare triple {1142#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {1142#true} is VALID [2022-02-20 17:51:56,292 INFO L290 TraceCheckUtils]: 19: Hoare triple {1142#true} ~handle := #in~handle;~value := #in~value; {1142#true} is VALID [2022-02-20 17:51:56,292 INFO L290 TraceCheckUtils]: 20: Hoare triple {1142#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1142#true} is VALID [2022-02-20 17:51:56,293 INFO L290 TraceCheckUtils]: 21: Hoare triple {1142#true} assume true; {1142#true} is VALID [2022-02-20 17:51:56,293 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1142#true} {1142#true} #414#return; {1142#true} is VALID [2022-02-20 17:51:56,293 INFO L290 TraceCheckUtils]: 23: Hoare triple {1142#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {1142#true} is VALID [2022-02-20 17:51:56,294 INFO L290 TraceCheckUtils]: 24: Hoare triple {1142#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {1260#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:51:56,294 INFO L290 TraceCheckUtils]: 25: Hoare triple {1260#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {1260#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:51:56,295 INFO L290 TraceCheckUtils]: 26: Hoare triple {1260#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {1143#false} is VALID [2022-02-20 17:51:56,295 INFO L290 TraceCheckUtils]: 27: Hoare triple {1143#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {1143#false} is VALID [2022-02-20 17:51:56,295 INFO L272 TraceCheckUtils]: 28: Hoare triple {1143#false} call sendEmail(~bob~0, ~rjh~0); {1143#false} is VALID [2022-02-20 17:51:56,295 INFO L290 TraceCheckUtils]: 29: Hoare triple {1143#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {1143#false} is VALID [2022-02-20 17:51:56,295 INFO L272 TraceCheckUtils]: 30: Hoare triple {1143#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {1143#false} is VALID [2022-02-20 17:51:56,295 INFO L290 TraceCheckUtils]: 31: Hoare triple {1143#false} ~handle := #in~handle;~value := #in~value; {1143#false} is VALID [2022-02-20 17:51:56,296 INFO L290 TraceCheckUtils]: 32: Hoare triple {1143#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1143#false} is VALID [2022-02-20 17:51:56,296 INFO L290 TraceCheckUtils]: 33: Hoare triple {1143#false} assume true; {1143#false} is VALID [2022-02-20 17:51:56,296 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {1143#false} {1143#false} #404#return; {1143#false} is VALID [2022-02-20 17:51:56,296 INFO L272 TraceCheckUtils]: 35: Hoare triple {1143#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {1143#false} is VALID [2022-02-20 17:51:56,296 INFO L290 TraceCheckUtils]: 36: Hoare triple {1143#false} ~handle := #in~handle;~value := #in~value; {1143#false} is VALID [2022-02-20 17:51:56,296 INFO L290 TraceCheckUtils]: 37: Hoare triple {1143#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {1143#false} is VALID [2022-02-20 17:51:56,297 INFO L290 TraceCheckUtils]: 38: Hoare triple {1143#false} assume true; {1143#false} is VALID [2022-02-20 17:51:56,297 INFO L284 TraceCheckUtils]: 39: Hoare quadruple {1143#false} {1143#false} #406#return; {1143#false} is VALID [2022-02-20 17:51:56,297 INFO L290 TraceCheckUtils]: 40: Hoare triple {1143#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {1143#false} is VALID [2022-02-20 17:51:56,297 INFO L290 TraceCheckUtils]: 41: Hoare triple {1143#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {1143#false} is VALID [2022-02-20 17:51:56,297 INFO L272 TraceCheckUtils]: 42: Hoare triple {1143#false} call outgoing(~sender#1, ~email~0#1); {1143#false} is VALID [2022-02-20 17:51:56,297 INFO L290 TraceCheckUtils]: 43: Hoare triple {1143#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {1143#false} is VALID [2022-02-20 17:51:56,298 INFO L290 TraceCheckUtils]: 44: Hoare triple {1143#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {1143#false} is VALID [2022-02-20 17:51:56,298 INFO L290 TraceCheckUtils]: 45: Hoare triple {1143#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {1143#false} is VALID [2022-02-20 17:51:56,298 INFO L272 TraceCheckUtils]: 46: Hoare triple {1143#false} call setEmailFrom(~msg#1, ~tmp~10#1); {1143#false} is VALID [2022-02-20 17:51:56,298 INFO L290 TraceCheckUtils]: 47: Hoare triple {1143#false} ~handle := #in~handle;~value := #in~value; {1143#false} is VALID [2022-02-20 17:51:56,298 INFO L290 TraceCheckUtils]: 48: Hoare triple {1143#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1143#false} is VALID [2022-02-20 17:51:56,298 INFO L290 TraceCheckUtils]: 49: Hoare triple {1143#false} assume true; {1143#false} is VALID [2022-02-20 17:51:56,299 INFO L284 TraceCheckUtils]: 50: Hoare quadruple {1143#false} {1143#false} #392#return; {1143#false} is VALID [2022-02-20 17:51:56,299 INFO L290 TraceCheckUtils]: 51: Hoare triple {1143#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {1143#false} is VALID [2022-02-20 17:51:56,299 INFO L272 TraceCheckUtils]: 52: Hoare triple {1143#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {1143#false} is VALID [2022-02-20 17:51:56,299 INFO L290 TraceCheckUtils]: 53: Hoare triple {1143#false} ~handle := #in~handle;havoc ~retValue_acc~4; {1143#false} is VALID [2022-02-20 17:51:56,299 INFO L290 TraceCheckUtils]: 54: Hoare triple {1143#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {1143#false} is VALID [2022-02-20 17:51:56,299 INFO L290 TraceCheckUtils]: 55: Hoare triple {1143#false} assume true; {1143#false} is VALID [2022-02-20 17:51:56,300 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {1143#false} {1143#false} #394#return; {1143#false} is VALID [2022-02-20 17:51:56,300 INFO L290 TraceCheckUtils]: 57: Hoare triple {1143#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {1143#false} is VALID [2022-02-20 17:51:56,300 INFO L290 TraceCheckUtils]: 58: Hoare triple {1143#false} assume { :end_inline_deliver } true; {1143#false} is VALID [2022-02-20 17:51:56,300 INFO L290 TraceCheckUtils]: 59: Hoare triple {1143#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {1143#false} is VALID [2022-02-20 17:51:56,300 INFO L290 TraceCheckUtils]: 60: Hoare triple {1143#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {1143#false} is VALID [2022-02-20 17:51:56,300 INFO L290 TraceCheckUtils]: 61: Hoare triple {1143#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {1143#false} is VALID [2022-02-20 17:51:56,301 INFO L290 TraceCheckUtils]: 62: Hoare triple {1143#false} assume 0 != incoming_~fwreceiver~0#1; {1143#false} is VALID [2022-02-20 17:51:56,301 INFO L272 TraceCheckUtils]: 63: Hoare triple {1143#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {1143#false} is VALID [2022-02-20 17:51:56,301 INFO L290 TraceCheckUtils]: 64: Hoare triple {1143#false} ~handle := #in~handle;~value := #in~value; {1143#false} is VALID [2022-02-20 17:51:56,301 INFO L290 TraceCheckUtils]: 65: Hoare triple {1143#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {1143#false} is VALID [2022-02-20 17:51:56,301 INFO L290 TraceCheckUtils]: 66: Hoare triple {1143#false} assume true; {1143#false} is VALID [2022-02-20 17:51:56,301 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {1143#false} {1143#false} #396#return; {1143#false} is VALID [2022-02-20 17:51:56,302 INFO L290 TraceCheckUtils]: 68: Hoare triple {1143#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {1143#false} is VALID [2022-02-20 17:51:56,302 INFO L272 TraceCheckUtils]: 69: Hoare triple {1143#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {1143#false} is VALID [2022-02-20 17:51:56,302 INFO L290 TraceCheckUtils]: 70: Hoare triple {1143#false} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {1143#false} is VALID [2022-02-20 17:51:56,302 INFO L290 TraceCheckUtils]: 71: Hoare triple {1143#false} assume true; {1143#false} is VALID [2022-02-20 17:51:56,302 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {1143#false} {1143#false} #398#return; {1143#false} is VALID [2022-02-20 17:51:56,302 INFO L290 TraceCheckUtils]: 73: Hoare triple {1143#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {1143#false} is VALID [2022-02-20 17:51:56,303 INFO L290 TraceCheckUtils]: 74: Hoare triple {1143#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {1143#false} is VALID [2022-02-20 17:51:56,303 INFO L290 TraceCheckUtils]: 75: Hoare triple {1143#false} assume !false; {1143#false} is VALID [2022-02-20 17:51:56,303 INFO L134 CoverageAnalysis]: Checked inductivity of 20 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 20 trivial. 0 not checked. [2022-02-20 17:51:56,303 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:51:56,303 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1267609079] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:51:56,304 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:51:56,304 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 17:51:56,304 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1050196888] [2022-02-20 17:51:56,304 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:51:56,305 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 76 [2022-02-20 17:51:56,306 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:51:56,306 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:56,369 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 64 edges. 64 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:51:56,370 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:51:56,370 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:51:56,371 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:51:56,371 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:51:56,371 INFO L87 Difference]: Start difference. First operand 124 states and 176 transitions. Second operand has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:56,597 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:56,597 INFO L93 Difference]: Finished difference Result 202 states and 276 transitions. [2022-02-20 17:51:56,597 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:51:56,598 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 76 [2022-02-20 17:51:56,599 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:51:56,599 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:56,604 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 276 transitions. [2022-02-20 17:51:56,605 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:56,608 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 276 transitions. [2022-02-20 17:51:56,609 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 276 transitions. [2022-02-20 17:51:56,828 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 276 edges. 276 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:51:56,832 INFO L225 Difference]: With dead ends: 202 [2022-02-20 17:51:56,832 INFO L226 Difference]: Without dead ends: 127 [2022-02-20 17:51:56,833 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 97 GetRequests, 90 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:51:56,834 INFO L933 BasicCegarLoop]: 174 mSDtfsCounter, 1 mSDsluCounter, 172 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 346 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:51:56,835 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 346 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:51:56,835 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 127 states. [2022-02-20 17:51:56,843 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 127 to 126. [2022-02-20 17:51:56,843 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:51:56,844 INFO L82 GeneralOperation]: Start isEquivalent. First operand 127 states. Second operand has 126 states, 104 states have (on average 1.4519230769230769) internal successors, (151), 105 states have internal predecessors, (151), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 17:51:56,844 INFO L74 IsIncluded]: Start isIncluded. First operand 127 states. Second operand has 126 states, 104 states have (on average 1.4519230769230769) internal successors, (151), 105 states have internal predecessors, (151), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 17:51:56,845 INFO L87 Difference]: Start difference. First operand 127 states. Second operand has 126 states, 104 states have (on average 1.4519230769230769) internal successors, (151), 105 states have internal predecessors, (151), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 17:51:56,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:56,850 INFO L93 Difference]: Finished difference Result 127 states and 179 transitions. [2022-02-20 17:51:56,850 INFO L276 IsEmpty]: Start isEmpty. Operand 127 states and 179 transitions. [2022-02-20 17:51:56,850 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:51:56,851 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:51:56,851 INFO L74 IsIncluded]: Start isIncluded. First operand has 126 states, 104 states have (on average 1.4519230769230769) internal successors, (151), 105 states have internal predecessors, (151), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) Second operand 127 states. [2022-02-20 17:51:56,852 INFO L87 Difference]: Start difference. First operand has 126 states, 104 states have (on average 1.4519230769230769) internal successors, (151), 105 states have internal predecessors, (151), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) Second operand 127 states. [2022-02-20 17:51:56,856 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:56,856 INFO L93 Difference]: Finished difference Result 127 states and 179 transitions. [2022-02-20 17:51:56,857 INFO L276 IsEmpty]: Start isEmpty. Operand 127 states and 179 transitions. [2022-02-20 17:51:56,857 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:51:56,857 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:51:56,857 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:51:56,858 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:51:56,858 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 126 states, 104 states have (on average 1.4519230769230769) internal successors, (151), 105 states have internal predecessors, (151), 14 states have call successors, (14), 7 states have call predecessors, (14), 7 states have return successors, (13), 13 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 17:51:56,863 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 126 states to 126 states and 178 transitions. [2022-02-20 17:51:56,863 INFO L78 Accepts]: Start accepts. Automaton has 126 states and 178 transitions. Word has length 76 [2022-02-20 17:51:56,863 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:51:56,863 INFO L470 AbstractCegarLoop]: Abstraction has 126 states and 178 transitions. [2022-02-20 17:51:56,864 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:51:56,864 INFO L276 IsEmpty]: Start isEmpty. Operand 126 states and 178 transitions. [2022-02-20 17:51:56,865 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 82 [2022-02-20 17:51:56,865 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:51:56,866 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:51:56,892 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 17:51:57,087 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:51:57,088 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:51:57,088 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:51:57,088 INFO L85 PathProgramCache]: Analyzing trace with hash 274053016, now seen corresponding path program 1 times [2022-02-20 17:51:57,088 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:51:57,088 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [985750535] [2022-02-20 17:51:57,088 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:51:57,089 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:51:57,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,169 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:51:57,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,175 INFO L290 TraceCheckUtils]: 0: Hoare triple {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,175 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,177 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2147#true} {2147#true} #410#return; {2147#true} is VALID [2022-02-20 17:51:57,177 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:51:57,184 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2186#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:51:57,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {2186#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2187#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:57,200 INFO L290 TraceCheckUtils]: 2: Hoare triple {2187#(= |setClientId_#in~handle| 1)} assume true; {2187#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:57,201 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2187#(= |setClientId_#in~handle| 1)} {2153#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #412#return; {2148#false} is VALID [2022-02-20 17:51:57,201 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:51:57,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,205 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2147#true} {2148#false} #414#return; {2148#false} is VALID [2022-02-20 17:51:57,212 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2022-02-20 17:51:57,213 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,215 INFO L290 TraceCheckUtils]: 0: Hoare triple {2188#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,215 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,215 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,215 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2147#true} {2148#false} #404#return; {2148#false} is VALID [2022-02-20 17:51:57,222 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:51:57,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,228 INFO L290 TraceCheckUtils]: 0: Hoare triple {2189#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,228 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,228 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,228 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2147#true} {2148#false} #406#return; {2148#false} is VALID [2022-02-20 17:51:57,228 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 51 [2022-02-20 17:51:57,229 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,231 INFO L290 TraceCheckUtils]: 0: Hoare triple {2188#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,231 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,231 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,232 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2147#true} {2148#false} #392#return; {2148#false} is VALID [2022-02-20 17:51:57,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:51:57,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {2147#true} ~handle := #in~handle;havoc ~retValue_acc~4; {2147#true} is VALID [2022-02-20 17:51:57,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {2147#true} is VALID [2022-02-20 17:51:57,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,235 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2147#true} {2148#false} #394#return; {2148#false} is VALID [2022-02-20 17:51:57,235 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:51:57,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,238 INFO L290 TraceCheckUtils]: 0: Hoare triple {2189#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,238 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,238 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,238 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2147#true} {2148#false} #396#return; {2148#false} is VALID [2022-02-20 17:51:57,239 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:51:57,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,241 INFO L290 TraceCheckUtils]: 0: Hoare triple {2147#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {2147#true} is VALID [2022-02-20 17:51:57,242 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,242 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2147#true} {2148#false} #398#return; {2148#false} is VALID [2022-02-20 17:51:57,242 INFO L290 TraceCheckUtils]: 0: Hoare triple {2147#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2147#true} is VALID [2022-02-20 17:51:57,242 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2147#true} is VALID [2022-02-20 17:51:57,242 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2147#true} is VALID [2022-02-20 17:51:57,243 INFO L290 TraceCheckUtils]: 3: Hoare triple {2147#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {2147#true} is VALID [2022-02-20 17:51:57,243 INFO L290 TraceCheckUtils]: 4: Hoare triple {2147#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {2147#true} is VALID [2022-02-20 17:51:57,243 INFO L290 TraceCheckUtils]: 5: Hoare triple {2147#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {2147#true} is VALID [2022-02-20 17:51:57,244 INFO L272 TraceCheckUtils]: 6: Hoare triple {2147#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:57,244 INFO L290 TraceCheckUtils]: 7: Hoare triple {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,244 INFO L290 TraceCheckUtils]: 8: Hoare triple {2147#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,244 INFO L290 TraceCheckUtils]: 9: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,244 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2147#true} {2147#true} #410#return; {2147#true} is VALID [2022-02-20 17:51:57,245 INFO L290 TraceCheckUtils]: 11: Hoare triple {2147#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {2153#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:51:57,245 INFO L272 TraceCheckUtils]: 12: Hoare triple {2153#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:57,246 INFO L290 TraceCheckUtils]: 13: Hoare triple {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2186#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:51:57,246 INFO L290 TraceCheckUtils]: 14: Hoare triple {2186#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2187#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:57,246 INFO L290 TraceCheckUtils]: 15: Hoare triple {2187#(= |setClientId_#in~handle| 1)} assume true; {2187#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:57,247 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2187#(= |setClientId_#in~handle| 1)} {2153#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #412#return; {2148#false} is VALID [2022-02-20 17:51:57,247 INFO L290 TraceCheckUtils]: 17: Hoare triple {2148#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {2148#false} is VALID [2022-02-20 17:51:57,247 INFO L272 TraceCheckUtils]: 18: Hoare triple {2148#false} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:57,247 INFO L290 TraceCheckUtils]: 19: Hoare triple {2185#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,248 INFO L290 TraceCheckUtils]: 20: Hoare triple {2147#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,248 INFO L290 TraceCheckUtils]: 21: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,248 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2147#true} {2148#false} #414#return; {2148#false} is VALID [2022-02-20 17:51:57,248 INFO L290 TraceCheckUtils]: 23: Hoare triple {2148#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2148#false} is VALID [2022-02-20 17:51:57,248 INFO L290 TraceCheckUtils]: 24: Hoare triple {2148#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2148#false} is VALID [2022-02-20 17:51:57,248 INFO L290 TraceCheckUtils]: 25: Hoare triple {2148#false} assume !false; {2148#false} is VALID [2022-02-20 17:51:57,249 INFO L290 TraceCheckUtils]: 26: Hoare triple {2148#false} assume test_~splverifierCounter~0#1 < 4; {2148#false} is VALID [2022-02-20 17:51:57,249 INFO L290 TraceCheckUtils]: 27: Hoare triple {2148#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {2148#false} is VALID [2022-02-20 17:51:57,249 INFO L290 TraceCheckUtils]: 28: Hoare triple {2148#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {2148#false} is VALID [2022-02-20 17:51:57,249 INFO L290 TraceCheckUtils]: 29: Hoare triple {2148#false} assume 0 != test_~tmp___9~0#1;test_~op1~0#1 := 1; {2148#false} is VALID [2022-02-20 17:51:57,249 INFO L290 TraceCheckUtils]: 30: Hoare triple {2148#false} assume !false; {2148#false} is VALID [2022-02-20 17:51:57,249 INFO L290 TraceCheckUtils]: 31: Hoare triple {2148#false} assume !(test_~splverifierCounter~0#1 < 4); {2148#false} is VALID [2022-02-20 17:51:57,250 INFO L290 TraceCheckUtils]: 32: Hoare triple {2148#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2148#false} is VALID [2022-02-20 17:51:57,250 INFO L272 TraceCheckUtils]: 33: Hoare triple {2148#false} call sendEmail(~bob~0, ~rjh~0); {2148#false} is VALID [2022-02-20 17:51:57,250 INFO L290 TraceCheckUtils]: 34: Hoare triple {2148#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2148#false} is VALID [2022-02-20 17:51:57,250 INFO L272 TraceCheckUtils]: 35: Hoare triple {2148#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2188#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:51:57,250 INFO L290 TraceCheckUtils]: 36: Hoare triple {2188#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,250 INFO L290 TraceCheckUtils]: 37: Hoare triple {2147#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,251 INFO L290 TraceCheckUtils]: 38: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,251 INFO L284 TraceCheckUtils]: 39: Hoare quadruple {2147#true} {2148#false} #404#return; {2148#false} is VALID [2022-02-20 17:51:57,251 INFO L272 TraceCheckUtils]: 40: Hoare triple {2148#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2189#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:51:57,251 INFO L290 TraceCheckUtils]: 41: Hoare triple {2189#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,251 INFO L290 TraceCheckUtils]: 42: Hoare triple {2147#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,251 INFO L290 TraceCheckUtils]: 43: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,251 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {2147#true} {2148#false} #406#return; {2148#false} is VALID [2022-02-20 17:51:57,252 INFO L290 TraceCheckUtils]: 45: Hoare triple {2148#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {2148#false} is VALID [2022-02-20 17:51:57,252 INFO L290 TraceCheckUtils]: 46: Hoare triple {2148#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {2148#false} is VALID [2022-02-20 17:51:57,252 INFO L272 TraceCheckUtils]: 47: Hoare triple {2148#false} call outgoing(~sender#1, ~email~0#1); {2148#false} is VALID [2022-02-20 17:51:57,252 INFO L290 TraceCheckUtils]: 48: Hoare triple {2148#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {2148#false} is VALID [2022-02-20 17:51:57,252 INFO L290 TraceCheckUtils]: 49: Hoare triple {2148#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {2148#false} is VALID [2022-02-20 17:51:57,252 INFO L290 TraceCheckUtils]: 50: Hoare triple {2148#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {2148#false} is VALID [2022-02-20 17:51:57,253 INFO L272 TraceCheckUtils]: 51: Hoare triple {2148#false} call setEmailFrom(~msg#1, ~tmp~10#1); {2188#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:51:57,253 INFO L290 TraceCheckUtils]: 52: Hoare triple {2188#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,253 INFO L290 TraceCheckUtils]: 53: Hoare triple {2147#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,253 INFO L290 TraceCheckUtils]: 54: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,253 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {2147#true} {2148#false} #392#return; {2148#false} is VALID [2022-02-20 17:51:57,253 INFO L290 TraceCheckUtils]: 56: Hoare triple {2148#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {2148#false} is VALID [2022-02-20 17:51:57,253 INFO L272 TraceCheckUtils]: 57: Hoare triple {2148#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {2147#true} is VALID [2022-02-20 17:51:57,254 INFO L290 TraceCheckUtils]: 58: Hoare triple {2147#true} ~handle := #in~handle;havoc ~retValue_acc~4; {2147#true} is VALID [2022-02-20 17:51:57,254 INFO L290 TraceCheckUtils]: 59: Hoare triple {2147#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {2147#true} is VALID [2022-02-20 17:51:57,254 INFO L290 TraceCheckUtils]: 60: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,254 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {2147#true} {2148#false} #394#return; {2148#false} is VALID [2022-02-20 17:51:57,254 INFO L290 TraceCheckUtils]: 62: Hoare triple {2148#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {2148#false} is VALID [2022-02-20 17:51:57,254 INFO L290 TraceCheckUtils]: 63: Hoare triple {2148#false} assume { :end_inline_deliver } true; {2148#false} is VALID [2022-02-20 17:51:57,254 INFO L290 TraceCheckUtils]: 64: Hoare triple {2148#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {2148#false} is VALID [2022-02-20 17:51:57,255 INFO L290 TraceCheckUtils]: 65: Hoare triple {2148#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {2148#false} is VALID [2022-02-20 17:51:57,255 INFO L290 TraceCheckUtils]: 66: Hoare triple {2148#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {2148#false} is VALID [2022-02-20 17:51:57,255 INFO L290 TraceCheckUtils]: 67: Hoare triple {2148#false} assume 0 != incoming_~fwreceiver~0#1; {2148#false} is VALID [2022-02-20 17:51:57,255 INFO L272 TraceCheckUtils]: 68: Hoare triple {2148#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {2189#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:51:57,255 INFO L290 TraceCheckUtils]: 69: Hoare triple {2189#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,255 INFO L290 TraceCheckUtils]: 70: Hoare triple {2147#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,255 INFO L290 TraceCheckUtils]: 71: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,256 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {2147#true} {2148#false} #396#return; {2148#false} is VALID [2022-02-20 17:51:57,256 INFO L290 TraceCheckUtils]: 73: Hoare triple {2148#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {2148#false} is VALID [2022-02-20 17:51:57,256 INFO L272 TraceCheckUtils]: 74: Hoare triple {2148#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {2147#true} is VALID [2022-02-20 17:51:57,256 INFO L290 TraceCheckUtils]: 75: Hoare triple {2147#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {2147#true} is VALID [2022-02-20 17:51:57,256 INFO L290 TraceCheckUtils]: 76: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,256 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {2147#true} {2148#false} #398#return; {2148#false} is VALID [2022-02-20 17:51:57,257 INFO L290 TraceCheckUtils]: 78: Hoare triple {2148#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {2148#false} is VALID [2022-02-20 17:51:57,257 INFO L290 TraceCheckUtils]: 79: Hoare triple {2148#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {2148#false} is VALID [2022-02-20 17:51:57,257 INFO L290 TraceCheckUtils]: 80: Hoare triple {2148#false} assume !false; {2148#false} is VALID [2022-02-20 17:51:57,257 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 16 trivial. 0 not checked. [2022-02-20 17:51:57,257 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:51:57,258 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [985750535] [2022-02-20 17:51:57,258 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [985750535] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:51:57,258 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [69747051] [2022-02-20 17:51:57,258 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:51:57,258 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:51:57,258 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:51:57,260 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:51:57,285 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:51:57,464 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,466 INFO L263 TraceCheckSpWp]: Trace formula consists of 821 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:51:57,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:57,514 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {2147#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {2147#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {2147#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 3: Hoare triple {2147#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 4: Hoare triple {2147#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 5: Hoare triple {2147#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L272 TraceCheckUtils]: 6: Hoare triple {2147#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 7: Hoare triple {2147#true} ~handle := #in~handle;~value := #in~value; {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 8: Hoare triple {2147#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2147#true} is VALID [2022-02-20 17:51:57,784 INFO L290 TraceCheckUtils]: 9: Hoare triple {2147#true} assume true; {2147#true} is VALID [2022-02-20 17:51:57,785 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2147#true} {2147#true} #410#return; {2147#true} is VALID [2022-02-20 17:51:57,785 INFO L290 TraceCheckUtils]: 11: Hoare triple {2147#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {2226#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:51:57,785 INFO L272 TraceCheckUtils]: 12: Hoare triple {2226#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {2147#true} is VALID [2022-02-20 17:51:57,791 INFO L290 TraceCheckUtils]: 13: Hoare triple {2147#true} ~handle := #in~handle;~value := #in~value; {2233#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:51:57,791 INFO L290 TraceCheckUtils]: 14: Hoare triple {2233#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2237#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:57,791 INFO L290 TraceCheckUtils]: 15: Hoare triple {2237#(<= |setClientId_#in~handle| 1)} assume true; {2237#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:57,792 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2237#(<= |setClientId_#in~handle| 1)} {2226#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #412#return; {2148#false} is VALID [2022-02-20 17:51:57,792 INFO L290 TraceCheckUtils]: 17: Hoare triple {2148#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {2148#false} is VALID [2022-02-20 17:51:57,792 INFO L272 TraceCheckUtils]: 18: Hoare triple {2148#false} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 19: Hoare triple {2148#false} ~handle := #in~handle;~value := #in~value; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 20: Hoare triple {2148#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 21: Hoare triple {2148#false} assume true; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2148#false} {2148#false} #414#return; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 23: Hoare triple {2148#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 24: Hoare triple {2148#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 25: Hoare triple {2148#false} assume !false; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 26: Hoare triple {2148#false} assume test_~splverifierCounter~0#1 < 4; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 27: Hoare triple {2148#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {2148#false} is VALID [2022-02-20 17:51:57,793 INFO L290 TraceCheckUtils]: 28: Hoare triple {2148#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L290 TraceCheckUtils]: 29: Hoare triple {2148#false} assume 0 != test_~tmp___9~0#1;test_~op1~0#1 := 1; {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L290 TraceCheckUtils]: 30: Hoare triple {2148#false} assume !false; {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L290 TraceCheckUtils]: 31: Hoare triple {2148#false} assume !(test_~splverifierCounter~0#1 < 4); {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L290 TraceCheckUtils]: 32: Hoare triple {2148#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L272 TraceCheckUtils]: 33: Hoare triple {2148#false} call sendEmail(~bob~0, ~rjh~0); {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L290 TraceCheckUtils]: 34: Hoare triple {2148#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L272 TraceCheckUtils]: 35: Hoare triple {2148#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L290 TraceCheckUtils]: 36: Hoare triple {2148#false} ~handle := #in~handle;~value := #in~value; {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L290 TraceCheckUtils]: 37: Hoare triple {2148#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2148#false} is VALID [2022-02-20 17:51:57,794 INFO L290 TraceCheckUtils]: 38: Hoare triple {2148#false} assume true; {2148#false} is VALID [2022-02-20 17:51:57,795 INFO L284 TraceCheckUtils]: 39: Hoare quadruple {2148#false} {2148#false} #404#return; {2148#false} is VALID [2022-02-20 17:51:57,795 INFO L272 TraceCheckUtils]: 40: Hoare triple {2148#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2148#false} is VALID [2022-02-20 17:51:57,795 INFO L290 TraceCheckUtils]: 41: Hoare triple {2148#false} ~handle := #in~handle;~value := #in~value; {2148#false} is VALID [2022-02-20 17:51:57,795 INFO L290 TraceCheckUtils]: 42: Hoare triple {2148#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2148#false} is VALID [2022-02-20 17:51:57,795 INFO L290 TraceCheckUtils]: 43: Hoare triple {2148#false} assume true; {2148#false} is VALID [2022-02-20 17:51:57,795 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {2148#false} {2148#false} #406#return; {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L290 TraceCheckUtils]: 45: Hoare triple {2148#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L290 TraceCheckUtils]: 46: Hoare triple {2148#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L272 TraceCheckUtils]: 47: Hoare triple {2148#false} call outgoing(~sender#1, ~email~0#1); {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L290 TraceCheckUtils]: 48: Hoare triple {2148#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L290 TraceCheckUtils]: 49: Hoare triple {2148#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L290 TraceCheckUtils]: 50: Hoare triple {2148#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L272 TraceCheckUtils]: 51: Hoare triple {2148#false} call setEmailFrom(~msg#1, ~tmp~10#1); {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L290 TraceCheckUtils]: 52: Hoare triple {2148#false} ~handle := #in~handle;~value := #in~value; {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L290 TraceCheckUtils]: 53: Hoare triple {2148#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2148#false} is VALID [2022-02-20 17:51:57,796 INFO L290 TraceCheckUtils]: 54: Hoare triple {2148#false} assume true; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {2148#false} {2148#false} #392#return; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L290 TraceCheckUtils]: 56: Hoare triple {2148#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L272 TraceCheckUtils]: 57: Hoare triple {2148#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L290 TraceCheckUtils]: 58: Hoare triple {2148#false} ~handle := #in~handle;havoc ~retValue_acc~4; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L290 TraceCheckUtils]: 59: Hoare triple {2148#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L290 TraceCheckUtils]: 60: Hoare triple {2148#false} assume true; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {2148#false} {2148#false} #394#return; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L290 TraceCheckUtils]: 62: Hoare triple {2148#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L290 TraceCheckUtils]: 63: Hoare triple {2148#false} assume { :end_inline_deliver } true; {2148#false} is VALID [2022-02-20 17:51:57,797 INFO L290 TraceCheckUtils]: 64: Hoare triple {2148#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L290 TraceCheckUtils]: 65: Hoare triple {2148#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L290 TraceCheckUtils]: 66: Hoare triple {2148#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L290 TraceCheckUtils]: 67: Hoare triple {2148#false} assume 0 != incoming_~fwreceiver~0#1; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L272 TraceCheckUtils]: 68: Hoare triple {2148#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L290 TraceCheckUtils]: 69: Hoare triple {2148#false} ~handle := #in~handle;~value := #in~value; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L290 TraceCheckUtils]: 70: Hoare triple {2148#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L290 TraceCheckUtils]: 71: Hoare triple {2148#false} assume true; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {2148#false} {2148#false} #396#return; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L290 TraceCheckUtils]: 73: Hoare triple {2148#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {2148#false} is VALID [2022-02-20 17:51:57,798 INFO L272 TraceCheckUtils]: 74: Hoare triple {2148#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {2148#false} is VALID [2022-02-20 17:51:57,799 INFO L290 TraceCheckUtils]: 75: Hoare triple {2148#false} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {2148#false} is VALID [2022-02-20 17:51:57,799 INFO L290 TraceCheckUtils]: 76: Hoare triple {2148#false} assume true; {2148#false} is VALID [2022-02-20 17:51:57,799 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {2148#false} {2148#false} #398#return; {2148#false} is VALID [2022-02-20 17:51:57,799 INFO L290 TraceCheckUtils]: 78: Hoare triple {2148#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {2148#false} is VALID [2022-02-20 17:51:57,799 INFO L290 TraceCheckUtils]: 79: Hoare triple {2148#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {2148#false} is VALID [2022-02-20 17:51:57,799 INFO L290 TraceCheckUtils]: 80: Hoare triple {2148#false} assume !false; {2148#false} is VALID [2022-02-20 17:51:57,799 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 11 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:51:57,800 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:51:57,800 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [69747051] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:51:57,800 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:51:57,800 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2022-02-20 17:51:57,800 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [66178104] [2022-02-20 17:51:57,800 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:51:57,802 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 13.5) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 2 states have call predecessors, (11), 3 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) Word has length 81 [2022-02-20 17:51:57,802 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:51:57,803 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 13.5) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 2 states have call predecessors, (11), 3 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:51:57,855 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:51:57,855 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:51:57,856 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:51:57,856 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:51:57,856 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:51:57,856 INFO L87 Difference]: Start difference. First operand 126 states and 178 transitions. Second operand has 5 states, 4 states have (on average 13.5) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 2 states have call predecessors, (11), 3 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:51:58,272 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:58,273 INFO L93 Difference]: Finished difference Result 245 states and 349 transitions. [2022-02-20 17:51:58,273 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:51:58,275 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 13.5) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 2 states have call predecessors, (11), 3 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) Word has length 81 [2022-02-20 17:51:58,275 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:51:58,275 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 13.5) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 2 states have call predecessors, (11), 3 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:51:58,281 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 345 transitions. [2022-02-20 17:51:58,281 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 13.5) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 2 states have call predecessors, (11), 3 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:51:58,285 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 345 transitions. [2022-02-20 17:51:58,285 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 345 transitions. [2022-02-20 17:51:58,556 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 345 edges. 345 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:51:58,558 INFO L225 Difference]: With dead ends: 245 [2022-02-20 17:51:58,558 INFO L226 Difference]: Without dead ends: 128 [2022-02-20 17:51:58,559 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 103 GetRequests, 93 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=26, Invalid=106, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:51:58,560 INFO L933 BasicCegarLoop]: 167 mSDtfsCounter, 73 mSDsluCounter, 425 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 77 SdHoareTripleChecker+Valid, 592 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:51:58,560 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [77 Valid, 592 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:51:58,561 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 128 states. [2022-02-20 17:51:58,591 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 128 to 128. [2022-02-20 17:51:58,592 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:51:58,592 INFO L82 GeneralOperation]: Start isEquivalent. First operand 128 states. Second operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (15), 13 states have call predecessors, (15), 13 states have call successors, (15) [2022-02-20 17:51:58,593 INFO L74 IsIncluded]: Start isIncluded. First operand 128 states. Second operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (15), 13 states have call predecessors, (15), 13 states have call successors, (15) [2022-02-20 17:51:58,593 INFO L87 Difference]: Start difference. First operand 128 states. Second operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (15), 13 states have call predecessors, (15), 13 states have call successors, (15) [2022-02-20 17:51:58,598 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:58,598 INFO L93 Difference]: Finished difference Result 128 states and 181 transitions. [2022-02-20 17:51:58,598 INFO L276 IsEmpty]: Start isEmpty. Operand 128 states and 181 transitions. [2022-02-20 17:51:58,599 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:51:58,599 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:51:58,599 INFO L74 IsIncluded]: Start isIncluded. First operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (15), 13 states have call predecessors, (15), 13 states have call successors, (15) Second operand 128 states. [2022-02-20 17:51:58,600 INFO L87 Difference]: Start difference. First operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (15), 13 states have call predecessors, (15), 13 states have call successors, (15) Second operand 128 states. [2022-02-20 17:51:58,604 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:51:58,604 INFO L93 Difference]: Finished difference Result 128 states and 181 transitions. [2022-02-20 17:51:58,604 INFO L276 IsEmpty]: Start isEmpty. Operand 128 states and 181 transitions. [2022-02-20 17:51:58,604 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:51:58,604 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:51:58,605 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:51:58,605 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:51:58,605 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (15), 13 states have call predecessors, (15), 13 states have call successors, (15) [2022-02-20 17:51:58,621 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 128 states to 128 states and 181 transitions. [2022-02-20 17:51:58,621 INFO L78 Accepts]: Start accepts. Automaton has 128 states and 181 transitions. Word has length 81 [2022-02-20 17:51:58,623 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:51:58,623 INFO L470 AbstractCegarLoop]: Abstraction has 128 states and 181 transitions. [2022-02-20 17:51:58,626 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 13.5) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 2 states have call predecessors, (11), 3 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:51:58,626 INFO L276 IsEmpty]: Start isEmpty. Operand 128 states and 181 transitions. [2022-02-20 17:51:58,628 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 83 [2022-02-20 17:51:58,628 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:51:58,628 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:51:58,649 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:51:58,839 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:51:58,839 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:51:58,840 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:51:58,840 INFO L85 PathProgramCache]: Analyzing trace with hash 1709648729, now seen corresponding path program 1 times [2022-02-20 17:51:58,840 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:51:58,840 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1114642010] [2022-02-20 17:51:58,840 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:51:58,840 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:51:58,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,906 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:51:58,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,910 INFO L290 TraceCheckUtils]: 2: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,911 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3237#true} {3237#true} #410#return; {3237#true} is VALID [2022-02-20 17:51:58,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:51:58,912 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,916 INFO L290 TraceCheckUtils]: 0: Hoare triple {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume !(1 == ~handle); {3237#true} is VALID [2022-02-20 17:51:58,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {3237#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,916 INFO L290 TraceCheckUtils]: 3: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,916 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3237#true} {3237#true} #412#return; {3237#true} is VALID [2022-02-20 17:51:58,917 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:51:58,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,934 INFO L290 TraceCheckUtils]: 0: Hoare triple {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3277#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:51:58,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {3277#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3278#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:58,935 INFO L290 TraceCheckUtils]: 2: Hoare triple {3278#(= |setClientId_#in~handle| 1)} assume true; {3278#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:58,936 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3278#(= |setClientId_#in~handle| 1)} {3248#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #414#return; {3238#false} is VALID [2022-02-20 17:51:58,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:51:58,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {3279#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,945 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,945 INFO L290 TraceCheckUtils]: 2: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,945 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3237#true} {3238#false} #404#return; {3238#false} is VALID [2022-02-20 17:51:58,952 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 41 [2022-02-20 17:51:58,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,955 INFO L290 TraceCheckUtils]: 0: Hoare triple {3280#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,955 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,955 INFO L290 TraceCheckUtils]: 2: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,956 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3237#true} {3238#false} #406#return; {3238#false} is VALID [2022-02-20 17:51:58,956 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:51:58,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,958 INFO L290 TraceCheckUtils]: 0: Hoare triple {3279#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,958 INFO L290 TraceCheckUtils]: 2: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,959 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3237#true} {3238#false} #392#return; {3238#false} is VALID [2022-02-20 17:51:58,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:51:58,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {3237#true} ~handle := #in~handle;havoc ~retValue_acc~4; {3237#true} is VALID [2022-02-20 17:51:58,962 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {3237#true} is VALID [2022-02-20 17:51:58,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,962 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3237#true} {3238#false} #394#return; {3238#false} is VALID [2022-02-20 17:51:58,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:51:58,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {3280#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,965 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,966 INFO L290 TraceCheckUtils]: 2: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,966 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3237#true} {3238#false} #396#return; {3238#false} is VALID [2022-02-20 17:51:58,966 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:51:58,967 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:51:58,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {3237#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {3237#true} is VALID [2022-02-20 17:51:58,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,969 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3237#true} {3238#false} #398#return; {3238#false} is VALID [2022-02-20 17:51:58,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {3237#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {3237#true} is VALID [2022-02-20 17:51:58,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {3237#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {3237#true} is VALID [2022-02-20 17:51:58,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {3237#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3237#true} is VALID [2022-02-20 17:51:58,970 INFO L290 TraceCheckUtils]: 3: Hoare triple {3237#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {3237#true} is VALID [2022-02-20 17:51:58,970 INFO L290 TraceCheckUtils]: 4: Hoare triple {3237#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {3237#true} is VALID [2022-02-20 17:51:58,970 INFO L290 TraceCheckUtils]: 5: Hoare triple {3237#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {3237#true} is VALID [2022-02-20 17:51:58,971 INFO L272 TraceCheckUtils]: 6: Hoare triple {3237#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:58,971 INFO L290 TraceCheckUtils]: 7: Hoare triple {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,971 INFO L290 TraceCheckUtils]: 8: Hoare triple {3237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,971 INFO L290 TraceCheckUtils]: 9: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,971 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3237#true} {3237#true} #410#return; {3237#true} is VALID [2022-02-20 17:51:58,971 INFO L290 TraceCheckUtils]: 11: Hoare triple {3237#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {3237#true} is VALID [2022-02-20 17:51:58,972 INFO L272 TraceCheckUtils]: 12: Hoare triple {3237#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:58,972 INFO L290 TraceCheckUtils]: 13: Hoare triple {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,972 INFO L290 TraceCheckUtils]: 14: Hoare triple {3237#true} assume !(1 == ~handle); {3237#true} is VALID [2022-02-20 17:51:58,972 INFO L290 TraceCheckUtils]: 15: Hoare triple {3237#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,973 INFO L290 TraceCheckUtils]: 16: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,973 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {3237#true} {3237#true} #412#return; {3237#true} is VALID [2022-02-20 17:51:58,973 INFO L290 TraceCheckUtils]: 18: Hoare triple {3237#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {3248#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:51:58,974 INFO L272 TraceCheckUtils]: 19: Hoare triple {3248#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:51:58,974 INFO L290 TraceCheckUtils]: 20: Hoare triple {3276#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3277#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:51:58,975 INFO L290 TraceCheckUtils]: 21: Hoare triple {3277#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3278#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:58,975 INFO L290 TraceCheckUtils]: 22: Hoare triple {3278#(= |setClientId_#in~handle| 1)} assume true; {3278#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:51:58,976 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {3278#(= |setClientId_#in~handle| 1)} {3248#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #414#return; {3238#false} is VALID [2022-02-20 17:51:58,976 INFO L290 TraceCheckUtils]: 24: Hoare triple {3238#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {3238#false} is VALID [2022-02-20 17:51:58,976 INFO L290 TraceCheckUtils]: 25: Hoare triple {3238#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3238#false} is VALID [2022-02-20 17:51:58,976 INFO L290 TraceCheckUtils]: 26: Hoare triple {3238#false} assume !false; {3238#false} is VALID [2022-02-20 17:51:58,976 INFO L290 TraceCheckUtils]: 27: Hoare triple {3238#false} assume test_~splverifierCounter~0#1 < 4; {3238#false} is VALID [2022-02-20 17:51:58,976 INFO L290 TraceCheckUtils]: 28: Hoare triple {3238#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {3238#false} is VALID [2022-02-20 17:51:58,976 INFO L290 TraceCheckUtils]: 29: Hoare triple {3238#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {3238#false} is VALID [2022-02-20 17:51:58,977 INFO L290 TraceCheckUtils]: 30: Hoare triple {3238#false} assume 0 != test_~tmp___9~0#1;test_~op1~0#1 := 1; {3238#false} is VALID [2022-02-20 17:51:58,977 INFO L290 TraceCheckUtils]: 31: Hoare triple {3238#false} assume !false; {3238#false} is VALID [2022-02-20 17:51:58,977 INFO L290 TraceCheckUtils]: 32: Hoare triple {3238#false} assume !(test_~splverifierCounter~0#1 < 4); {3238#false} is VALID [2022-02-20 17:51:58,977 INFO L290 TraceCheckUtils]: 33: Hoare triple {3238#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {3238#false} is VALID [2022-02-20 17:51:58,977 INFO L272 TraceCheckUtils]: 34: Hoare triple {3238#false} call sendEmail(~bob~0, ~rjh~0); {3238#false} is VALID [2022-02-20 17:51:58,977 INFO L290 TraceCheckUtils]: 35: Hoare triple {3238#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3238#false} is VALID [2022-02-20 17:51:58,977 INFO L272 TraceCheckUtils]: 36: Hoare triple {3238#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3279#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:51:58,978 INFO L290 TraceCheckUtils]: 37: Hoare triple {3279#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,978 INFO L290 TraceCheckUtils]: 38: Hoare triple {3237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,978 INFO L290 TraceCheckUtils]: 39: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,978 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3237#true} {3238#false} #404#return; {3238#false} is VALID [2022-02-20 17:51:58,978 INFO L272 TraceCheckUtils]: 41: Hoare triple {3238#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3280#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:51:58,978 INFO L290 TraceCheckUtils]: 42: Hoare triple {3280#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,978 INFO L290 TraceCheckUtils]: 43: Hoare triple {3237#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,979 INFO L290 TraceCheckUtils]: 44: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,979 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {3237#true} {3238#false} #406#return; {3238#false} is VALID [2022-02-20 17:51:58,979 INFO L290 TraceCheckUtils]: 46: Hoare triple {3238#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {3238#false} is VALID [2022-02-20 17:51:58,979 INFO L290 TraceCheckUtils]: 47: Hoare triple {3238#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {3238#false} is VALID [2022-02-20 17:51:58,979 INFO L272 TraceCheckUtils]: 48: Hoare triple {3238#false} call outgoing(~sender#1, ~email~0#1); {3238#false} is VALID [2022-02-20 17:51:58,979 INFO L290 TraceCheckUtils]: 49: Hoare triple {3238#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {3238#false} is VALID [2022-02-20 17:51:58,979 INFO L290 TraceCheckUtils]: 50: Hoare triple {3238#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {3238#false} is VALID [2022-02-20 17:51:58,980 INFO L290 TraceCheckUtils]: 51: Hoare triple {3238#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {3238#false} is VALID [2022-02-20 17:51:58,980 INFO L272 TraceCheckUtils]: 52: Hoare triple {3238#false} call setEmailFrom(~msg#1, ~tmp~10#1); {3279#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:51:58,980 INFO L290 TraceCheckUtils]: 53: Hoare triple {3279#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,980 INFO L290 TraceCheckUtils]: 54: Hoare triple {3237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,980 INFO L290 TraceCheckUtils]: 55: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,980 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {3237#true} {3238#false} #392#return; {3238#false} is VALID [2022-02-20 17:51:58,980 INFO L290 TraceCheckUtils]: 57: Hoare triple {3238#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {3238#false} is VALID [2022-02-20 17:51:58,981 INFO L272 TraceCheckUtils]: 58: Hoare triple {3238#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {3237#true} is VALID [2022-02-20 17:51:58,981 INFO L290 TraceCheckUtils]: 59: Hoare triple {3237#true} ~handle := #in~handle;havoc ~retValue_acc~4; {3237#true} is VALID [2022-02-20 17:51:58,981 INFO L290 TraceCheckUtils]: 60: Hoare triple {3237#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {3237#true} is VALID [2022-02-20 17:51:58,981 INFO L290 TraceCheckUtils]: 61: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,981 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {3237#true} {3238#false} #394#return; {3238#false} is VALID [2022-02-20 17:51:58,981 INFO L290 TraceCheckUtils]: 63: Hoare triple {3238#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {3238#false} is VALID [2022-02-20 17:51:58,981 INFO L290 TraceCheckUtils]: 64: Hoare triple {3238#false} assume { :end_inline_deliver } true; {3238#false} is VALID [2022-02-20 17:51:58,982 INFO L290 TraceCheckUtils]: 65: Hoare triple {3238#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {3238#false} is VALID [2022-02-20 17:51:58,982 INFO L290 TraceCheckUtils]: 66: Hoare triple {3238#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {3238#false} is VALID [2022-02-20 17:51:58,982 INFO L290 TraceCheckUtils]: 67: Hoare triple {3238#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {3238#false} is VALID [2022-02-20 17:51:58,982 INFO L290 TraceCheckUtils]: 68: Hoare triple {3238#false} assume 0 != incoming_~fwreceiver~0#1; {3238#false} is VALID [2022-02-20 17:51:58,982 INFO L272 TraceCheckUtils]: 69: Hoare triple {3238#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {3280#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:51:58,982 INFO L290 TraceCheckUtils]: 70: Hoare triple {3280#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3237#true} is VALID [2022-02-20 17:51:58,982 INFO L290 TraceCheckUtils]: 71: Hoare triple {3237#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3237#true} is VALID [2022-02-20 17:51:58,983 INFO L290 TraceCheckUtils]: 72: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,983 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {3237#true} {3238#false} #396#return; {3238#false} is VALID [2022-02-20 17:51:58,983 INFO L290 TraceCheckUtils]: 74: Hoare triple {3238#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {3238#false} is VALID [2022-02-20 17:51:58,983 INFO L272 TraceCheckUtils]: 75: Hoare triple {3238#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {3237#true} is VALID [2022-02-20 17:51:58,983 INFO L290 TraceCheckUtils]: 76: Hoare triple {3237#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {3237#true} is VALID [2022-02-20 17:51:58,983 INFO L290 TraceCheckUtils]: 77: Hoare triple {3237#true} assume true; {3237#true} is VALID [2022-02-20 17:51:58,983 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {3237#true} {3238#false} #398#return; {3238#false} is VALID [2022-02-20 17:51:58,984 INFO L290 TraceCheckUtils]: 79: Hoare triple {3238#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {3238#false} is VALID [2022-02-20 17:51:58,984 INFO L290 TraceCheckUtils]: 80: Hoare triple {3238#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {3238#false} is VALID [2022-02-20 17:51:58,984 INFO L290 TraceCheckUtils]: 81: Hoare triple {3238#false} assume !false; {3238#false} is VALID [2022-02-20 17:51:58,984 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 16 trivial. 0 not checked. [2022-02-20 17:51:58,984 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:51:58,985 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1114642010] [2022-02-20 17:51:58,985 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1114642010] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:51:58,985 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:51:58,985 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:51:58,985 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [914812636] [2022-02-20 17:51:58,985 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:51:58,986 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 7.571428571428571) internal successors, (53), 5 states have internal predecessors, (53), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) Word has length 82 [2022-02-20 17:51:58,986 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:51:58,987 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 7.571428571428571) internal successors, (53), 5 states have internal predecessors, (53), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:51:59,037 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 73 edges. 73 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:51:59,037 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:51:59,037 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:51:59,038 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:51:59,038 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:51:59,038 INFO L87 Difference]: Start difference. First operand 128 states and 181 transitions. Second operand has 8 states, 7 states have (on average 7.571428571428571) internal successors, (53), 5 states have internal predecessors, (53), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:01,560 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:01,560 INFO L93 Difference]: Finished difference Result 342 states and 488 transitions. [2022-02-20 17:52:01,560 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 17:52:01,561 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 7.571428571428571) internal successors, (53), 5 states have internal predecessors, (53), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) Word has length 82 [2022-02-20 17:52:01,561 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:01,561 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 7.571428571428571) internal successors, (53), 5 states have internal predecessors, (53), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:01,568 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 484 transitions. [2022-02-20 17:52:01,568 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 7.571428571428571) internal successors, (53), 5 states have internal predecessors, (53), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:01,575 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 484 transitions. [2022-02-20 17:52:01,575 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 484 transitions. [2022-02-20 17:52:01,979 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 484 edges. 484 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:01,990 INFO L225 Difference]: With dead ends: 342 [2022-02-20 17:52:01,990 INFO L226 Difference]: Without dead ends: 233 [2022-02-20 17:52:01,991 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 21 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:52:01,995 INFO L933 BasicCegarLoop]: 256 mSDtfsCounter, 296 mSDsluCounter, 373 mSDsCounter, 0 mSdLazyCounter, 933 mSolverCounterSat, 107 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 303 SdHoareTripleChecker+Valid, 629 SdHoareTripleChecker+Invalid, 1040 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 107 IncrementalHoareTripleChecker+Valid, 933 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:01,996 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [303 Valid, 629 Invalid, 1040 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [107 Valid, 933 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-02-20 17:52:01,998 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 233 states. [2022-02-20 17:52:02,035 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 233 to 128. [2022-02-20 17:52:02,035 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:02,036 INFO L82 GeneralOperation]: Start isEquivalent. First operand 233 states. Second operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (14), 13 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 17:52:02,037 INFO L74 IsIncluded]: Start isIncluded. First operand 233 states. Second operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (14), 13 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 17:52:02,037 INFO L87 Difference]: Start difference. First operand 233 states. Second operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (14), 13 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 17:52:02,047 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:02,047 INFO L93 Difference]: Finished difference Result 233 states and 331 transitions. [2022-02-20 17:52:02,047 INFO L276 IsEmpty]: Start isEmpty. Operand 233 states and 331 transitions. [2022-02-20 17:52:02,049 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:02,049 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:02,050 INFO L74 IsIncluded]: Start isIncluded. First operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (14), 13 states have call predecessors, (14), 13 states have call successors, (14) Second operand 233 states. [2022-02-20 17:52:02,050 INFO L87 Difference]: Start difference. First operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (14), 13 states have call predecessors, (14), 13 states have call successors, (14) Second operand 233 states. [2022-02-20 17:52:02,059 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:02,059 INFO L93 Difference]: Finished difference Result 233 states and 331 transitions. [2022-02-20 17:52:02,059 INFO L276 IsEmpty]: Start isEmpty. Operand 233 states and 331 transitions. [2022-02-20 17:52:02,061 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:02,061 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:02,061 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:02,061 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:02,062 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 128 states, 105 states have (on average 1.4476190476190476) internal successors, (152), 107 states have internal predecessors, (152), 14 states have call successors, (14), 7 states have call predecessors, (14), 8 states have return successors, (14), 13 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 17:52:02,065 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 128 states to 128 states and 180 transitions. [2022-02-20 17:52:02,066 INFO L78 Accepts]: Start accepts. Automaton has 128 states and 180 transitions. Word has length 82 [2022-02-20 17:52:02,066 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:02,066 INFO L470 AbstractCegarLoop]: Abstraction has 128 states and 180 transitions. [2022-02-20 17:52:02,066 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 7.571428571428571) internal successors, (53), 5 states have internal predecessors, (53), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:02,066 INFO L276 IsEmpty]: Start isEmpty. Operand 128 states and 180 transitions. [2022-02-20 17:52:02,067 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 84 [2022-02-20 17:52:02,067 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:02,067 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:02,068 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 17:52:02,068 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:02,068 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:02,068 INFO L85 PathProgramCache]: Analyzing trace with hash -24130620, now seen corresponding path program 2 times [2022-02-20 17:52:02,069 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:02,069 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [189993488] [2022-02-20 17:52:02,069 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:02,069 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:02,101 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,153 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:02,155 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,157 INFO L290 TraceCheckUtils]: 0: Hoare triple {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,157 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,157 INFO L290 TraceCheckUtils]: 2: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,158 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4449#true} {4449#true} #410#return; {4449#true} is VALID [2022-02-20 17:52:02,158 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:02,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,161 INFO L290 TraceCheckUtils]: 0: Hoare triple {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,162 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume !(1 == ~handle); {4449#true} is VALID [2022-02-20 17:52:02,162 INFO L290 TraceCheckUtils]: 2: Hoare triple {4449#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,162 INFO L290 TraceCheckUtils]: 3: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,162 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {4449#true} {4449#true} #412#return; {4449#true} is VALID [2022-02-20 17:52:02,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:02,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:52:02,182 INFO L290 TraceCheckUtils]: 1: Hoare triple {4490#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {4490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:52:02,182 INFO L290 TraceCheckUtils]: 2: Hoare triple {4490#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {4491#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:52:02,182 INFO L290 TraceCheckUtils]: 3: Hoare triple {4491#(= 2 |setClientId_#in~handle|)} assume true; {4491#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:52:02,183 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {4491#(= 2 |setClientId_#in~handle|)} {4460#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #414#return; {4450#false} is VALID [2022-02-20 17:52:02,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:52:02,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {4492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,194 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,195 INFO L290 TraceCheckUtils]: 2: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,195 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4449#true} {4450#false} #404#return; {4450#false} is VALID [2022-02-20 17:52:02,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-02-20 17:52:02,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {4493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,210 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,210 INFO L290 TraceCheckUtils]: 2: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,210 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4449#true} {4450#false} #406#return; {4450#false} is VALID [2022-02-20 17:52:02,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:52:02,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,213 INFO L290 TraceCheckUtils]: 0: Hoare triple {4492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,213 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4449#true} {4450#false} #392#return; {4450#false} is VALID [2022-02-20 17:52:02,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:52:02,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,216 INFO L290 TraceCheckUtils]: 0: Hoare triple {4449#true} ~handle := #in~handle;havoc ~retValue_acc~4; {4449#true} is VALID [2022-02-20 17:52:02,216 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {4449#true} is VALID [2022-02-20 17:52:02,216 INFO L290 TraceCheckUtils]: 2: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,216 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4449#true} {4450#false} #394#return; {4450#false} is VALID [2022-02-20 17:52:02,217 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:52:02,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {4493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,219 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,219 INFO L290 TraceCheckUtils]: 2: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,219 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4449#true} {4450#false} #396#return; {4450#false} is VALID [2022-02-20 17:52:02,219 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:52:02,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:02,222 INFO L290 TraceCheckUtils]: 0: Hoare triple {4449#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {4449#true} is VALID [2022-02-20 17:52:02,222 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,222 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4449#true} {4450#false} #398#return; {4450#false} is VALID [2022-02-20 17:52:02,222 INFO L290 TraceCheckUtils]: 0: Hoare triple {4449#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4449#true} is VALID [2022-02-20 17:52:02,222 INFO L290 TraceCheckUtils]: 1: Hoare triple {4449#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {4449#true} is VALID [2022-02-20 17:52:02,223 INFO L290 TraceCheckUtils]: 2: Hoare triple {4449#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4449#true} is VALID [2022-02-20 17:52:02,223 INFO L290 TraceCheckUtils]: 3: Hoare triple {4449#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {4449#true} is VALID [2022-02-20 17:52:02,223 INFO L290 TraceCheckUtils]: 4: Hoare triple {4449#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {4449#true} is VALID [2022-02-20 17:52:02,223 INFO L290 TraceCheckUtils]: 5: Hoare triple {4449#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4449#true} is VALID [2022-02-20 17:52:02,224 INFO L272 TraceCheckUtils]: 6: Hoare triple {4449#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:02,224 INFO L290 TraceCheckUtils]: 7: Hoare triple {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,224 INFO L290 TraceCheckUtils]: 8: Hoare triple {4449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,224 INFO L290 TraceCheckUtils]: 9: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,224 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4449#true} {4449#true} #410#return; {4449#true} is VALID [2022-02-20 17:52:02,225 INFO L290 TraceCheckUtils]: 11: Hoare triple {4449#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4449#true} is VALID [2022-02-20 17:52:02,225 INFO L272 TraceCheckUtils]: 12: Hoare triple {4449#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:02,225 INFO L290 TraceCheckUtils]: 13: Hoare triple {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,225 INFO L290 TraceCheckUtils]: 14: Hoare triple {4449#true} assume !(1 == ~handle); {4449#true} is VALID [2022-02-20 17:52:02,226 INFO L290 TraceCheckUtils]: 15: Hoare triple {4449#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,226 INFO L290 TraceCheckUtils]: 16: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,226 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {4449#true} {4449#true} #412#return; {4449#true} is VALID [2022-02-20 17:52:02,226 INFO L290 TraceCheckUtils]: 18: Hoare triple {4449#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4460#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:52:02,227 INFO L272 TraceCheckUtils]: 19: Hoare triple {4460#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:02,227 INFO L290 TraceCheckUtils]: 20: Hoare triple {4489#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:52:02,228 INFO L290 TraceCheckUtils]: 21: Hoare triple {4490#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {4490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:52:02,228 INFO L290 TraceCheckUtils]: 22: Hoare triple {4490#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {4491#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:52:02,229 INFO L290 TraceCheckUtils]: 23: Hoare triple {4491#(= 2 |setClientId_#in~handle|)} assume true; {4491#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:52:02,229 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {4491#(= 2 |setClientId_#in~handle|)} {4460#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #414#return; {4450#false} is VALID [2022-02-20 17:52:02,229 INFO L290 TraceCheckUtils]: 25: Hoare triple {4450#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {4450#false} is VALID [2022-02-20 17:52:02,229 INFO L290 TraceCheckUtils]: 26: Hoare triple {4450#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4450#false} is VALID [2022-02-20 17:52:02,230 INFO L290 TraceCheckUtils]: 27: Hoare triple {4450#false} assume !false; {4450#false} is VALID [2022-02-20 17:52:02,230 INFO L290 TraceCheckUtils]: 28: Hoare triple {4450#false} assume test_~splverifierCounter~0#1 < 4; {4450#false} is VALID [2022-02-20 17:52:02,230 INFO L290 TraceCheckUtils]: 29: Hoare triple {4450#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4450#false} is VALID [2022-02-20 17:52:02,230 INFO L290 TraceCheckUtils]: 30: Hoare triple {4450#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {4450#false} is VALID [2022-02-20 17:52:02,230 INFO L290 TraceCheckUtils]: 31: Hoare triple {4450#false} assume 0 != test_~tmp___9~0#1;test_~op1~0#1 := 1; {4450#false} is VALID [2022-02-20 17:52:02,230 INFO L290 TraceCheckUtils]: 32: Hoare triple {4450#false} assume !false; {4450#false} is VALID [2022-02-20 17:52:02,230 INFO L290 TraceCheckUtils]: 33: Hoare triple {4450#false} assume !(test_~splverifierCounter~0#1 < 4); {4450#false} is VALID [2022-02-20 17:52:02,230 INFO L290 TraceCheckUtils]: 34: Hoare triple {4450#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {4450#false} is VALID [2022-02-20 17:52:02,231 INFO L272 TraceCheckUtils]: 35: Hoare triple {4450#false} call sendEmail(~bob~0, ~rjh~0); {4450#false} is VALID [2022-02-20 17:52:02,231 INFO L290 TraceCheckUtils]: 36: Hoare triple {4450#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4450#false} is VALID [2022-02-20 17:52:02,231 INFO L272 TraceCheckUtils]: 37: Hoare triple {4450#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:02,231 INFO L290 TraceCheckUtils]: 38: Hoare triple {4492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,231 INFO L290 TraceCheckUtils]: 39: Hoare triple {4449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,231 INFO L290 TraceCheckUtils]: 40: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,231 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4449#true} {4450#false} #404#return; {4450#false} is VALID [2022-02-20 17:52:02,232 INFO L272 TraceCheckUtils]: 42: Hoare triple {4450#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:02,232 INFO L290 TraceCheckUtils]: 43: Hoare triple {4493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,232 INFO L290 TraceCheckUtils]: 44: Hoare triple {4449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,232 INFO L290 TraceCheckUtils]: 45: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,232 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {4449#true} {4450#false} #406#return; {4450#false} is VALID [2022-02-20 17:52:02,232 INFO L290 TraceCheckUtils]: 47: Hoare triple {4450#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {4450#false} is VALID [2022-02-20 17:52:02,232 INFO L290 TraceCheckUtils]: 48: Hoare triple {4450#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {4450#false} is VALID [2022-02-20 17:52:02,233 INFO L272 TraceCheckUtils]: 49: Hoare triple {4450#false} call outgoing(~sender#1, ~email~0#1); {4450#false} is VALID [2022-02-20 17:52:02,233 INFO L290 TraceCheckUtils]: 50: Hoare triple {4450#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {4450#false} is VALID [2022-02-20 17:52:02,233 INFO L290 TraceCheckUtils]: 51: Hoare triple {4450#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {4450#false} is VALID [2022-02-20 17:52:02,233 INFO L290 TraceCheckUtils]: 52: Hoare triple {4450#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {4450#false} is VALID [2022-02-20 17:52:02,233 INFO L272 TraceCheckUtils]: 53: Hoare triple {4450#false} call setEmailFrom(~msg#1, ~tmp~10#1); {4492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:02,233 INFO L290 TraceCheckUtils]: 54: Hoare triple {4492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,233 INFO L290 TraceCheckUtils]: 55: Hoare triple {4449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,234 INFO L290 TraceCheckUtils]: 56: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,234 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {4449#true} {4450#false} #392#return; {4450#false} is VALID [2022-02-20 17:52:02,234 INFO L290 TraceCheckUtils]: 58: Hoare triple {4450#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {4450#false} is VALID [2022-02-20 17:52:02,234 INFO L272 TraceCheckUtils]: 59: Hoare triple {4450#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {4449#true} is VALID [2022-02-20 17:52:02,234 INFO L290 TraceCheckUtils]: 60: Hoare triple {4449#true} ~handle := #in~handle;havoc ~retValue_acc~4; {4449#true} is VALID [2022-02-20 17:52:02,234 INFO L290 TraceCheckUtils]: 61: Hoare triple {4449#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {4449#true} is VALID [2022-02-20 17:52:02,234 INFO L290 TraceCheckUtils]: 62: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,234 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {4449#true} {4450#false} #394#return; {4450#false} is VALID [2022-02-20 17:52:02,235 INFO L290 TraceCheckUtils]: 64: Hoare triple {4450#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {4450#false} is VALID [2022-02-20 17:52:02,235 INFO L290 TraceCheckUtils]: 65: Hoare triple {4450#false} assume { :end_inline_deliver } true; {4450#false} is VALID [2022-02-20 17:52:02,235 INFO L290 TraceCheckUtils]: 66: Hoare triple {4450#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {4450#false} is VALID [2022-02-20 17:52:02,235 INFO L290 TraceCheckUtils]: 67: Hoare triple {4450#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {4450#false} is VALID [2022-02-20 17:52:02,235 INFO L290 TraceCheckUtils]: 68: Hoare triple {4450#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {4450#false} is VALID [2022-02-20 17:52:02,235 INFO L290 TraceCheckUtils]: 69: Hoare triple {4450#false} assume 0 != incoming_~fwreceiver~0#1; {4450#false} is VALID [2022-02-20 17:52:02,235 INFO L272 TraceCheckUtils]: 70: Hoare triple {4450#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {4493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:02,236 INFO L290 TraceCheckUtils]: 71: Hoare triple {4493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4449#true} is VALID [2022-02-20 17:52:02,236 INFO L290 TraceCheckUtils]: 72: Hoare triple {4449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4449#true} is VALID [2022-02-20 17:52:02,236 INFO L290 TraceCheckUtils]: 73: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,236 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {4449#true} {4450#false} #396#return; {4450#false} is VALID [2022-02-20 17:52:02,236 INFO L290 TraceCheckUtils]: 75: Hoare triple {4450#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {4450#false} is VALID [2022-02-20 17:52:02,236 INFO L272 TraceCheckUtils]: 76: Hoare triple {4450#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {4449#true} is VALID [2022-02-20 17:52:02,236 INFO L290 TraceCheckUtils]: 77: Hoare triple {4449#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {4449#true} is VALID [2022-02-20 17:52:02,237 INFO L290 TraceCheckUtils]: 78: Hoare triple {4449#true} assume true; {4449#true} is VALID [2022-02-20 17:52:02,237 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {4449#true} {4450#false} #398#return; {4450#false} is VALID [2022-02-20 17:52:02,237 INFO L290 TraceCheckUtils]: 80: Hoare triple {4450#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {4450#false} is VALID [2022-02-20 17:52:02,237 INFO L290 TraceCheckUtils]: 81: Hoare triple {4450#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {4450#false} is VALID [2022-02-20 17:52:02,237 INFO L290 TraceCheckUtils]: 82: Hoare triple {4450#false} assume !false; {4450#false} is VALID [2022-02-20 17:52:02,237 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 16 trivial. 0 not checked. [2022-02-20 17:52:02,238 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:02,238 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [189993488] [2022-02-20 17:52:02,238 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [189993488] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:02,238 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:02,238 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:52:02,238 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1524975218] [2022-02-20 17:52:02,238 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:02,239 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 7.714285714285714) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) Word has length 83 [2022-02-20 17:52:02,240 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:02,240 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 7.714285714285714) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:02,296 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:02,296 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:52:02,296 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:02,296 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:52:02,296 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:52:02,297 INFO L87 Difference]: Start difference. First operand 128 states and 180 transitions. Second operand has 8 states, 7 states have (on average 7.714285714285714) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:04,681 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:04,682 INFO L93 Difference]: Finished difference Result 344 states and 491 transitions. [2022-02-20 17:52:04,682 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 17:52:04,682 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 7.714285714285714) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) Word has length 83 [2022-02-20 17:52:04,683 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:04,683 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 7.714285714285714) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:04,689 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 485 transitions. [2022-02-20 17:52:04,690 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 7.714285714285714) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:04,696 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 485 transitions. [2022-02-20 17:52:04,697 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 485 transitions. [2022-02-20 17:52:05,107 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 485 edges. 485 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:05,113 INFO L225 Difference]: With dead ends: 344 [2022-02-20 17:52:05,113 INFO L226 Difference]: Without dead ends: 235 [2022-02-20 17:52:05,114 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 21 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:52:05,114 INFO L933 BasicCegarLoop]: 257 mSDtfsCounter, 292 mSDsluCounter, 373 mSDsCounter, 0 mSdLazyCounter, 942 mSolverCounterSat, 107 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 299 SdHoareTripleChecker+Valid, 630 SdHoareTripleChecker+Invalid, 1049 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 107 IncrementalHoareTripleChecker+Valid, 942 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:05,114 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [299 Valid, 630 Invalid, 1049 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [107 Valid, 942 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-02-20 17:52:05,115 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 235 states. [2022-02-20 17:52:05,141 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 235 to 130. [2022-02-20 17:52:05,141 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:05,141 INFO L82 GeneralOperation]: Start isEquivalent. First operand 235 states. Second operand has 130 states, 106 states have (on average 1.4433962264150944) internal successors, (153), 109 states have internal predecessors, (153), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:05,141 INFO L74 IsIncluded]: Start isIncluded. First operand 235 states. Second operand has 130 states, 106 states have (on average 1.4433962264150944) internal successors, (153), 109 states have internal predecessors, (153), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:05,142 INFO L87 Difference]: Start difference. First operand 235 states. Second operand has 130 states, 106 states have (on average 1.4433962264150944) internal successors, (153), 109 states have internal predecessors, (153), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:05,151 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:05,151 INFO L93 Difference]: Finished difference Result 235 states and 334 transitions. [2022-02-20 17:52:05,151 INFO L276 IsEmpty]: Start isEmpty. Operand 235 states and 334 transitions. [2022-02-20 17:52:05,152 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:05,153 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:05,153 INFO L74 IsIncluded]: Start isIncluded. First operand has 130 states, 106 states have (on average 1.4433962264150944) internal successors, (153), 109 states have internal predecessors, (153), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 235 states. [2022-02-20 17:52:05,153 INFO L87 Difference]: Start difference. First operand has 130 states, 106 states have (on average 1.4433962264150944) internal successors, (153), 109 states have internal predecessors, (153), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 235 states. [2022-02-20 17:52:05,163 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:05,164 INFO L93 Difference]: Finished difference Result 235 states and 334 transitions. [2022-02-20 17:52:05,164 INFO L276 IsEmpty]: Start isEmpty. Operand 235 states and 334 transitions. [2022-02-20 17:52:05,165 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:05,165 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:05,165 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:05,165 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:05,166 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 130 states, 106 states have (on average 1.4433962264150944) internal successors, (153), 109 states have internal predecessors, (153), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:05,171 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 130 states to 130 states and 183 transitions. [2022-02-20 17:52:05,171 INFO L78 Accepts]: Start accepts. Automaton has 130 states and 183 transitions. Word has length 83 [2022-02-20 17:52:05,171 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:05,171 INFO L470 AbstractCegarLoop]: Abstraction has 130 states and 183 transitions. [2022-02-20 17:52:05,172 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 7.714285714285714) internal successors, (54), 5 states have internal predecessors, (54), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (9), 2 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 17:52:05,172 INFO L276 IsEmpty]: Start isEmpty. Operand 130 states and 183 transitions. [2022-02-20 17:52:05,172 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 85 [2022-02-20 17:52:05,173 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:05,173 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:05,173 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 17:52:05,173 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:05,174 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:05,174 INFO L85 PathProgramCache]: Analyzing trace with hash 524770110, now seen corresponding path program 1 times [2022-02-20 17:52:05,174 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:05,174 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [591628887] [2022-02-20 17:52:05,174 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:05,174 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:05,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:05,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,238 INFO L290 TraceCheckUtils]: 0: Hoare triple {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,238 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,238 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,239 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5670#true} {5670#true} #410#return; {5670#true} is VALID [2022-02-20 17:52:05,239 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:05,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,242 INFO L290 TraceCheckUtils]: 0: Hoare triple {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,242 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume !(1 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,242 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,242 INFO L290 TraceCheckUtils]: 3: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,242 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5670#true} {5670#true} #412#return; {5670#true} is VALID [2022-02-20 17:52:05,242 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:05,243 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,253 INFO L290 TraceCheckUtils]: 0: Hoare triple {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,253 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume !(1 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,253 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume !(2 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,253 INFO L290 TraceCheckUtils]: 3: Hoare triple {5670#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,254 INFO L290 TraceCheckUtils]: 4: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,254 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {5670#true} {5670#true} #414#return; {5670#true} is VALID [2022-02-20 17:52:05,259 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:52:05,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {5713#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,263 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,263 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,263 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5670#true} {5671#false} #404#return; {5671#false} is VALID [2022-02-20 17:52:05,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-02-20 17:52:05,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,272 INFO L290 TraceCheckUtils]: 0: Hoare triple {5714#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,272 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5670#true} {5671#false} #406#return; {5671#false} is VALID [2022-02-20 17:52:05,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:52:05,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {5713#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,280 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,280 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,280 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5670#true} {5671#false} #392#return; {5671#false} is VALID [2022-02-20 17:52:05,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:52:05,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {5670#true} ~handle := #in~handle;havoc ~retValue_acc~4; {5670#true} is VALID [2022-02-20 17:52:05,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {5670#true} is VALID [2022-02-20 17:52:05,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5670#true} {5671#false} #394#return; {5671#false} is VALID [2022-02-20 17:52:05,284 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:52:05,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,287 INFO L290 TraceCheckUtils]: 0: Hoare triple {5714#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,287 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,287 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5670#true} {5671#false} #396#return; {5671#false} is VALID [2022-02-20 17:52:05,287 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:52:05,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {5670#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {5670#true} is VALID [2022-02-20 17:52:05,292 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,292 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5670#true} {5671#false} #398#return; {5671#false} is VALID [2022-02-20 17:52:05,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {5670#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {5670#true} is VALID [2022-02-20 17:52:05,292 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5670#true} is VALID [2022-02-20 17:52:05,292 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5670#true} is VALID [2022-02-20 17:52:05,293 INFO L290 TraceCheckUtils]: 3: Hoare triple {5670#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {5670#true} is VALID [2022-02-20 17:52:05,293 INFO L290 TraceCheckUtils]: 4: Hoare triple {5670#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {5670#true} is VALID [2022-02-20 17:52:05,293 INFO L290 TraceCheckUtils]: 5: Hoare triple {5670#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {5670#true} is VALID [2022-02-20 17:52:05,294 INFO L272 TraceCheckUtils]: 6: Hoare triple {5670#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:05,294 INFO L290 TraceCheckUtils]: 7: Hoare triple {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,294 INFO L290 TraceCheckUtils]: 8: Hoare triple {5670#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,294 INFO L290 TraceCheckUtils]: 9: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,294 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5670#true} {5670#true} #410#return; {5670#true} is VALID [2022-02-20 17:52:05,294 INFO L290 TraceCheckUtils]: 11: Hoare triple {5670#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {5670#true} is VALID [2022-02-20 17:52:05,295 INFO L272 TraceCheckUtils]: 12: Hoare triple {5670#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:05,295 INFO L290 TraceCheckUtils]: 13: Hoare triple {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,295 INFO L290 TraceCheckUtils]: 14: Hoare triple {5670#true} assume !(1 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,295 INFO L290 TraceCheckUtils]: 15: Hoare triple {5670#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,295 INFO L290 TraceCheckUtils]: 16: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,296 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {5670#true} {5670#true} #412#return; {5670#true} is VALID [2022-02-20 17:52:05,296 INFO L290 TraceCheckUtils]: 18: Hoare triple {5670#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {5670#true} is VALID [2022-02-20 17:52:05,296 INFO L272 TraceCheckUtils]: 19: Hoare triple {5670#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:05,296 INFO L290 TraceCheckUtils]: 20: Hoare triple {5712#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,297 INFO L290 TraceCheckUtils]: 21: Hoare triple {5670#true} assume !(1 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,297 INFO L290 TraceCheckUtils]: 22: Hoare triple {5670#true} assume !(2 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,297 INFO L290 TraceCheckUtils]: 23: Hoare triple {5670#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,297 INFO L290 TraceCheckUtils]: 24: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,297 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {5670#true} {5670#true} #414#return; {5670#true} is VALID [2022-02-20 17:52:05,297 INFO L290 TraceCheckUtils]: 26: Hoare triple {5670#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5670#true} is VALID [2022-02-20 17:52:05,298 INFO L290 TraceCheckUtils]: 27: Hoare triple {5670#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5687#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:52:05,298 INFO L290 TraceCheckUtils]: 28: Hoare triple {5687#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {5687#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:52:05,298 INFO L290 TraceCheckUtils]: 29: Hoare triple {5687#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5687#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:52:05,299 INFO L290 TraceCheckUtils]: 30: Hoare triple {5687#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:52:05,299 INFO L290 TraceCheckUtils]: 31: Hoare triple {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:52:05,299 INFO L290 TraceCheckUtils]: 32: Hoare triple {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___9~0#1;test_~op1~0#1 := 1; {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:52:05,300 INFO L290 TraceCheckUtils]: 33: Hoare triple {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:52:05,300 INFO L290 TraceCheckUtils]: 34: Hoare triple {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {5671#false} is VALID [2022-02-20 17:52:05,300 INFO L290 TraceCheckUtils]: 35: Hoare triple {5671#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5671#false} is VALID [2022-02-20 17:52:05,300 INFO L272 TraceCheckUtils]: 36: Hoare triple {5671#false} call sendEmail(~bob~0, ~rjh~0); {5671#false} is VALID [2022-02-20 17:52:05,300 INFO L290 TraceCheckUtils]: 37: Hoare triple {5671#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5671#false} is VALID [2022-02-20 17:52:05,301 INFO L272 TraceCheckUtils]: 38: Hoare triple {5671#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5713#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:05,301 INFO L290 TraceCheckUtils]: 39: Hoare triple {5713#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,301 INFO L290 TraceCheckUtils]: 40: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,301 INFO L290 TraceCheckUtils]: 41: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,301 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {5670#true} {5671#false} #404#return; {5671#false} is VALID [2022-02-20 17:52:05,301 INFO L272 TraceCheckUtils]: 43: Hoare triple {5671#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5714#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:05,301 INFO L290 TraceCheckUtils]: 44: Hoare triple {5714#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,302 INFO L290 TraceCheckUtils]: 45: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,302 INFO L290 TraceCheckUtils]: 46: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,302 INFO L284 TraceCheckUtils]: 47: Hoare quadruple {5670#true} {5671#false} #406#return; {5671#false} is VALID [2022-02-20 17:52:05,302 INFO L290 TraceCheckUtils]: 48: Hoare triple {5671#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {5671#false} is VALID [2022-02-20 17:52:05,302 INFO L290 TraceCheckUtils]: 49: Hoare triple {5671#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {5671#false} is VALID [2022-02-20 17:52:05,302 INFO L272 TraceCheckUtils]: 50: Hoare triple {5671#false} call outgoing(~sender#1, ~email~0#1); {5671#false} is VALID [2022-02-20 17:52:05,302 INFO L290 TraceCheckUtils]: 51: Hoare triple {5671#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {5671#false} is VALID [2022-02-20 17:52:05,303 INFO L290 TraceCheckUtils]: 52: Hoare triple {5671#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {5671#false} is VALID [2022-02-20 17:52:05,303 INFO L290 TraceCheckUtils]: 53: Hoare triple {5671#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {5671#false} is VALID [2022-02-20 17:52:05,303 INFO L272 TraceCheckUtils]: 54: Hoare triple {5671#false} call setEmailFrom(~msg#1, ~tmp~10#1); {5713#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:05,303 INFO L290 TraceCheckUtils]: 55: Hoare triple {5713#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,303 INFO L290 TraceCheckUtils]: 56: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,303 INFO L290 TraceCheckUtils]: 57: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,303 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5670#true} {5671#false} #392#return; {5671#false} is VALID [2022-02-20 17:52:05,304 INFO L290 TraceCheckUtils]: 59: Hoare triple {5671#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {5671#false} is VALID [2022-02-20 17:52:05,304 INFO L272 TraceCheckUtils]: 60: Hoare triple {5671#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {5670#true} is VALID [2022-02-20 17:52:05,304 INFO L290 TraceCheckUtils]: 61: Hoare triple {5670#true} ~handle := #in~handle;havoc ~retValue_acc~4; {5670#true} is VALID [2022-02-20 17:52:05,304 INFO L290 TraceCheckUtils]: 62: Hoare triple {5670#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {5670#true} is VALID [2022-02-20 17:52:05,304 INFO L290 TraceCheckUtils]: 63: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,304 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {5670#true} {5671#false} #394#return; {5671#false} is VALID [2022-02-20 17:52:05,304 INFO L290 TraceCheckUtils]: 65: Hoare triple {5671#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {5671#false} is VALID [2022-02-20 17:52:05,304 INFO L290 TraceCheckUtils]: 66: Hoare triple {5671#false} assume { :end_inline_deliver } true; {5671#false} is VALID [2022-02-20 17:52:05,305 INFO L290 TraceCheckUtils]: 67: Hoare triple {5671#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {5671#false} is VALID [2022-02-20 17:52:05,305 INFO L290 TraceCheckUtils]: 68: Hoare triple {5671#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {5671#false} is VALID [2022-02-20 17:52:05,305 INFO L290 TraceCheckUtils]: 69: Hoare triple {5671#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {5671#false} is VALID [2022-02-20 17:52:05,305 INFO L290 TraceCheckUtils]: 70: Hoare triple {5671#false} assume 0 != incoming_~fwreceiver~0#1; {5671#false} is VALID [2022-02-20 17:52:05,305 INFO L272 TraceCheckUtils]: 71: Hoare triple {5671#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {5714#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:05,305 INFO L290 TraceCheckUtils]: 72: Hoare triple {5714#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,305 INFO L290 TraceCheckUtils]: 73: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,306 INFO L290 TraceCheckUtils]: 74: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,306 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5670#true} {5671#false} #396#return; {5671#false} is VALID [2022-02-20 17:52:05,306 INFO L290 TraceCheckUtils]: 76: Hoare triple {5671#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {5671#false} is VALID [2022-02-20 17:52:05,306 INFO L272 TraceCheckUtils]: 77: Hoare triple {5671#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {5670#true} is VALID [2022-02-20 17:52:05,307 INFO L290 TraceCheckUtils]: 78: Hoare triple {5670#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {5670#true} is VALID [2022-02-20 17:52:05,307 INFO L290 TraceCheckUtils]: 79: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,307 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5670#true} {5671#false} #398#return; {5671#false} is VALID [2022-02-20 17:52:05,307 INFO L290 TraceCheckUtils]: 81: Hoare triple {5671#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {5671#false} is VALID [2022-02-20 17:52:05,307 INFO L290 TraceCheckUtils]: 82: Hoare triple {5671#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {5671#false} is VALID [2022-02-20 17:52:05,307 INFO L290 TraceCheckUtils]: 83: Hoare triple {5671#false} assume !false; {5671#false} is VALID [2022-02-20 17:52:05,308 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:05,308 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:05,308 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [591628887] [2022-02-20 17:52:05,308 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [591628887] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:52:05,308 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1791095526] [2022-02-20 17:52:05,309 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:05,309 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:52:05,309 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:52:05,312 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:52:05,321 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:52:05,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,480 INFO L263 TraceCheckSpWp]: Trace formula consists of 824 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:52:05,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:05,532 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:52:05,708 INFO L290 TraceCheckUtils]: 0: Hoare triple {5670#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {5670#true} is VALID [2022-02-20 17:52:05,708 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 3: Hoare triple {5670#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 4: Hoare triple {5670#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 5: Hoare triple {5670#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L272 TraceCheckUtils]: 6: Hoare triple {5670#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 7: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 8: Hoare triple {5670#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 9: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5670#true} {5670#true} #410#return; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 11: Hoare triple {5670#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L272 TraceCheckUtils]: 12: Hoare triple {5670#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 13: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 14: Hoare triple {5670#true} assume !(1 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 15: Hoare triple {5670#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,709 INFO L290 TraceCheckUtils]: 16: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {5670#true} {5670#true} #412#return; {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L290 TraceCheckUtils]: 18: Hoare triple {5670#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L272 TraceCheckUtils]: 19: Hoare triple {5670#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L290 TraceCheckUtils]: 20: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L290 TraceCheckUtils]: 21: Hoare triple {5670#true} assume !(1 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L290 TraceCheckUtils]: 22: Hoare triple {5670#true} assume !(2 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L290 TraceCheckUtils]: 23: Hoare triple {5670#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L290 TraceCheckUtils]: 24: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {5670#true} {5670#true} #414#return; {5670#true} is VALID [2022-02-20 17:52:05,710 INFO L290 TraceCheckUtils]: 26: Hoare triple {5670#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5670#true} is VALID [2022-02-20 17:52:05,711 INFO L290 TraceCheckUtils]: 27: Hoare triple {5670#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5799#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:52:05,711 INFO L290 TraceCheckUtils]: 28: Hoare triple {5799#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {5799#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:52:05,712 INFO L290 TraceCheckUtils]: 29: Hoare triple {5799#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5799#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:52:05,712 INFO L290 TraceCheckUtils]: 30: Hoare triple {5799#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:52:05,712 INFO L290 TraceCheckUtils]: 31: Hoare triple {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:52:05,713 INFO L290 TraceCheckUtils]: 32: Hoare triple {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___9~0#1;test_~op1~0#1 := 1; {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:52:05,713 INFO L290 TraceCheckUtils]: 33: Hoare triple {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:52:05,713 INFO L290 TraceCheckUtils]: 34: Hoare triple {5688#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {5671#false} is VALID [2022-02-20 17:52:05,713 INFO L290 TraceCheckUtils]: 35: Hoare triple {5671#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5671#false} is VALID [2022-02-20 17:52:05,713 INFO L272 TraceCheckUtils]: 36: Hoare triple {5671#false} call sendEmail(~bob~0, ~rjh~0); {5671#false} is VALID [2022-02-20 17:52:05,713 INFO L290 TraceCheckUtils]: 37: Hoare triple {5671#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L272 TraceCheckUtils]: 38: Hoare triple {5671#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 39: Hoare triple {5671#false} ~handle := #in~handle;~value := #in~value; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 40: Hoare triple {5671#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 41: Hoare triple {5671#false} assume true; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {5671#false} {5671#false} #404#return; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L272 TraceCheckUtils]: 43: Hoare triple {5671#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 44: Hoare triple {5671#false} ~handle := #in~handle;~value := #in~value; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 45: Hoare triple {5671#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 46: Hoare triple {5671#false} assume true; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L284 TraceCheckUtils]: 47: Hoare quadruple {5671#false} {5671#false} #406#return; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 48: Hoare triple {5671#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 49: Hoare triple {5671#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L272 TraceCheckUtils]: 50: Hoare triple {5671#false} call outgoing(~sender#1, ~email~0#1); {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 51: Hoare triple {5671#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 52: Hoare triple {5671#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {5671#false} is VALID [2022-02-20 17:52:05,714 INFO L290 TraceCheckUtils]: 53: Hoare triple {5671#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L272 TraceCheckUtils]: 54: Hoare triple {5671#false} call setEmailFrom(~msg#1, ~tmp~10#1); {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L290 TraceCheckUtils]: 55: Hoare triple {5671#false} ~handle := #in~handle;~value := #in~value; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L290 TraceCheckUtils]: 56: Hoare triple {5671#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L290 TraceCheckUtils]: 57: Hoare triple {5671#false} assume true; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5671#false} {5671#false} #392#return; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L290 TraceCheckUtils]: 59: Hoare triple {5671#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L272 TraceCheckUtils]: 60: Hoare triple {5671#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L290 TraceCheckUtils]: 61: Hoare triple {5671#false} ~handle := #in~handle;havoc ~retValue_acc~4; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L290 TraceCheckUtils]: 62: Hoare triple {5671#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L290 TraceCheckUtils]: 63: Hoare triple {5671#false} assume true; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {5671#false} {5671#false} #394#return; {5671#false} is VALID [2022-02-20 17:52:05,715 INFO L290 TraceCheckUtils]: 65: Hoare triple {5671#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {5671#false} is VALID [2022-02-20 17:52:05,716 INFO L290 TraceCheckUtils]: 66: Hoare triple {5671#false} assume { :end_inline_deliver } true; {5671#false} is VALID [2022-02-20 17:52:05,719 INFO L290 TraceCheckUtils]: 67: Hoare triple {5671#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {5671#false} is VALID [2022-02-20 17:52:05,719 INFO L290 TraceCheckUtils]: 68: Hoare triple {5671#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {5671#false} is VALID [2022-02-20 17:52:05,719 INFO L290 TraceCheckUtils]: 69: Hoare triple {5671#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {5671#false} is VALID [2022-02-20 17:52:05,720 INFO L290 TraceCheckUtils]: 70: Hoare triple {5671#false} assume 0 != incoming_~fwreceiver~0#1; {5671#false} is VALID [2022-02-20 17:52:05,720 INFO L272 TraceCheckUtils]: 71: Hoare triple {5671#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {5671#false} is VALID [2022-02-20 17:52:05,720 INFO L290 TraceCheckUtils]: 72: Hoare triple {5671#false} ~handle := #in~handle;~value := #in~value; {5671#false} is VALID [2022-02-20 17:52:05,720 INFO L290 TraceCheckUtils]: 73: Hoare triple {5671#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5671#false} is VALID [2022-02-20 17:52:05,720 INFO L290 TraceCheckUtils]: 74: Hoare triple {5671#false} assume true; {5671#false} is VALID [2022-02-20 17:52:05,720 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5671#false} {5671#false} #396#return; {5671#false} is VALID [2022-02-20 17:52:05,720 INFO L290 TraceCheckUtils]: 76: Hoare triple {5671#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {5671#false} is VALID [2022-02-20 17:52:05,721 INFO L272 TraceCheckUtils]: 77: Hoare triple {5671#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {5671#false} is VALID [2022-02-20 17:52:05,721 INFO L290 TraceCheckUtils]: 78: Hoare triple {5671#false} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {5671#false} is VALID [2022-02-20 17:52:05,721 INFO L290 TraceCheckUtils]: 79: Hoare triple {5671#false} assume true; {5671#false} is VALID [2022-02-20 17:52:05,721 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5671#false} {5671#false} #398#return; {5671#false} is VALID [2022-02-20 17:52:05,721 INFO L290 TraceCheckUtils]: 81: Hoare triple {5671#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {5671#false} is VALID [2022-02-20 17:52:05,721 INFO L290 TraceCheckUtils]: 82: Hoare triple {5671#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {5671#false} is VALID [2022-02-20 17:52:05,721 INFO L290 TraceCheckUtils]: 83: Hoare triple {5671#false} assume !false; {5671#false} is VALID [2022-02-20 17:52:05,722 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:05,722 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:52:05,986 INFO L290 TraceCheckUtils]: 83: Hoare triple {5671#false} assume !false; {5671#false} is VALID [2022-02-20 17:52:05,986 INFO L290 TraceCheckUtils]: 82: Hoare triple {5671#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {5671#false} is VALID [2022-02-20 17:52:05,987 INFO L290 TraceCheckUtils]: 81: Hoare triple {5671#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {5671#false} is VALID [2022-02-20 17:52:05,987 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5670#true} {5671#false} #398#return; {5671#false} is VALID [2022-02-20 17:52:05,987 INFO L290 TraceCheckUtils]: 79: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,987 INFO L290 TraceCheckUtils]: 78: Hoare triple {5670#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {5670#true} is VALID [2022-02-20 17:52:05,987 INFO L272 TraceCheckUtils]: 77: Hoare triple {5671#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {5670#true} is VALID [2022-02-20 17:52:05,987 INFO L290 TraceCheckUtils]: 76: Hoare triple {5671#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {5671#false} is VALID [2022-02-20 17:52:05,987 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5670#true} {5671#false} #396#return; {5671#false} is VALID [2022-02-20 17:52:05,987 INFO L290 TraceCheckUtils]: 74: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,987 INFO L290 TraceCheckUtils]: 73: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,987 INFO L290 TraceCheckUtils]: 72: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,987 INFO L272 TraceCheckUtils]: 71: Hoare triple {5671#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {5670#true} is VALID [2022-02-20 17:52:05,987 INFO L290 TraceCheckUtils]: 70: Hoare triple {5671#false} assume 0 != incoming_~fwreceiver~0#1; {5671#false} is VALID [2022-02-20 17:52:05,988 INFO L290 TraceCheckUtils]: 69: Hoare triple {5671#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {5671#false} is VALID [2022-02-20 17:52:05,988 INFO L290 TraceCheckUtils]: 68: Hoare triple {5671#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {5671#false} is VALID [2022-02-20 17:52:05,990 INFO L290 TraceCheckUtils]: 67: Hoare triple {5671#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {5671#false} is VALID [2022-02-20 17:52:05,990 INFO L290 TraceCheckUtils]: 66: Hoare triple {5671#false} assume { :end_inline_deliver } true; {5671#false} is VALID [2022-02-20 17:52:05,990 INFO L290 TraceCheckUtils]: 65: Hoare triple {5671#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {5671#false} is VALID [2022-02-20 17:52:05,990 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {5670#true} {5671#false} #394#return; {5671#false} is VALID [2022-02-20 17:52:05,990 INFO L290 TraceCheckUtils]: 63: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,990 INFO L290 TraceCheckUtils]: 62: Hoare triple {5670#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {5670#true} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 61: Hoare triple {5670#true} ~handle := #in~handle;havoc ~retValue_acc~4; {5670#true} is VALID [2022-02-20 17:52:05,991 INFO L272 TraceCheckUtils]: 60: Hoare triple {5671#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {5670#true} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 59: Hoare triple {5671#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {5671#false} is VALID [2022-02-20 17:52:05,991 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5670#true} {5671#false} #392#return; {5671#false} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 57: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 56: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 55: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,991 INFO L272 TraceCheckUtils]: 54: Hoare triple {5671#false} call setEmailFrom(~msg#1, ~tmp~10#1); {5670#true} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 53: Hoare triple {5671#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {5671#false} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 52: Hoare triple {5671#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {5671#false} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 51: Hoare triple {5671#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {5671#false} is VALID [2022-02-20 17:52:05,991 INFO L272 TraceCheckUtils]: 50: Hoare triple {5671#false} call outgoing(~sender#1, ~email~0#1); {5671#false} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 49: Hoare triple {5671#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {5671#false} is VALID [2022-02-20 17:52:05,991 INFO L290 TraceCheckUtils]: 48: Hoare triple {5671#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {5671#false} is VALID [2022-02-20 17:52:05,991 INFO L284 TraceCheckUtils]: 47: Hoare quadruple {5670#true} {5671#false} #406#return; {5671#false} is VALID [2022-02-20 17:52:05,992 INFO L290 TraceCheckUtils]: 46: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,992 INFO L290 TraceCheckUtils]: 45: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,992 INFO L290 TraceCheckUtils]: 44: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,992 INFO L272 TraceCheckUtils]: 43: Hoare triple {5671#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5670#true} is VALID [2022-02-20 17:52:05,992 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {5670#true} {5671#false} #404#return; {5671#false} is VALID [2022-02-20 17:52:05,992 INFO L290 TraceCheckUtils]: 41: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,992 INFO L290 TraceCheckUtils]: 40: Hoare triple {5670#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,992 INFO L290 TraceCheckUtils]: 39: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,992 INFO L272 TraceCheckUtils]: 38: Hoare triple {5671#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5670#true} is VALID [2022-02-20 17:52:05,992 INFO L290 TraceCheckUtils]: 37: Hoare triple {5671#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5671#false} is VALID [2022-02-20 17:52:05,992 INFO L272 TraceCheckUtils]: 36: Hoare triple {5671#false} call sendEmail(~bob~0, ~rjh~0); {5671#false} is VALID [2022-02-20 17:52:05,992 INFO L290 TraceCheckUtils]: 35: Hoare triple {5671#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5671#false} is VALID [2022-02-20 17:52:05,993 INFO L290 TraceCheckUtils]: 34: Hoare triple {6115#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {5671#false} is VALID [2022-02-20 17:52:05,993 INFO L290 TraceCheckUtils]: 33: Hoare triple {6115#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {6115#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:52:05,993 INFO L290 TraceCheckUtils]: 32: Hoare triple {6115#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___9~0#1;test_~op1~0#1 := 1; {6115#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:52:05,993 INFO L290 TraceCheckUtils]: 31: Hoare triple {6115#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {6115#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:52:05,994 INFO L290 TraceCheckUtils]: 30: Hoare triple {6128#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6115#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:52:05,994 INFO L290 TraceCheckUtils]: 29: Hoare triple {6128#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {6128#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:52:05,994 INFO L290 TraceCheckUtils]: 28: Hoare triple {6128#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {6128#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:52:05,995 INFO L290 TraceCheckUtils]: 27: Hoare triple {5670#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6128#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:52:05,995 INFO L290 TraceCheckUtils]: 26: Hoare triple {5670#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5670#true} is VALID [2022-02-20 17:52:05,995 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {5670#true} {5670#true} #414#return; {5670#true} is VALID [2022-02-20 17:52:05,995 INFO L290 TraceCheckUtils]: 24: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,995 INFO L290 TraceCheckUtils]: 23: Hoare triple {5670#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,996 INFO L290 TraceCheckUtils]: 22: Hoare triple {5670#true} assume !(2 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,996 INFO L290 TraceCheckUtils]: 21: Hoare triple {5670#true} assume !(1 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,996 INFO L290 TraceCheckUtils]: 20: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,996 INFO L272 TraceCheckUtils]: 19: Hoare triple {5670#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {5670#true} is VALID [2022-02-20 17:52:05,996 INFO L290 TraceCheckUtils]: 18: Hoare triple {5670#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {5670#true} is VALID [2022-02-20 17:52:05,996 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {5670#true} {5670#true} #412#return; {5670#true} is VALID [2022-02-20 17:52:05,996 INFO L290 TraceCheckUtils]: 16: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,997 INFO L290 TraceCheckUtils]: 15: Hoare triple {5670#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,997 INFO L290 TraceCheckUtils]: 14: Hoare triple {5670#true} assume !(1 == ~handle); {5670#true} is VALID [2022-02-20 17:52:05,997 INFO L290 TraceCheckUtils]: 13: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,997 INFO L272 TraceCheckUtils]: 12: Hoare triple {5670#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {5670#true} is VALID [2022-02-20 17:52:05,997 INFO L290 TraceCheckUtils]: 11: Hoare triple {5670#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {5670#true} is VALID [2022-02-20 17:52:05,997 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5670#true} {5670#true} #410#return; {5670#true} is VALID [2022-02-20 17:52:05,997 INFO L290 TraceCheckUtils]: 9: Hoare triple {5670#true} assume true; {5670#true} is VALID [2022-02-20 17:52:05,998 INFO L290 TraceCheckUtils]: 8: Hoare triple {5670#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5670#true} is VALID [2022-02-20 17:52:05,998 INFO L290 TraceCheckUtils]: 7: Hoare triple {5670#true} ~handle := #in~handle;~value := #in~value; {5670#true} is VALID [2022-02-20 17:52:05,998 INFO L272 TraceCheckUtils]: 6: Hoare triple {5670#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {5670#true} is VALID [2022-02-20 17:52:05,998 INFO L290 TraceCheckUtils]: 5: Hoare triple {5670#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {5670#true} is VALID [2022-02-20 17:52:05,998 INFO L290 TraceCheckUtils]: 4: Hoare triple {5670#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {5670#true} is VALID [2022-02-20 17:52:05,998 INFO L290 TraceCheckUtils]: 3: Hoare triple {5670#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {5670#true} is VALID [2022-02-20 17:52:05,998 INFO L290 TraceCheckUtils]: 2: Hoare triple {5670#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5670#true} is VALID [2022-02-20 17:52:05,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {5670#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5670#true} is VALID [2022-02-20 17:52:05,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {5670#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {5670#true} is VALID [2022-02-20 17:52:05,999 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:05,999 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1791095526] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:52:05,999 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:52:06,000 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 4, 4] total 10 [2022-02-20 17:52:06,000 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [616947008] [2022-02-20 17:52:06,000 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:52:06,001 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 7.9) internal successors, (79), 7 states have internal predecessors, (79), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) Word has length 84 [2022-02-20 17:52:06,090 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:06,091 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 7.9) internal successors, (79), 7 states have internal predecessors, (79), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:52:06,164 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 118 edges. 118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:06,164 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 17:52:06,164 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:06,165 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 17:52:06,165 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=63, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:52:06,165 INFO L87 Difference]: Start difference. First operand 130 states and 183 transitions. Second operand has 10 states, 10 states have (on average 7.9) internal successors, (79), 7 states have internal predecessors, (79), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:52:09,177 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:09,177 INFO L93 Difference]: Finished difference Result 424 states and 634 transitions. [2022-02-20 17:52:09,177 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:52:09,178 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 7.9) internal successors, (79), 7 states have internal predecessors, (79), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) Word has length 84 [2022-02-20 17:52:09,178 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:09,178 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 7.9) internal successors, (79), 7 states have internal predecessors, (79), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:52:09,192 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 629 transitions. [2022-02-20 17:52:09,192 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 7.9) internal successors, (79), 7 states have internal predecessors, (79), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:52:09,201 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 629 transitions. [2022-02-20 17:52:09,202 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 629 transitions. [2022-02-20 17:52:09,713 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 629 edges. 629 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:09,722 INFO L225 Difference]: With dead ends: 424 [2022-02-20 17:52:09,722 INFO L226 Difference]: Without dead ends: 349 [2022-02-20 17:52:09,723 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 195 GetRequests, 183 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=47, Invalid=135, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:52:09,724 INFO L933 BasicCegarLoop]: 277 mSDtfsCounter, 406 mSDsluCounter, 510 mSDsCounter, 0 mSdLazyCounter, 1234 mSolverCounterSat, 111 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 416 SdHoareTripleChecker+Valid, 787 SdHoareTripleChecker+Invalid, 1345 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 111 IncrementalHoareTripleChecker+Valid, 1234 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:09,724 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [416 Valid, 787 Invalid, 1345 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [111 Valid, 1234 Invalid, 0 Unknown, 0 Unchecked, 1.3s Time] [2022-02-20 17:52:09,725 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 349 states. [2022-02-20 17:52:09,801 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 349 to 220. [2022-02-20 17:52:09,802 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:09,802 INFO L82 GeneralOperation]: Start isEquivalent. First operand 349 states. Second operand has 220 states, 196 states have (on average 1.6224489795918366) internal successors, (318), 199 states have internal predecessors, (318), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:09,803 INFO L74 IsIncluded]: Start isIncluded. First operand 349 states. Second operand has 220 states, 196 states have (on average 1.6224489795918366) internal successors, (318), 199 states have internal predecessors, (318), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:09,803 INFO L87 Difference]: Start difference. First operand 349 states. Second operand has 220 states, 196 states have (on average 1.6224489795918366) internal successors, (318), 199 states have internal predecessors, (318), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:09,815 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:09,815 INFO L93 Difference]: Finished difference Result 349 states and 535 transitions. [2022-02-20 17:52:09,815 INFO L276 IsEmpty]: Start isEmpty. Operand 349 states and 535 transitions. [2022-02-20 17:52:09,817 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:09,817 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:09,818 INFO L74 IsIncluded]: Start isIncluded. First operand has 220 states, 196 states have (on average 1.6224489795918366) internal successors, (318), 199 states have internal predecessors, (318), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 349 states. [2022-02-20 17:52:09,819 INFO L87 Difference]: Start difference. First operand has 220 states, 196 states have (on average 1.6224489795918366) internal successors, (318), 199 states have internal predecessors, (318), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 349 states. [2022-02-20 17:52:09,830 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:09,830 INFO L93 Difference]: Finished difference Result 349 states and 535 transitions. [2022-02-20 17:52:09,830 INFO L276 IsEmpty]: Start isEmpty. Operand 349 states and 535 transitions. [2022-02-20 17:52:09,832 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:09,832 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:09,833 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:09,833 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:09,833 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 220 states, 196 states have (on average 1.6224489795918366) internal successors, (318), 199 states have internal predecessors, (318), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:09,839 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 220 states to 220 states and 348 transitions. [2022-02-20 17:52:09,839 INFO L78 Accepts]: Start accepts. Automaton has 220 states and 348 transitions. Word has length 84 [2022-02-20 17:52:09,839 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:09,839 INFO L470 AbstractCegarLoop]: Abstraction has 220 states and 348 transitions. [2022-02-20 17:52:09,839 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 7.9) internal successors, (79), 7 states have internal predecessors, (79), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (15), 2 states have call predecessors, (15), 2 states have call successors, (15) [2022-02-20 17:52:09,840 INFO L276 IsEmpty]: Start isEmpty. Operand 220 states and 348 transitions. [2022-02-20 17:52:09,840 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 92 [2022-02-20 17:52:09,841 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:09,841 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:09,867 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:52:10,055 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:52:10,055 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:10,056 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:10,056 INFO L85 PathProgramCache]: Analyzing trace with hash 1301394876, now seen corresponding path program 1 times [2022-02-20 17:52:10,056 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:10,056 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [606006998] [2022-02-20 17:52:10,056 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:10,056 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:10,086 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,115 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:10,117 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,119 INFO L290 TraceCheckUtils]: 0: Hoare triple {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,119 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,119 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,119 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7864#true} {7864#true} #410#return; {7864#true} is VALID [2022-02-20 17:52:10,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:10,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,126 INFO L290 TraceCheckUtils]: 0: Hoare triple {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,126 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume !(1 == ~handle); {7864#true} is VALID [2022-02-20 17:52:10,126 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,126 INFO L290 TraceCheckUtils]: 3: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,126 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {7864#true} {7864#true} #412#return; {7864#true} is VALID [2022-02-20 17:52:10,126 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:10,127 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,129 INFO L290 TraceCheckUtils]: 0: Hoare triple {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,129 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume !(1 == ~handle); {7864#true} is VALID [2022-02-20 17:52:10,129 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume !(2 == ~handle); {7864#true} is VALID [2022-02-20 17:52:10,130 INFO L290 TraceCheckUtils]: 3: Hoare triple {7864#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,130 INFO L290 TraceCheckUtils]: 4: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,130 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {7864#true} {7864#true} #414#return; {7864#true} is VALID [2022-02-20 17:52:10,134 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 45 [2022-02-20 17:52:10,135 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,136 INFO L290 TraceCheckUtils]: 0: Hoare triple {7906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,136 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,137 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7864#true} {7865#false} #404#return; {7865#false} is VALID [2022-02-20 17:52:10,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:52:10,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {7907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,146 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,147 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7864#true} {7865#false} #406#return; {7865#false} is VALID [2022-02-20 17:52:10,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:52:10,148 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {7906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,152 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7864#true} {7865#false} #392#return; {7865#false} is VALID [2022-02-20 17:52:10,152 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:52:10,153 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,154 INFO L290 TraceCheckUtils]: 0: Hoare triple {7864#true} ~handle := #in~handle;havoc ~retValue_acc~4; {7864#true} is VALID [2022-02-20 17:52:10,154 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {7864#true} is VALID [2022-02-20 17:52:10,155 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,155 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7864#true} {7865#false} #394#return; {7865#false} is VALID [2022-02-20 17:52:10,155 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:52:10,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,157 INFO L290 TraceCheckUtils]: 0: Hoare triple {7907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,158 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7864#true} {7865#false} #396#return; {7865#false} is VALID [2022-02-20 17:52:10,158 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:52:10,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:10,162 INFO L290 TraceCheckUtils]: 0: Hoare triple {7864#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {7864#true} is VALID [2022-02-20 17:52:10,162 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,162 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7864#true} {7865#false} #398#return; {7865#false} is VALID [2022-02-20 17:52:10,162 INFO L290 TraceCheckUtils]: 0: Hoare triple {7864#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {7864#true} is VALID [2022-02-20 17:52:10,163 INFO L290 TraceCheckUtils]: 1: Hoare triple {7864#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {7864#true} is VALID [2022-02-20 17:52:10,163 INFO L290 TraceCheckUtils]: 2: Hoare triple {7864#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7864#true} is VALID [2022-02-20 17:52:10,163 INFO L290 TraceCheckUtils]: 3: Hoare triple {7864#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {7864#true} is VALID [2022-02-20 17:52:10,163 INFO L290 TraceCheckUtils]: 4: Hoare triple {7864#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {7864#true} is VALID [2022-02-20 17:52:10,163 INFO L290 TraceCheckUtils]: 5: Hoare triple {7864#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {7864#true} is VALID [2022-02-20 17:52:10,164 INFO L272 TraceCheckUtils]: 6: Hoare triple {7864#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:10,164 INFO L290 TraceCheckUtils]: 7: Hoare triple {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,164 INFO L290 TraceCheckUtils]: 8: Hoare triple {7864#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,164 INFO L290 TraceCheckUtils]: 9: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,164 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7864#true} {7864#true} #410#return; {7864#true} is VALID [2022-02-20 17:52:10,164 INFO L290 TraceCheckUtils]: 11: Hoare triple {7864#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {7864#true} is VALID [2022-02-20 17:52:10,165 INFO L272 TraceCheckUtils]: 12: Hoare triple {7864#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:10,165 INFO L290 TraceCheckUtils]: 13: Hoare triple {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,165 INFO L290 TraceCheckUtils]: 14: Hoare triple {7864#true} assume !(1 == ~handle); {7864#true} is VALID [2022-02-20 17:52:10,166 INFO L290 TraceCheckUtils]: 15: Hoare triple {7864#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,166 INFO L290 TraceCheckUtils]: 16: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,166 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {7864#true} {7864#true} #412#return; {7864#true} is VALID [2022-02-20 17:52:10,166 INFO L290 TraceCheckUtils]: 18: Hoare triple {7864#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {7864#true} is VALID [2022-02-20 17:52:10,167 INFO L272 TraceCheckUtils]: 19: Hoare triple {7864#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:10,167 INFO L290 TraceCheckUtils]: 20: Hoare triple {7905#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,167 INFO L290 TraceCheckUtils]: 21: Hoare triple {7864#true} assume !(1 == ~handle); {7864#true} is VALID [2022-02-20 17:52:10,167 INFO L290 TraceCheckUtils]: 22: Hoare triple {7864#true} assume !(2 == ~handle); {7864#true} is VALID [2022-02-20 17:52:10,167 INFO L290 TraceCheckUtils]: 23: Hoare triple {7864#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,167 INFO L290 TraceCheckUtils]: 24: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,167 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {7864#true} {7864#true} #414#return; {7864#true} is VALID [2022-02-20 17:52:10,168 INFO L290 TraceCheckUtils]: 26: Hoare triple {7864#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {7864#true} is VALID [2022-02-20 17:52:10,168 INFO L290 TraceCheckUtils]: 27: Hoare triple {7864#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7881#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:52:10,168 INFO L290 TraceCheckUtils]: 28: Hoare triple {7881#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {7881#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:52:10,168 INFO L290 TraceCheckUtils]: 29: Hoare triple {7881#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {7881#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:52:10,169 INFO L290 TraceCheckUtils]: 30: Hoare triple {7881#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7881#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:52:10,169 INFO L290 TraceCheckUtils]: 31: Hoare triple {7881#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {7865#false} is VALID [2022-02-20 17:52:10,170 INFO L290 TraceCheckUtils]: 32: Hoare triple {7865#false} assume !(0 == test_~op2~0#1); {7865#false} is VALID [2022-02-20 17:52:10,170 INFO L290 TraceCheckUtils]: 33: Hoare triple {7865#false} assume !(0 == test_~op3~0#1); {7865#false} is VALID [2022-02-20 17:52:10,170 INFO L290 TraceCheckUtils]: 34: Hoare triple {7865#false} assume !(0 == test_~op4~0#1); {7865#false} is VALID [2022-02-20 17:52:10,170 INFO L290 TraceCheckUtils]: 35: Hoare triple {7865#false} assume !(0 == test_~op5~0#1); {7865#false} is VALID [2022-02-20 17:52:10,170 INFO L290 TraceCheckUtils]: 36: Hoare triple {7865#false} assume !(0 == test_~op6~0#1); {7865#false} is VALID [2022-02-20 17:52:10,170 INFO L290 TraceCheckUtils]: 37: Hoare triple {7865#false} assume !(0 == test_~op7~0#1); {7865#false} is VALID [2022-02-20 17:52:10,170 INFO L290 TraceCheckUtils]: 38: Hoare triple {7865#false} assume !(0 == test_~op8~0#1); {7865#false} is VALID [2022-02-20 17:52:10,171 INFO L290 TraceCheckUtils]: 39: Hoare triple {7865#false} assume !(0 == test_~op9~0#1); {7865#false} is VALID [2022-02-20 17:52:10,171 INFO L290 TraceCheckUtils]: 40: Hoare triple {7865#false} assume !(0 == test_~op10~0#1); {7865#false} is VALID [2022-02-20 17:52:10,171 INFO L290 TraceCheckUtils]: 41: Hoare triple {7865#false} assume !(0 == test_~op11~0#1); {7865#false} is VALID [2022-02-20 17:52:10,171 INFO L290 TraceCheckUtils]: 42: Hoare triple {7865#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {7865#false} is VALID [2022-02-20 17:52:10,171 INFO L272 TraceCheckUtils]: 43: Hoare triple {7865#false} call sendEmail(~bob~0, ~rjh~0); {7865#false} is VALID [2022-02-20 17:52:10,171 INFO L290 TraceCheckUtils]: 44: Hoare triple {7865#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7865#false} is VALID [2022-02-20 17:52:10,171 INFO L272 TraceCheckUtils]: 45: Hoare triple {7865#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:10,172 INFO L290 TraceCheckUtils]: 46: Hoare triple {7906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,172 INFO L290 TraceCheckUtils]: 47: Hoare triple {7864#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,172 INFO L290 TraceCheckUtils]: 48: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,172 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {7864#true} {7865#false} #404#return; {7865#false} is VALID [2022-02-20 17:52:10,172 INFO L272 TraceCheckUtils]: 50: Hoare triple {7865#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:10,172 INFO L290 TraceCheckUtils]: 51: Hoare triple {7907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,172 INFO L290 TraceCheckUtils]: 52: Hoare triple {7864#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,173 INFO L290 TraceCheckUtils]: 53: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,173 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {7864#true} {7865#false} #406#return; {7865#false} is VALID [2022-02-20 17:52:10,173 INFO L290 TraceCheckUtils]: 55: Hoare triple {7865#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {7865#false} is VALID [2022-02-20 17:52:10,173 INFO L290 TraceCheckUtils]: 56: Hoare triple {7865#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {7865#false} is VALID [2022-02-20 17:52:10,173 INFO L272 TraceCheckUtils]: 57: Hoare triple {7865#false} call outgoing(~sender#1, ~email~0#1); {7865#false} is VALID [2022-02-20 17:52:10,173 INFO L290 TraceCheckUtils]: 58: Hoare triple {7865#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {7865#false} is VALID [2022-02-20 17:52:10,173 INFO L290 TraceCheckUtils]: 59: Hoare triple {7865#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {7865#false} is VALID [2022-02-20 17:52:10,173 INFO L290 TraceCheckUtils]: 60: Hoare triple {7865#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {7865#false} is VALID [2022-02-20 17:52:10,174 INFO L272 TraceCheckUtils]: 61: Hoare triple {7865#false} call setEmailFrom(~msg#1, ~tmp~10#1); {7906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:10,174 INFO L290 TraceCheckUtils]: 62: Hoare triple {7906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,174 INFO L290 TraceCheckUtils]: 63: Hoare triple {7864#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,174 INFO L290 TraceCheckUtils]: 64: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,174 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {7864#true} {7865#false} #392#return; {7865#false} is VALID [2022-02-20 17:52:10,174 INFO L290 TraceCheckUtils]: 66: Hoare triple {7865#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {7865#false} is VALID [2022-02-20 17:52:10,174 INFO L272 TraceCheckUtils]: 67: Hoare triple {7865#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {7864#true} is VALID [2022-02-20 17:52:10,175 INFO L290 TraceCheckUtils]: 68: Hoare triple {7864#true} ~handle := #in~handle;havoc ~retValue_acc~4; {7864#true} is VALID [2022-02-20 17:52:10,175 INFO L290 TraceCheckUtils]: 69: Hoare triple {7864#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {7864#true} is VALID [2022-02-20 17:52:10,175 INFO L290 TraceCheckUtils]: 70: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,175 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {7864#true} {7865#false} #394#return; {7865#false} is VALID [2022-02-20 17:52:10,175 INFO L290 TraceCheckUtils]: 72: Hoare triple {7865#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {7865#false} is VALID [2022-02-20 17:52:10,175 INFO L290 TraceCheckUtils]: 73: Hoare triple {7865#false} assume { :end_inline_deliver } true; {7865#false} is VALID [2022-02-20 17:52:10,175 INFO L290 TraceCheckUtils]: 74: Hoare triple {7865#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {7865#false} is VALID [2022-02-20 17:52:10,175 INFO L290 TraceCheckUtils]: 75: Hoare triple {7865#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {7865#false} is VALID [2022-02-20 17:52:10,176 INFO L290 TraceCheckUtils]: 76: Hoare triple {7865#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {7865#false} is VALID [2022-02-20 17:52:10,176 INFO L290 TraceCheckUtils]: 77: Hoare triple {7865#false} assume 0 != incoming_~fwreceiver~0#1; {7865#false} is VALID [2022-02-20 17:52:10,176 INFO L272 TraceCheckUtils]: 78: Hoare triple {7865#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {7907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:10,176 INFO L290 TraceCheckUtils]: 79: Hoare triple {7907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7864#true} is VALID [2022-02-20 17:52:10,176 INFO L290 TraceCheckUtils]: 80: Hoare triple {7864#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7864#true} is VALID [2022-02-20 17:52:10,176 INFO L290 TraceCheckUtils]: 81: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,176 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {7864#true} {7865#false} #396#return; {7865#false} is VALID [2022-02-20 17:52:10,177 INFO L290 TraceCheckUtils]: 83: Hoare triple {7865#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {7865#false} is VALID [2022-02-20 17:52:10,177 INFO L272 TraceCheckUtils]: 84: Hoare triple {7865#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {7864#true} is VALID [2022-02-20 17:52:10,177 INFO L290 TraceCheckUtils]: 85: Hoare triple {7864#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {7864#true} is VALID [2022-02-20 17:52:10,177 INFO L290 TraceCheckUtils]: 86: Hoare triple {7864#true} assume true; {7864#true} is VALID [2022-02-20 17:52:10,177 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {7864#true} {7865#false} #398#return; {7865#false} is VALID [2022-02-20 17:52:10,177 INFO L290 TraceCheckUtils]: 88: Hoare triple {7865#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {7865#false} is VALID [2022-02-20 17:52:10,177 INFO L290 TraceCheckUtils]: 89: Hoare triple {7865#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {7865#false} is VALID [2022-02-20 17:52:10,178 INFO L290 TraceCheckUtils]: 90: Hoare triple {7865#false} assume !false; {7865#false} is VALID [2022-02-20 17:52:10,178 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:10,178 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:10,179 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [606006998] [2022-02-20 17:52:10,179 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [606006998] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:10,179 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:10,179 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:52:10,179 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [826733534] [2022-02-20 17:52:10,179 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:10,180 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 91 [2022-02-20 17:52:10,180 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:10,181 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 10.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:10,232 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 80 edges. 80 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:10,232 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:52:10,233 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:10,233 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:52:10,233 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:52:10,233 INFO L87 Difference]: Start difference. First operand 220 states and 348 transitions. Second operand has 6 states, 6 states have (on average 10.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:11,867 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:11,867 INFO L93 Difference]: Finished difference Result 614 states and 985 transitions. [2022-02-20 17:52:11,867 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:52:11,867 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 91 [2022-02-20 17:52:11,868 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:11,868 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:11,873 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:11,873 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:11,878 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:11,878 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 545 transitions. [2022-02-20 17:52:12,372 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 545 edges. 545 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:12,387 INFO L225 Difference]: With dead ends: 614 [2022-02-20 17:52:12,387 INFO L226 Difference]: Without dead ends: 422 [2022-02-20 17:52:12,388 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:52:12,389 INFO L933 BasicCegarLoop]: 270 mSDtfsCounter, 288 mSDsluCounter, 285 mSDsCounter, 0 mSdLazyCounter, 477 mSolverCounterSat, 105 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 294 SdHoareTripleChecker+Valid, 555 SdHoareTripleChecker+Invalid, 582 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 105 IncrementalHoareTripleChecker+Valid, 477 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:12,389 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [294 Valid, 555 Invalid, 582 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [105 Valid, 477 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-02-20 17:52:12,390 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 422 states. [2022-02-20 17:52:12,488 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 422 to 309. [2022-02-20 17:52:12,488 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:12,489 INFO L82 GeneralOperation]: Start isEquivalent. First operand 422 states. Second operand has 309 states, 285 states have (on average 1.6701754385964913) internal successors, (476), 288 states have internal predecessors, (476), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:12,490 INFO L74 IsIncluded]: Start isIncluded. First operand 422 states. Second operand has 309 states, 285 states have (on average 1.6701754385964913) internal successors, (476), 288 states have internal predecessors, (476), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:12,491 INFO L87 Difference]: Start difference. First operand 422 states. Second operand has 309 states, 285 states have (on average 1.6701754385964913) internal successors, (476), 288 states have internal predecessors, (476), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:12,505 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:12,505 INFO L93 Difference]: Finished difference Result 422 states and 669 transitions. [2022-02-20 17:52:12,506 INFO L276 IsEmpty]: Start isEmpty. Operand 422 states and 669 transitions. [2022-02-20 17:52:12,507 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:12,508 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:12,508 INFO L74 IsIncluded]: Start isIncluded. First operand has 309 states, 285 states have (on average 1.6701754385964913) internal successors, (476), 288 states have internal predecessors, (476), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 422 states. [2022-02-20 17:52:12,509 INFO L87 Difference]: Start difference. First operand has 309 states, 285 states have (on average 1.6701754385964913) internal successors, (476), 288 states have internal predecessors, (476), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 422 states. [2022-02-20 17:52:12,523 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:12,523 INFO L93 Difference]: Finished difference Result 422 states and 669 transitions. [2022-02-20 17:52:12,523 INFO L276 IsEmpty]: Start isEmpty. Operand 422 states and 669 transitions. [2022-02-20 17:52:12,525 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:12,525 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:12,525 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:12,525 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:12,526 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 309 states, 285 states have (on average 1.6701754385964913) internal successors, (476), 288 states have internal predecessors, (476), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:12,535 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 309 states to 309 states and 506 transitions. [2022-02-20 17:52:12,536 INFO L78 Accepts]: Start accepts. Automaton has 309 states and 506 transitions. Word has length 91 [2022-02-20 17:52:12,536 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:12,536 INFO L470 AbstractCegarLoop]: Abstraction has 309 states and 506 transitions. [2022-02-20 17:52:12,536 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 10.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:12,536 INFO L276 IsEmpty]: Start isEmpty. Operand 309 states and 506 transitions. [2022-02-20 17:52:12,538 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 93 [2022-02-20 17:52:12,538 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:12,538 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:12,538 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:52:12,538 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:12,539 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:12,539 INFO L85 PathProgramCache]: Analyzing trace with hash 1463575206, now seen corresponding path program 1 times [2022-02-20 17:52:12,539 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:12,539 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1218579433] [2022-02-20 17:52:12,539 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:12,540 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:12,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:12,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,596 INFO L290 TraceCheckUtils]: 0: Hoare triple {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,597 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,597 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10101#true} {10101#true} #410#return; {10101#true} is VALID [2022-02-20 17:52:12,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:12,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume !(1 == ~handle); {10101#true} is VALID [2022-02-20 17:52:12,602 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,602 INFO L290 TraceCheckUtils]: 3: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,602 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10101#true} {10101#true} #412#return; {10101#true} is VALID [2022-02-20 17:52:12,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:12,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume !(1 == ~handle); {10101#true} is VALID [2022-02-20 17:52:12,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume !(2 == ~handle); {10101#true} is VALID [2022-02-20 17:52:12,607 INFO L290 TraceCheckUtils]: 3: Hoare triple {10101#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,607 INFO L290 TraceCheckUtils]: 4: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,607 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {10101#true} {10101#true} #414#return; {10101#true} is VALID [2022-02-20 17:52:12,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2022-02-20 17:52:12,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {10143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,615 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10101#true} {10102#false} #404#return; {10102#false} is VALID [2022-02-20 17:52:12,620 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 51 [2022-02-20 17:52:12,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,622 INFO L290 TraceCheckUtils]: 0: Hoare triple {10144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,622 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,622 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,623 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10101#true} {10102#false} #406#return; {10102#false} is VALID [2022-02-20 17:52:12,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:52:12,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {10143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,628 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10101#true} {10102#false} #392#return; {10102#false} is VALID [2022-02-20 17:52:12,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:52:12,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,631 INFO L290 TraceCheckUtils]: 0: Hoare triple {10101#true} ~handle := #in~handle;havoc ~retValue_acc~4; {10101#true} is VALID [2022-02-20 17:52:12,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {10101#true} is VALID [2022-02-20 17:52:12,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10101#true} {10102#false} #394#return; {10102#false} is VALID [2022-02-20 17:52:12,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:52:12,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {10144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,637 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10101#true} {10102#false} #396#return; {10102#false} is VALID [2022-02-20 17:52:12,637 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:52:12,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:12,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {10101#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {10101#true} is VALID [2022-02-20 17:52:12,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,640 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {10101#true} {10102#false} #398#return; {10102#false} is VALID [2022-02-20 17:52:12,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {10101#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {10101#true} is VALID [2022-02-20 17:52:12,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {10101#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {10101#true} is VALID [2022-02-20 17:52:12,640 INFO L290 TraceCheckUtils]: 2: Hoare triple {10101#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10101#true} is VALID [2022-02-20 17:52:12,640 INFO L290 TraceCheckUtils]: 3: Hoare triple {10101#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {10101#true} is VALID [2022-02-20 17:52:12,641 INFO L290 TraceCheckUtils]: 4: Hoare triple {10101#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {10101#true} is VALID [2022-02-20 17:52:12,641 INFO L290 TraceCheckUtils]: 5: Hoare triple {10101#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {10101#true} is VALID [2022-02-20 17:52:12,641 INFO L272 TraceCheckUtils]: 6: Hoare triple {10101#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:12,641 INFO L290 TraceCheckUtils]: 7: Hoare triple {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,642 INFO L290 TraceCheckUtils]: 8: Hoare triple {10101#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,642 INFO L290 TraceCheckUtils]: 9: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,642 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10101#true} {10101#true} #410#return; {10101#true} is VALID [2022-02-20 17:52:12,642 INFO L290 TraceCheckUtils]: 11: Hoare triple {10101#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {10101#true} is VALID [2022-02-20 17:52:12,643 INFO L272 TraceCheckUtils]: 12: Hoare triple {10101#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:12,643 INFO L290 TraceCheckUtils]: 13: Hoare triple {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,643 INFO L290 TraceCheckUtils]: 14: Hoare triple {10101#true} assume !(1 == ~handle); {10101#true} is VALID [2022-02-20 17:52:12,643 INFO L290 TraceCheckUtils]: 15: Hoare triple {10101#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,643 INFO L290 TraceCheckUtils]: 16: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,643 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {10101#true} {10101#true} #412#return; {10101#true} is VALID [2022-02-20 17:52:12,643 INFO L290 TraceCheckUtils]: 18: Hoare triple {10101#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {10101#true} is VALID [2022-02-20 17:52:12,644 INFO L272 TraceCheckUtils]: 19: Hoare triple {10101#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:12,644 INFO L290 TraceCheckUtils]: 20: Hoare triple {10142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,644 INFO L290 TraceCheckUtils]: 21: Hoare triple {10101#true} assume !(1 == ~handle); {10101#true} is VALID [2022-02-20 17:52:12,644 INFO L290 TraceCheckUtils]: 22: Hoare triple {10101#true} assume !(2 == ~handle); {10101#true} is VALID [2022-02-20 17:52:12,645 INFO L290 TraceCheckUtils]: 23: Hoare triple {10101#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,645 INFO L290 TraceCheckUtils]: 24: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,645 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {10101#true} {10101#true} #414#return; {10101#true} is VALID [2022-02-20 17:52:12,645 INFO L290 TraceCheckUtils]: 26: Hoare triple {10101#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {10101#true} is VALID [2022-02-20 17:52:12,645 INFO L290 TraceCheckUtils]: 27: Hoare triple {10101#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:52:12,646 INFO L290 TraceCheckUtils]: 28: Hoare triple {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:52:12,646 INFO L290 TraceCheckUtils]: 29: Hoare triple {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:52:12,646 INFO L290 TraceCheckUtils]: 30: Hoare triple {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:52:12,647 INFO L290 TraceCheckUtils]: 31: Hoare triple {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:52:12,647 INFO L290 TraceCheckUtils]: 32: Hoare triple {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:52:12,647 INFO L290 TraceCheckUtils]: 33: Hoare triple {10118#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {10102#false} is VALID [2022-02-20 17:52:12,647 INFO L290 TraceCheckUtils]: 34: Hoare triple {10102#false} assume !(0 == test_~op3~0#1); {10102#false} is VALID [2022-02-20 17:52:12,647 INFO L290 TraceCheckUtils]: 35: Hoare triple {10102#false} assume !(0 == test_~op4~0#1); {10102#false} is VALID [2022-02-20 17:52:12,648 INFO L290 TraceCheckUtils]: 36: Hoare triple {10102#false} assume !(0 == test_~op5~0#1); {10102#false} is VALID [2022-02-20 17:52:12,648 INFO L290 TraceCheckUtils]: 37: Hoare triple {10102#false} assume !(0 == test_~op6~0#1); {10102#false} is VALID [2022-02-20 17:52:12,648 INFO L290 TraceCheckUtils]: 38: Hoare triple {10102#false} assume !(0 == test_~op7~0#1); {10102#false} is VALID [2022-02-20 17:52:12,648 INFO L290 TraceCheckUtils]: 39: Hoare triple {10102#false} assume !(0 == test_~op8~0#1); {10102#false} is VALID [2022-02-20 17:52:12,648 INFO L290 TraceCheckUtils]: 40: Hoare triple {10102#false} assume !(0 == test_~op9~0#1); {10102#false} is VALID [2022-02-20 17:52:12,648 INFO L290 TraceCheckUtils]: 41: Hoare triple {10102#false} assume !(0 == test_~op10~0#1); {10102#false} is VALID [2022-02-20 17:52:12,648 INFO L290 TraceCheckUtils]: 42: Hoare triple {10102#false} assume !(0 == test_~op11~0#1); {10102#false} is VALID [2022-02-20 17:52:12,649 INFO L290 TraceCheckUtils]: 43: Hoare triple {10102#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {10102#false} is VALID [2022-02-20 17:52:12,649 INFO L272 TraceCheckUtils]: 44: Hoare triple {10102#false} call sendEmail(~bob~0, ~rjh~0); {10102#false} is VALID [2022-02-20 17:52:12,649 INFO L290 TraceCheckUtils]: 45: Hoare triple {10102#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10102#false} is VALID [2022-02-20 17:52:12,649 INFO L272 TraceCheckUtils]: 46: Hoare triple {10102#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:12,649 INFO L290 TraceCheckUtils]: 47: Hoare triple {10143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,649 INFO L290 TraceCheckUtils]: 48: Hoare triple {10101#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,649 INFO L290 TraceCheckUtils]: 49: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,649 INFO L284 TraceCheckUtils]: 50: Hoare quadruple {10101#true} {10102#false} #404#return; {10102#false} is VALID [2022-02-20 17:52:12,650 INFO L272 TraceCheckUtils]: 51: Hoare triple {10102#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:12,650 INFO L290 TraceCheckUtils]: 52: Hoare triple {10144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,650 INFO L290 TraceCheckUtils]: 53: Hoare triple {10101#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,650 INFO L290 TraceCheckUtils]: 54: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,650 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {10101#true} {10102#false} #406#return; {10102#false} is VALID [2022-02-20 17:52:12,650 INFO L290 TraceCheckUtils]: 56: Hoare triple {10102#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {10102#false} is VALID [2022-02-20 17:52:12,650 INFO L290 TraceCheckUtils]: 57: Hoare triple {10102#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {10102#false} is VALID [2022-02-20 17:52:12,651 INFO L272 TraceCheckUtils]: 58: Hoare triple {10102#false} call outgoing(~sender#1, ~email~0#1); {10102#false} is VALID [2022-02-20 17:52:12,651 INFO L290 TraceCheckUtils]: 59: Hoare triple {10102#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {10102#false} is VALID [2022-02-20 17:52:12,651 INFO L290 TraceCheckUtils]: 60: Hoare triple {10102#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {10102#false} is VALID [2022-02-20 17:52:12,651 INFO L290 TraceCheckUtils]: 61: Hoare triple {10102#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {10102#false} is VALID [2022-02-20 17:52:12,651 INFO L272 TraceCheckUtils]: 62: Hoare triple {10102#false} call setEmailFrom(~msg#1, ~tmp~10#1); {10143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:12,651 INFO L290 TraceCheckUtils]: 63: Hoare triple {10143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,651 INFO L290 TraceCheckUtils]: 64: Hoare triple {10101#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,651 INFO L290 TraceCheckUtils]: 65: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,652 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {10101#true} {10102#false} #392#return; {10102#false} is VALID [2022-02-20 17:52:12,652 INFO L290 TraceCheckUtils]: 67: Hoare triple {10102#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {10102#false} is VALID [2022-02-20 17:52:12,652 INFO L272 TraceCheckUtils]: 68: Hoare triple {10102#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {10101#true} is VALID [2022-02-20 17:52:12,652 INFO L290 TraceCheckUtils]: 69: Hoare triple {10101#true} ~handle := #in~handle;havoc ~retValue_acc~4; {10101#true} is VALID [2022-02-20 17:52:12,652 INFO L290 TraceCheckUtils]: 70: Hoare triple {10101#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {10101#true} is VALID [2022-02-20 17:52:12,652 INFO L290 TraceCheckUtils]: 71: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,652 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {10101#true} {10102#false} #394#return; {10102#false} is VALID [2022-02-20 17:52:12,653 INFO L290 TraceCheckUtils]: 73: Hoare triple {10102#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {10102#false} is VALID [2022-02-20 17:52:12,653 INFO L290 TraceCheckUtils]: 74: Hoare triple {10102#false} assume { :end_inline_deliver } true; {10102#false} is VALID [2022-02-20 17:52:12,653 INFO L290 TraceCheckUtils]: 75: Hoare triple {10102#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {10102#false} is VALID [2022-02-20 17:52:12,653 INFO L290 TraceCheckUtils]: 76: Hoare triple {10102#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {10102#false} is VALID [2022-02-20 17:52:12,653 INFO L290 TraceCheckUtils]: 77: Hoare triple {10102#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {10102#false} is VALID [2022-02-20 17:52:12,653 INFO L290 TraceCheckUtils]: 78: Hoare triple {10102#false} assume 0 != incoming_~fwreceiver~0#1; {10102#false} is VALID [2022-02-20 17:52:12,653 INFO L272 TraceCheckUtils]: 79: Hoare triple {10102#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {10144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:12,653 INFO L290 TraceCheckUtils]: 80: Hoare triple {10144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10101#true} is VALID [2022-02-20 17:52:12,654 INFO L290 TraceCheckUtils]: 81: Hoare triple {10101#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10101#true} is VALID [2022-02-20 17:52:12,654 INFO L290 TraceCheckUtils]: 82: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,654 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {10101#true} {10102#false} #396#return; {10102#false} is VALID [2022-02-20 17:52:12,654 INFO L290 TraceCheckUtils]: 84: Hoare triple {10102#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {10102#false} is VALID [2022-02-20 17:52:12,654 INFO L272 TraceCheckUtils]: 85: Hoare triple {10102#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {10101#true} is VALID [2022-02-20 17:52:12,654 INFO L290 TraceCheckUtils]: 86: Hoare triple {10101#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {10101#true} is VALID [2022-02-20 17:52:12,654 INFO L290 TraceCheckUtils]: 87: Hoare triple {10101#true} assume true; {10101#true} is VALID [2022-02-20 17:52:12,655 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {10101#true} {10102#false} #398#return; {10102#false} is VALID [2022-02-20 17:52:12,655 INFO L290 TraceCheckUtils]: 89: Hoare triple {10102#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {10102#false} is VALID [2022-02-20 17:52:12,655 INFO L290 TraceCheckUtils]: 90: Hoare triple {10102#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {10102#false} is VALID [2022-02-20 17:52:12,655 INFO L290 TraceCheckUtils]: 91: Hoare triple {10102#false} assume !false; {10102#false} is VALID [2022-02-20 17:52:12,655 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:12,655 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:12,656 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1218579433] [2022-02-20 17:52:12,656 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1218579433] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:12,656 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:12,656 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:52:12,657 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1442428100] [2022-02-20 17:52:12,657 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:12,658 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.166666666666666) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 92 [2022-02-20 17:52:12,658 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:12,658 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 10.166666666666666) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:12,715 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:12,715 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:52:12,716 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:12,716 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:52:12,717 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:52:12,717 INFO L87 Difference]: Start difference. First operand 309 states and 506 transitions. Second operand has 6 states, 6 states have (on average 10.166666666666666) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:14,391 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:14,392 INFO L93 Difference]: Finished difference Result 842 states and 1391 transitions. [2022-02-20 17:52:14,392 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:52:14,392 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.166666666666666) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 92 [2022-02-20 17:52:14,392 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:14,393 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.166666666666666) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:14,397 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:14,398 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.166666666666666) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:14,402 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:14,403 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 545 transitions. [2022-02-20 17:52:14,892 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 545 edges. 545 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:14,917 INFO L225 Difference]: With dead ends: 842 [2022-02-20 17:52:14,917 INFO L226 Difference]: Without dead ends: 569 [2022-02-20 17:52:14,918 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:52:14,919 INFO L933 BasicCegarLoop]: 271 mSDtfsCounter, 286 mSDsluCounter, 282 mSDsCounter, 0 mSdLazyCounter, 484 mSolverCounterSat, 105 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 293 SdHoareTripleChecker+Valid, 553 SdHoareTripleChecker+Invalid, 589 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 105 IncrementalHoareTripleChecker+Valid, 484 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:14,919 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [293 Valid, 553 Invalid, 589 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [105 Valid, 484 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-02-20 17:52:14,920 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 569 states. [2022-02-20 17:52:15,068 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 569 to 456. [2022-02-20 17:52:15,068 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:15,069 INFO L82 GeneralOperation]: Start isEquivalent. First operand 569 states. Second operand has 456 states, 432 states have (on average 1.6967592592592593) internal successors, (733), 435 states have internal predecessors, (733), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:15,070 INFO L74 IsIncluded]: Start isIncluded. First operand 569 states. Second operand has 456 states, 432 states have (on average 1.6967592592592593) internal successors, (733), 435 states have internal predecessors, (733), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:15,071 INFO L87 Difference]: Start difference. First operand 569 states. Second operand has 456 states, 432 states have (on average 1.6967592592592593) internal successors, (733), 435 states have internal predecessors, (733), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:15,092 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:15,092 INFO L93 Difference]: Finished difference Result 569 states and 926 transitions. [2022-02-20 17:52:15,092 INFO L276 IsEmpty]: Start isEmpty. Operand 569 states and 926 transitions. [2022-02-20 17:52:15,094 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:15,094 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:15,096 INFO L74 IsIncluded]: Start isIncluded. First operand has 456 states, 432 states have (on average 1.6967592592592593) internal successors, (733), 435 states have internal predecessors, (733), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 569 states. [2022-02-20 17:52:15,097 INFO L87 Difference]: Start difference. First operand has 456 states, 432 states have (on average 1.6967592592592593) internal successors, (733), 435 states have internal predecessors, (733), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 569 states. [2022-02-20 17:52:15,119 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:15,119 INFO L93 Difference]: Finished difference Result 569 states and 926 transitions. [2022-02-20 17:52:15,119 INFO L276 IsEmpty]: Start isEmpty. Operand 569 states and 926 transitions. [2022-02-20 17:52:15,121 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:15,121 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:15,121 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:15,121 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:15,122 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 456 states, 432 states have (on average 1.6967592592592593) internal successors, (733), 435 states have internal predecessors, (733), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:15,138 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 456 states to 456 states and 763 transitions. [2022-02-20 17:52:15,138 INFO L78 Accepts]: Start accepts. Automaton has 456 states and 763 transitions. Word has length 92 [2022-02-20 17:52:15,138 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:15,138 INFO L470 AbstractCegarLoop]: Abstraction has 456 states and 763 transitions. [2022-02-20 17:52:15,138 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 10.166666666666666) internal successors, (61), 3 states have internal predecessors, (61), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:15,139 INFO L276 IsEmpty]: Start isEmpty. Operand 456 states and 763 transitions. [2022-02-20 17:52:15,140 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 94 [2022-02-20 17:52:15,140 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:15,140 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:15,140 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:52:15,140 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:15,140 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:15,140 INFO L85 PathProgramCache]: Analyzing trace with hash 1317896282, now seen corresponding path program 1 times [2022-02-20 17:52:15,141 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:15,141 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1753473509] [2022-02-20 17:52:15,141 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:15,141 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:15,166 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,189 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:15,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,194 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,194 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,194 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13178#true} {13178#true} #410#return; {13178#true} is VALID [2022-02-20 17:52:15,194 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:15,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,198 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume !(1 == ~handle); {13178#true} is VALID [2022-02-20 17:52:15,198 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,198 INFO L290 TraceCheckUtils]: 3: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,199 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13178#true} {13178#true} #412#return; {13178#true} is VALID [2022-02-20 17:52:15,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:15,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,204 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,204 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume !(1 == ~handle); {13178#true} is VALID [2022-02-20 17:52:15,204 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume !(2 == ~handle); {13178#true} is VALID [2022-02-20 17:52:15,204 INFO L290 TraceCheckUtils]: 3: Hoare triple {13178#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,204 INFO L290 TraceCheckUtils]: 4: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,205 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13178#true} {13178#true} #414#return; {13178#true} is VALID [2022-02-20 17:52:15,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:52:15,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,211 INFO L290 TraceCheckUtils]: 0: Hoare triple {13220#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,212 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13178#true} {13179#false} #404#return; {13179#false} is VALID [2022-02-20 17:52:15,216 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:52:15,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,221 INFO L290 TraceCheckUtils]: 0: Hoare triple {13221#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,221 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,221 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,221 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13178#true} {13179#false} #406#return; {13179#false} is VALID [2022-02-20 17:52:15,221 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:52:15,224 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {13220#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,226 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13178#true} {13179#false} #392#return; {13179#false} is VALID [2022-02-20 17:52:15,226 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:52:15,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,228 INFO L290 TraceCheckUtils]: 0: Hoare triple {13178#true} ~handle := #in~handle;havoc ~retValue_acc~4; {13178#true} is VALID [2022-02-20 17:52:15,228 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {13178#true} is VALID [2022-02-20 17:52:15,228 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,228 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13178#true} {13179#false} #394#return; {13179#false} is VALID [2022-02-20 17:52:15,228 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:52:15,229 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,233 INFO L290 TraceCheckUtils]: 0: Hoare triple {13221#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,233 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,234 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13178#true} {13179#false} #396#return; {13179#false} is VALID [2022-02-20 17:52:15,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:52:15,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:15,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {13178#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13178#true} is VALID [2022-02-20 17:52:15,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,236 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13178#true} {13179#false} #398#return; {13179#false} is VALID [2022-02-20 17:52:15,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {13178#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {13178#true} is VALID [2022-02-20 17:52:15,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {13178#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {13178#true} is VALID [2022-02-20 17:52:15,237 INFO L290 TraceCheckUtils]: 2: Hoare triple {13178#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13178#true} is VALID [2022-02-20 17:52:15,237 INFO L290 TraceCheckUtils]: 3: Hoare triple {13178#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {13178#true} is VALID [2022-02-20 17:52:15,237 INFO L290 TraceCheckUtils]: 4: Hoare triple {13178#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {13178#true} is VALID [2022-02-20 17:52:15,237 INFO L290 TraceCheckUtils]: 5: Hoare triple {13178#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {13178#true} is VALID [2022-02-20 17:52:15,237 INFO L272 TraceCheckUtils]: 6: Hoare triple {13178#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:15,238 INFO L290 TraceCheckUtils]: 7: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,238 INFO L290 TraceCheckUtils]: 8: Hoare triple {13178#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,238 INFO L290 TraceCheckUtils]: 9: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,238 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13178#true} {13178#true} #410#return; {13178#true} is VALID [2022-02-20 17:52:15,238 INFO L290 TraceCheckUtils]: 11: Hoare triple {13178#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {13178#true} is VALID [2022-02-20 17:52:15,238 INFO L272 TraceCheckUtils]: 12: Hoare triple {13178#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:15,239 INFO L290 TraceCheckUtils]: 13: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,239 INFO L290 TraceCheckUtils]: 14: Hoare triple {13178#true} assume !(1 == ~handle); {13178#true} is VALID [2022-02-20 17:52:15,239 INFO L290 TraceCheckUtils]: 15: Hoare triple {13178#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,239 INFO L290 TraceCheckUtils]: 16: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,239 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {13178#true} {13178#true} #412#return; {13178#true} is VALID [2022-02-20 17:52:15,239 INFO L290 TraceCheckUtils]: 18: Hoare triple {13178#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {13178#true} is VALID [2022-02-20 17:52:15,240 INFO L272 TraceCheckUtils]: 19: Hoare triple {13178#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:15,252 INFO L290 TraceCheckUtils]: 20: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,252 INFO L290 TraceCheckUtils]: 21: Hoare triple {13178#true} assume !(1 == ~handle); {13178#true} is VALID [2022-02-20 17:52:15,252 INFO L290 TraceCheckUtils]: 22: Hoare triple {13178#true} assume !(2 == ~handle); {13178#true} is VALID [2022-02-20 17:52:15,252 INFO L290 TraceCheckUtils]: 23: Hoare triple {13178#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,252 INFO L290 TraceCheckUtils]: 24: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,252 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {13178#true} {13178#true} #414#return; {13178#true} is VALID [2022-02-20 17:52:15,252 INFO L290 TraceCheckUtils]: 26: Hoare triple {13178#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {13178#true} is VALID [2022-02-20 17:52:15,253 INFO L290 TraceCheckUtils]: 27: Hoare triple {13178#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:52:15,253 INFO L290 TraceCheckUtils]: 28: Hoare triple {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !false; {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:52:15,253 INFO L290 TraceCheckUtils]: 29: Hoare triple {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:52:15,254 INFO L290 TraceCheckUtils]: 30: Hoare triple {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:52:15,254 INFO L290 TraceCheckUtils]: 31: Hoare triple {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:52:15,254 INFO L290 TraceCheckUtils]: 32: Hoare triple {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:52:15,255 INFO L290 TraceCheckUtils]: 33: Hoare triple {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet15#1 && test_#t~nondet15#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet15#1;havoc test_#t~nondet15#1; {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:52:15,255 INFO L290 TraceCheckUtils]: 34: Hoare triple {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:52:15,255 INFO L290 TraceCheckUtils]: 35: Hoare triple {13195#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 == test_~op3~0#1); {13179#false} is VALID [2022-02-20 17:52:15,255 INFO L290 TraceCheckUtils]: 36: Hoare triple {13179#false} assume !(0 == test_~op4~0#1); {13179#false} is VALID [2022-02-20 17:52:15,255 INFO L290 TraceCheckUtils]: 37: Hoare triple {13179#false} assume !(0 == test_~op5~0#1); {13179#false} is VALID [2022-02-20 17:52:15,255 INFO L290 TraceCheckUtils]: 38: Hoare triple {13179#false} assume !(0 == test_~op6~0#1); {13179#false} is VALID [2022-02-20 17:52:15,255 INFO L290 TraceCheckUtils]: 39: Hoare triple {13179#false} assume !(0 == test_~op7~0#1); {13179#false} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 40: Hoare triple {13179#false} assume !(0 == test_~op8~0#1); {13179#false} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 41: Hoare triple {13179#false} assume !(0 == test_~op9~0#1); {13179#false} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 42: Hoare triple {13179#false} assume !(0 == test_~op10~0#1); {13179#false} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 43: Hoare triple {13179#false} assume !(0 == test_~op11~0#1); {13179#false} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 44: Hoare triple {13179#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {13179#false} is VALID [2022-02-20 17:52:15,256 INFO L272 TraceCheckUtils]: 45: Hoare triple {13179#false} call sendEmail(~bob~0, ~rjh~0); {13179#false} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 46: Hoare triple {13179#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13179#false} is VALID [2022-02-20 17:52:15,256 INFO L272 TraceCheckUtils]: 47: Hoare triple {13179#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13220#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 48: Hoare triple {13220#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 49: Hoare triple {13178#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,256 INFO L290 TraceCheckUtils]: 50: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,257 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {13178#true} {13179#false} #404#return; {13179#false} is VALID [2022-02-20 17:52:15,257 INFO L272 TraceCheckUtils]: 52: Hoare triple {13179#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13221#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:15,257 INFO L290 TraceCheckUtils]: 53: Hoare triple {13221#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,257 INFO L290 TraceCheckUtils]: 54: Hoare triple {13178#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,257 INFO L290 TraceCheckUtils]: 55: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,257 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {13178#true} {13179#false} #406#return; {13179#false} is VALID [2022-02-20 17:52:15,257 INFO L290 TraceCheckUtils]: 57: Hoare triple {13179#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {13179#false} is VALID [2022-02-20 17:52:15,257 INFO L290 TraceCheckUtils]: 58: Hoare triple {13179#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {13179#false} is VALID [2022-02-20 17:52:15,257 INFO L272 TraceCheckUtils]: 59: Hoare triple {13179#false} call outgoing(~sender#1, ~email~0#1); {13179#false} is VALID [2022-02-20 17:52:15,257 INFO L290 TraceCheckUtils]: 60: Hoare triple {13179#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {13179#false} is VALID [2022-02-20 17:52:15,257 INFO L290 TraceCheckUtils]: 61: Hoare triple {13179#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {13179#false} is VALID [2022-02-20 17:52:15,257 INFO L290 TraceCheckUtils]: 62: Hoare triple {13179#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {13179#false} is VALID [2022-02-20 17:52:15,258 INFO L272 TraceCheckUtils]: 63: Hoare triple {13179#false} call setEmailFrom(~msg#1, ~tmp~10#1); {13220#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:15,258 INFO L290 TraceCheckUtils]: 64: Hoare triple {13220#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,258 INFO L290 TraceCheckUtils]: 65: Hoare triple {13178#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,258 INFO L290 TraceCheckUtils]: 66: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,258 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {13178#true} {13179#false} #392#return; {13179#false} is VALID [2022-02-20 17:52:15,258 INFO L290 TraceCheckUtils]: 68: Hoare triple {13179#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {13179#false} is VALID [2022-02-20 17:52:15,258 INFO L272 TraceCheckUtils]: 69: Hoare triple {13179#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {13178#true} is VALID [2022-02-20 17:52:15,258 INFO L290 TraceCheckUtils]: 70: Hoare triple {13178#true} ~handle := #in~handle;havoc ~retValue_acc~4; {13178#true} is VALID [2022-02-20 17:52:15,258 INFO L290 TraceCheckUtils]: 71: Hoare triple {13178#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {13178#true} is VALID [2022-02-20 17:52:15,258 INFO L290 TraceCheckUtils]: 72: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,258 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {13178#true} {13179#false} #394#return; {13179#false} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 74: Hoare triple {13179#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {13179#false} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 75: Hoare triple {13179#false} assume { :end_inline_deliver } true; {13179#false} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 76: Hoare triple {13179#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {13179#false} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 77: Hoare triple {13179#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {13179#false} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 78: Hoare triple {13179#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {13179#false} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 79: Hoare triple {13179#false} assume 0 != incoming_~fwreceiver~0#1; {13179#false} is VALID [2022-02-20 17:52:15,259 INFO L272 TraceCheckUtils]: 80: Hoare triple {13179#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {13221#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 81: Hoare triple {13221#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13178#true} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 82: Hoare triple {13178#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13178#true} is VALID [2022-02-20 17:52:15,259 INFO L290 TraceCheckUtils]: 83: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,259 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {13178#true} {13179#false} #396#return; {13179#false} is VALID [2022-02-20 17:52:15,260 INFO L290 TraceCheckUtils]: 85: Hoare triple {13179#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {13179#false} is VALID [2022-02-20 17:52:15,260 INFO L272 TraceCheckUtils]: 86: Hoare triple {13179#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {13178#true} is VALID [2022-02-20 17:52:15,260 INFO L290 TraceCheckUtils]: 87: Hoare triple {13178#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13178#true} is VALID [2022-02-20 17:52:15,260 INFO L290 TraceCheckUtils]: 88: Hoare triple {13178#true} assume true; {13178#true} is VALID [2022-02-20 17:52:15,260 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {13178#true} {13179#false} #398#return; {13179#false} is VALID [2022-02-20 17:52:15,260 INFO L290 TraceCheckUtils]: 90: Hoare triple {13179#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {13179#false} is VALID [2022-02-20 17:52:15,260 INFO L290 TraceCheckUtils]: 91: Hoare triple {13179#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {13179#false} is VALID [2022-02-20 17:52:15,260 INFO L290 TraceCheckUtils]: 92: Hoare triple {13179#false} assume !false; {13179#false} is VALID [2022-02-20 17:52:15,261 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:15,261 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:15,261 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1753473509] [2022-02-20 17:52:15,261 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1753473509] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:15,261 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:15,261 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:52:15,261 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1490694527] [2022-02-20 17:52:15,261 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:15,262 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.333333333333334) internal successors, (62), 3 states have internal predecessors, (62), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 93 [2022-02-20 17:52:15,262 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:15,262 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 10.333333333333334) internal successors, (62), 3 states have internal predecessors, (62), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:15,323 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 82 edges. 82 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:15,324 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:52:15,324 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:15,324 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:52:15,324 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:52:15,325 INFO L87 Difference]: Start difference. First operand 456 states and 763 transitions. Second operand has 6 states, 6 states have (on average 10.333333333333334) internal successors, (62), 3 states have internal predecessors, (62), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:17,068 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:17,068 INFO L93 Difference]: Finished difference Result 1204 states and 2026 transitions. [2022-02-20 17:52:17,068 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:52:17,068 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.333333333333334) internal successors, (62), 3 states have internal predecessors, (62), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 93 [2022-02-20 17:52:17,068 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:17,069 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.333333333333334) internal successors, (62), 3 states have internal predecessors, (62), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:17,073 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:17,074 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.333333333333334) internal successors, (62), 3 states have internal predecessors, (62), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:17,078 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:17,079 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 545 transitions. [2022-02-20 17:52:17,579 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 545 edges. 545 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:17,622 INFO L225 Difference]: With dead ends: 1204 [2022-02-20 17:52:17,623 INFO L226 Difference]: Without dead ends: 803 [2022-02-20 17:52:17,624 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:52:17,624 INFO L933 BasicCegarLoop]: 268 mSDtfsCounter, 285 mSDsluCounter, 282 mSDsCounter, 0 mSdLazyCounter, 476 mSolverCounterSat, 105 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 292 SdHoareTripleChecker+Valid, 550 SdHoareTripleChecker+Invalid, 581 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 105 IncrementalHoareTripleChecker+Valid, 476 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:17,625 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [292 Valid, 550 Invalid, 581 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [105 Valid, 476 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-02-20 17:52:17,626 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 803 states. [2022-02-20 17:52:17,889 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 803 to 690. [2022-02-20 17:52:17,889 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:17,893 INFO L82 GeneralOperation]: Start isEquivalent. First operand 803 states. Second operand has 690 states, 666 states have (on average 1.7042042042042043) internal successors, (1135), 669 states have internal predecessors, (1135), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:17,895 INFO L74 IsIncluded]: Start isIncluded. First operand 803 states. Second operand has 690 states, 666 states have (on average 1.7042042042042043) internal successors, (1135), 669 states have internal predecessors, (1135), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:17,896 INFO L87 Difference]: Start difference. First operand 803 states. Second operand has 690 states, 666 states have (on average 1.7042042042042043) internal successors, (1135), 669 states have internal predecessors, (1135), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:17,932 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:17,932 INFO L93 Difference]: Finished difference Result 803 states and 1328 transitions. [2022-02-20 17:52:17,932 INFO L276 IsEmpty]: Start isEmpty. Operand 803 states and 1328 transitions. [2022-02-20 17:52:17,935 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:17,935 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:17,936 INFO L74 IsIncluded]: Start isIncluded. First operand has 690 states, 666 states have (on average 1.7042042042042043) internal successors, (1135), 669 states have internal predecessors, (1135), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 803 states. [2022-02-20 17:52:17,937 INFO L87 Difference]: Start difference. First operand has 690 states, 666 states have (on average 1.7042042042042043) internal successors, (1135), 669 states have internal predecessors, (1135), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 803 states. [2022-02-20 17:52:17,974 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:17,975 INFO L93 Difference]: Finished difference Result 803 states and 1328 transitions. [2022-02-20 17:52:17,975 INFO L276 IsEmpty]: Start isEmpty. Operand 803 states and 1328 transitions. [2022-02-20 17:52:17,977 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:17,977 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:17,978 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:17,978 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:17,979 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 690 states, 666 states have (on average 1.7042042042042043) internal successors, (1135), 669 states have internal predecessors, (1135), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:18,018 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 690 states to 690 states and 1165 transitions. [2022-02-20 17:52:18,018 INFO L78 Accepts]: Start accepts. Automaton has 690 states and 1165 transitions. Word has length 93 [2022-02-20 17:52:18,019 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:18,019 INFO L470 AbstractCegarLoop]: Abstraction has 690 states and 1165 transitions. [2022-02-20 17:52:18,020 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 10.333333333333334) internal successors, (62), 3 states have internal predecessors, (62), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:18,020 INFO L276 IsEmpty]: Start isEmpty. Operand 690 states and 1165 transitions. [2022-02-20 17:52:18,024 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 95 [2022-02-20 17:52:18,024 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:18,024 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:18,025 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 17:52:18,025 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:18,025 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:18,025 INFO L85 PathProgramCache]: Analyzing trace with hash 1068484616, now seen corresponding path program 1 times [2022-02-20 17:52:18,026 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:18,026 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [280524721] [2022-02-20 17:52:18,026 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:18,026 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:18,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,078 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:18,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,082 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,082 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17594#true} {17594#true} #410#return; {17594#true} is VALID [2022-02-20 17:52:18,082 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:18,083 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,085 INFO L290 TraceCheckUtils]: 0: Hoare triple {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,085 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume !(1 == ~handle); {17594#true} is VALID [2022-02-20 17:52:18,085 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,085 INFO L290 TraceCheckUtils]: 3: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,085 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17594#true} {17594#true} #412#return; {17594#true} is VALID [2022-02-20 17:52:18,086 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:18,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,089 INFO L290 TraceCheckUtils]: 0: Hoare triple {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,089 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume !(1 == ~handle); {17594#true} is VALID [2022-02-20 17:52:18,089 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume !(2 == ~handle); {17594#true} is VALID [2022-02-20 17:52:18,089 INFO L290 TraceCheckUtils]: 3: Hoare triple {17594#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,089 INFO L290 TraceCheckUtils]: 4: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,089 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17594#true} {17594#true} #414#return; {17594#true} is VALID [2022-02-20 17:52:18,093 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:52:18,094 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,096 INFO L290 TraceCheckUtils]: 0: Hoare triple {17636#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,096 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,096 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,096 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17594#true} {17595#false} #404#return; {17595#false} is VALID [2022-02-20 17:52:18,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:52:18,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,105 INFO L290 TraceCheckUtils]: 0: Hoare triple {17637#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,105 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,105 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,105 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17594#true} {17595#false} #406#return; {17595#false} is VALID [2022-02-20 17:52:18,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:52:18,106 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {17636#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,108 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17594#true} {17595#false} #392#return; {17595#false} is VALID [2022-02-20 17:52:18,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:52:18,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {17594#true} ~handle := #in~handle;havoc ~retValue_acc~4; {17594#true} is VALID [2022-02-20 17:52:18,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {17594#true} is VALID [2022-02-20 17:52:18,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,110 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17594#true} {17595#false} #394#return; {17595#false} is VALID [2022-02-20 17:52:18,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:52:18,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {17637#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,113 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,113 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17594#true} {17595#false} #396#return; {17595#false} is VALID [2022-02-20 17:52:18,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:52:18,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:18,115 INFO L290 TraceCheckUtils]: 0: Hoare triple {17594#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {17594#true} is VALID [2022-02-20 17:52:18,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,116 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17594#true} {17595#false} #398#return; {17595#false} is VALID [2022-02-20 17:52:18,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {17594#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {17594#true} is VALID [2022-02-20 17:52:18,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {17594#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {17594#true} is VALID [2022-02-20 17:52:18,116 INFO L290 TraceCheckUtils]: 2: Hoare triple {17594#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17594#true} is VALID [2022-02-20 17:52:18,116 INFO L290 TraceCheckUtils]: 3: Hoare triple {17594#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {17594#true} is VALID [2022-02-20 17:52:18,116 INFO L290 TraceCheckUtils]: 4: Hoare triple {17594#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {17594#true} is VALID [2022-02-20 17:52:18,116 INFO L290 TraceCheckUtils]: 5: Hoare triple {17594#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {17594#true} is VALID [2022-02-20 17:52:18,117 INFO L272 TraceCheckUtils]: 6: Hoare triple {17594#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:18,117 INFO L290 TraceCheckUtils]: 7: Hoare triple {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,117 INFO L290 TraceCheckUtils]: 8: Hoare triple {17594#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,117 INFO L290 TraceCheckUtils]: 9: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,117 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17594#true} {17594#true} #410#return; {17594#true} is VALID [2022-02-20 17:52:18,117 INFO L290 TraceCheckUtils]: 11: Hoare triple {17594#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {17594#true} is VALID [2022-02-20 17:52:18,118 INFO L272 TraceCheckUtils]: 12: Hoare triple {17594#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:18,118 INFO L290 TraceCheckUtils]: 13: Hoare triple {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,118 INFO L290 TraceCheckUtils]: 14: Hoare triple {17594#true} assume !(1 == ~handle); {17594#true} is VALID [2022-02-20 17:52:18,118 INFO L290 TraceCheckUtils]: 15: Hoare triple {17594#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,118 INFO L290 TraceCheckUtils]: 16: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,118 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {17594#true} {17594#true} #412#return; {17594#true} is VALID [2022-02-20 17:52:18,118 INFO L290 TraceCheckUtils]: 18: Hoare triple {17594#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {17594#true} is VALID [2022-02-20 17:52:18,119 INFO L272 TraceCheckUtils]: 19: Hoare triple {17594#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:18,119 INFO L290 TraceCheckUtils]: 20: Hoare triple {17635#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,119 INFO L290 TraceCheckUtils]: 21: Hoare triple {17594#true} assume !(1 == ~handle); {17594#true} is VALID [2022-02-20 17:52:18,119 INFO L290 TraceCheckUtils]: 22: Hoare triple {17594#true} assume !(2 == ~handle); {17594#true} is VALID [2022-02-20 17:52:18,119 INFO L290 TraceCheckUtils]: 23: Hoare triple {17594#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,119 INFO L290 TraceCheckUtils]: 24: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,119 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {17594#true} {17594#true} #414#return; {17594#true} is VALID [2022-02-20 17:52:18,119 INFO L290 TraceCheckUtils]: 26: Hoare triple {17594#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {17594#true} is VALID [2022-02-20 17:52:18,120 INFO L290 TraceCheckUtils]: 27: Hoare triple {17594#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,120 INFO L290 TraceCheckUtils]: 28: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !false; {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,120 INFO L290 TraceCheckUtils]: 29: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,121 INFO L290 TraceCheckUtils]: 30: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,121 INFO L290 TraceCheckUtils]: 31: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,121 INFO L290 TraceCheckUtils]: 32: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,121 INFO L290 TraceCheckUtils]: 33: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet15#1 && test_#t~nondet15#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet15#1;havoc test_#t~nondet15#1; {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,122 INFO L290 TraceCheckUtils]: 34: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,122 INFO L290 TraceCheckUtils]: 35: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,122 INFO L290 TraceCheckUtils]: 36: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 37: Hoare triple {17611#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 == test_~op4~0#1); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 38: Hoare triple {17595#false} assume !(0 == test_~op5~0#1); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 39: Hoare triple {17595#false} assume !(0 == test_~op6~0#1); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 40: Hoare triple {17595#false} assume !(0 == test_~op7~0#1); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 41: Hoare triple {17595#false} assume !(0 == test_~op8~0#1); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 42: Hoare triple {17595#false} assume !(0 == test_~op9~0#1); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 43: Hoare triple {17595#false} assume !(0 == test_~op10~0#1); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 44: Hoare triple {17595#false} assume !(0 == test_~op11~0#1); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 45: Hoare triple {17595#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L272 TraceCheckUtils]: 46: Hoare triple {17595#false} call sendEmail(~bob~0, ~rjh~0); {17595#false} is VALID [2022-02-20 17:52:18,123 INFO L290 TraceCheckUtils]: 47: Hoare triple {17595#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17595#false} is VALID [2022-02-20 17:52:18,124 INFO L272 TraceCheckUtils]: 48: Hoare triple {17595#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17636#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:18,124 INFO L290 TraceCheckUtils]: 49: Hoare triple {17636#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,124 INFO L290 TraceCheckUtils]: 50: Hoare triple {17594#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,124 INFO L290 TraceCheckUtils]: 51: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,124 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {17594#true} {17595#false} #404#return; {17595#false} is VALID [2022-02-20 17:52:18,124 INFO L272 TraceCheckUtils]: 53: Hoare triple {17595#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17637#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:18,124 INFO L290 TraceCheckUtils]: 54: Hoare triple {17637#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,124 INFO L290 TraceCheckUtils]: 55: Hoare triple {17594#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,124 INFO L290 TraceCheckUtils]: 56: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,124 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {17594#true} {17595#false} #406#return; {17595#false} is VALID [2022-02-20 17:52:18,124 INFO L290 TraceCheckUtils]: 58: Hoare triple {17595#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {17595#false} is VALID [2022-02-20 17:52:18,125 INFO L290 TraceCheckUtils]: 59: Hoare triple {17595#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {17595#false} is VALID [2022-02-20 17:52:18,125 INFO L272 TraceCheckUtils]: 60: Hoare triple {17595#false} call outgoing(~sender#1, ~email~0#1); {17595#false} is VALID [2022-02-20 17:52:18,125 INFO L290 TraceCheckUtils]: 61: Hoare triple {17595#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {17595#false} is VALID [2022-02-20 17:52:18,125 INFO L290 TraceCheckUtils]: 62: Hoare triple {17595#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {17595#false} is VALID [2022-02-20 17:52:18,125 INFO L290 TraceCheckUtils]: 63: Hoare triple {17595#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {17595#false} is VALID [2022-02-20 17:52:18,125 INFO L272 TraceCheckUtils]: 64: Hoare triple {17595#false} call setEmailFrom(~msg#1, ~tmp~10#1); {17636#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:18,125 INFO L290 TraceCheckUtils]: 65: Hoare triple {17636#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,125 INFO L290 TraceCheckUtils]: 66: Hoare triple {17594#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,125 INFO L290 TraceCheckUtils]: 67: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,125 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {17594#true} {17595#false} #392#return; {17595#false} is VALID [2022-02-20 17:52:18,125 INFO L290 TraceCheckUtils]: 69: Hoare triple {17595#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {17595#false} is VALID [2022-02-20 17:52:18,126 INFO L272 TraceCheckUtils]: 70: Hoare triple {17595#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {17594#true} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 71: Hoare triple {17594#true} ~handle := #in~handle;havoc ~retValue_acc~4; {17594#true} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 72: Hoare triple {17594#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {17594#true} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 73: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,126 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {17594#true} {17595#false} #394#return; {17595#false} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 75: Hoare triple {17595#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {17595#false} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 76: Hoare triple {17595#false} assume { :end_inline_deliver } true; {17595#false} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 77: Hoare triple {17595#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {17595#false} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 78: Hoare triple {17595#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {17595#false} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 79: Hoare triple {17595#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {17595#false} is VALID [2022-02-20 17:52:18,126 INFO L290 TraceCheckUtils]: 80: Hoare triple {17595#false} assume 0 != incoming_~fwreceiver~0#1; {17595#false} is VALID [2022-02-20 17:52:18,127 INFO L272 TraceCheckUtils]: 81: Hoare triple {17595#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {17637#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:18,127 INFO L290 TraceCheckUtils]: 82: Hoare triple {17637#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17594#true} is VALID [2022-02-20 17:52:18,127 INFO L290 TraceCheckUtils]: 83: Hoare triple {17594#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17594#true} is VALID [2022-02-20 17:52:18,127 INFO L290 TraceCheckUtils]: 84: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,127 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {17594#true} {17595#false} #396#return; {17595#false} is VALID [2022-02-20 17:52:18,127 INFO L290 TraceCheckUtils]: 86: Hoare triple {17595#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {17595#false} is VALID [2022-02-20 17:52:18,127 INFO L272 TraceCheckUtils]: 87: Hoare triple {17595#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {17594#true} is VALID [2022-02-20 17:52:18,127 INFO L290 TraceCheckUtils]: 88: Hoare triple {17594#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {17594#true} is VALID [2022-02-20 17:52:18,127 INFO L290 TraceCheckUtils]: 89: Hoare triple {17594#true} assume true; {17594#true} is VALID [2022-02-20 17:52:18,127 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {17594#true} {17595#false} #398#return; {17595#false} is VALID [2022-02-20 17:52:18,127 INFO L290 TraceCheckUtils]: 91: Hoare triple {17595#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {17595#false} is VALID [2022-02-20 17:52:18,128 INFO L290 TraceCheckUtils]: 92: Hoare triple {17595#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {17595#false} is VALID [2022-02-20 17:52:18,128 INFO L290 TraceCheckUtils]: 93: Hoare triple {17595#false} assume !false; {17595#false} is VALID [2022-02-20 17:52:18,128 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:18,128 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:18,128 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [280524721] [2022-02-20 17:52:18,128 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [280524721] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:18,128 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:18,128 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:52:18,129 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [773323926] [2022-02-20 17:52:18,129 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:18,129 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.5) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 94 [2022-02-20 17:52:18,129 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:18,129 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 10.5) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:18,187 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:18,187 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:52:18,187 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:18,187 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:52:18,187 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:52:18,188 INFO L87 Difference]: Start difference. First operand 690 states and 1165 transitions. Second operand has 6 states, 6 states have (on average 10.5) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:20,400 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:20,400 INFO L93 Difference]: Finished difference Result 1776 states and 3016 transitions. [2022-02-20 17:52:20,400 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:52:20,400 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.5) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 94 [2022-02-20 17:52:20,400 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:20,401 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.5) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:20,405 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:20,405 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.5) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:20,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:20,410 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 545 transitions. [2022-02-20 17:52:20,820 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 545 edges. 545 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:20,888 INFO L225 Difference]: With dead ends: 1776 [2022-02-20 17:52:20,888 INFO L226 Difference]: Without dead ends: 1179 [2022-02-20 17:52:20,889 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:52:20,890 INFO L933 BasicCegarLoop]: 269 mSDtfsCounter, 282 mSDsluCounter, 282 mSDsCounter, 0 mSdLazyCounter, 477 mSolverCounterSat, 105 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 288 SdHoareTripleChecker+Valid, 551 SdHoareTripleChecker+Invalid, 582 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 105 IncrementalHoareTripleChecker+Valid, 477 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:20,890 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [288 Valid, 551 Invalid, 582 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [105 Valid, 477 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-02-20 17:52:20,891 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1179 states. [2022-02-20 17:52:21,309 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1179 to 1066. [2022-02-20 17:52:21,310 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:21,312 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1179 states. Second operand has 1066 states, 1042 states have (on average 1.7005758157389634) internal successors, (1772), 1045 states have internal predecessors, (1772), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:21,313 INFO L74 IsIncluded]: Start isIncluded. First operand 1179 states. Second operand has 1066 states, 1042 states have (on average 1.7005758157389634) internal successors, (1772), 1045 states have internal predecessors, (1772), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:21,314 INFO L87 Difference]: Start difference. First operand 1179 states. Second operand has 1066 states, 1042 states have (on average 1.7005758157389634) internal successors, (1772), 1045 states have internal predecessors, (1772), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:21,359 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:21,359 INFO L93 Difference]: Finished difference Result 1179 states and 1965 transitions. [2022-02-20 17:52:21,359 INFO L276 IsEmpty]: Start isEmpty. Operand 1179 states and 1965 transitions. [2022-02-20 17:52:21,362 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:21,362 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:21,364 INFO L74 IsIncluded]: Start isIncluded. First operand has 1066 states, 1042 states have (on average 1.7005758157389634) internal successors, (1772), 1045 states have internal predecessors, (1772), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 1179 states. [2022-02-20 17:52:21,365 INFO L87 Difference]: Start difference. First operand has 1066 states, 1042 states have (on average 1.7005758157389634) internal successors, (1772), 1045 states have internal predecessors, (1772), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 1179 states. [2022-02-20 17:52:21,428 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:21,428 INFO L93 Difference]: Finished difference Result 1179 states and 1965 transitions. [2022-02-20 17:52:21,428 INFO L276 IsEmpty]: Start isEmpty. Operand 1179 states and 1965 transitions. [2022-02-20 17:52:21,431 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:21,431 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:21,431 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:21,431 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:21,433 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1066 states, 1042 states have (on average 1.7005758157389634) internal successors, (1772), 1045 states have internal predecessors, (1772), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:21,503 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1066 states to 1066 states and 1802 transitions. [2022-02-20 17:52:21,503 INFO L78 Accepts]: Start accepts. Automaton has 1066 states and 1802 transitions. Word has length 94 [2022-02-20 17:52:21,504 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:21,504 INFO L470 AbstractCegarLoop]: Abstraction has 1066 states and 1802 transitions. [2022-02-20 17:52:21,504 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 10.5) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:21,504 INFO L276 IsEmpty]: Start isEmpty. Operand 1066 states and 1802 transitions. [2022-02-20 17:52:21,506 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 96 [2022-02-20 17:52:21,506 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:21,506 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:21,507 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2022-02-20 17:52:21,507 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:21,507 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:21,507 INFO L85 PathProgramCache]: Analyzing trace with hash 1648648952, now seen corresponding path program 1 times [2022-02-20 17:52:21,507 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:21,507 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [235824466] [2022-02-20 17:52:21,507 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:21,508 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:21,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:21,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,566 INFO L290 TraceCheckUtils]: 0: Hoare triple {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,566 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,566 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,566 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24153#true} {24153#true} #410#return; {24153#true} is VALID [2022-02-20 17:52:21,566 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:21,568 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,570 INFO L290 TraceCheckUtils]: 0: Hoare triple {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume !(1 == ~handle); {24153#true} is VALID [2022-02-20 17:52:21,570 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,570 INFO L290 TraceCheckUtils]: 3: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,570 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24153#true} {24153#true} #412#return; {24153#true} is VALID [2022-02-20 17:52:21,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:21,577 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,580 INFO L290 TraceCheckUtils]: 0: Hoare triple {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,580 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume !(1 == ~handle); {24153#true} is VALID [2022-02-20 17:52:21,581 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume !(2 == ~handle); {24153#true} is VALID [2022-02-20 17:52:21,581 INFO L290 TraceCheckUtils]: 3: Hoare triple {24153#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,581 INFO L290 TraceCheckUtils]: 4: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,581 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24153#true} {24153#true} #414#return; {24153#true} is VALID [2022-02-20 17:52:21,585 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2022-02-20 17:52:21,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,589 INFO L290 TraceCheckUtils]: 0: Hoare triple {24195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,589 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,589 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,589 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24153#true} {24154#false} #404#return; {24154#false} is VALID [2022-02-20 17:52:21,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:52:21,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {24196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,597 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,597 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,597 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24153#true} {24154#false} #406#return; {24154#false} is VALID [2022-02-20 17:52:21,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:52:21,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {24195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,600 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,600 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24153#true} {24154#false} #392#return; {24154#false} is VALID [2022-02-20 17:52:21,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:52:21,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {24153#true} ~handle := #in~handle;havoc ~retValue_acc~4; {24153#true} is VALID [2022-02-20 17:52:21,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {24153#true} is VALID [2022-02-20 17:52:21,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,604 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24153#true} {24154#false} #394#return; {24154#false} is VALID [2022-02-20 17:52:21,604 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:52:21,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {24196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,608 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24153#true} {24154#false} #396#return; {24154#false} is VALID [2022-02-20 17:52:21,608 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:52:21,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:21,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {24153#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {24153#true} is VALID [2022-02-20 17:52:21,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,611 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24153#true} {24154#false} #398#return; {24154#false} is VALID [2022-02-20 17:52:21,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {24153#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {24153#true} is VALID [2022-02-20 17:52:21,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {24153#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {24153#true} is VALID [2022-02-20 17:52:21,611 INFO L290 TraceCheckUtils]: 2: Hoare triple {24153#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24153#true} is VALID [2022-02-20 17:52:21,611 INFO L290 TraceCheckUtils]: 3: Hoare triple {24153#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {24153#true} is VALID [2022-02-20 17:52:21,612 INFO L290 TraceCheckUtils]: 4: Hoare triple {24153#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {24153#true} is VALID [2022-02-20 17:52:21,612 INFO L290 TraceCheckUtils]: 5: Hoare triple {24153#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {24153#true} is VALID [2022-02-20 17:52:21,612 INFO L272 TraceCheckUtils]: 6: Hoare triple {24153#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:21,612 INFO L290 TraceCheckUtils]: 7: Hoare triple {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,612 INFO L290 TraceCheckUtils]: 8: Hoare triple {24153#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,613 INFO L290 TraceCheckUtils]: 9: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,613 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24153#true} {24153#true} #410#return; {24153#true} is VALID [2022-02-20 17:52:21,613 INFO L290 TraceCheckUtils]: 11: Hoare triple {24153#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {24153#true} is VALID [2022-02-20 17:52:21,613 INFO L272 TraceCheckUtils]: 12: Hoare triple {24153#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:21,613 INFO L290 TraceCheckUtils]: 13: Hoare triple {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,613 INFO L290 TraceCheckUtils]: 14: Hoare triple {24153#true} assume !(1 == ~handle); {24153#true} is VALID [2022-02-20 17:52:21,614 INFO L290 TraceCheckUtils]: 15: Hoare triple {24153#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,614 INFO L290 TraceCheckUtils]: 16: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,614 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {24153#true} {24153#true} #412#return; {24153#true} is VALID [2022-02-20 17:52:21,614 INFO L290 TraceCheckUtils]: 18: Hoare triple {24153#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {24153#true} is VALID [2022-02-20 17:52:21,614 INFO L272 TraceCheckUtils]: 19: Hoare triple {24153#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:21,614 INFO L290 TraceCheckUtils]: 20: Hoare triple {24194#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,615 INFO L290 TraceCheckUtils]: 21: Hoare triple {24153#true} assume !(1 == ~handle); {24153#true} is VALID [2022-02-20 17:52:21,615 INFO L290 TraceCheckUtils]: 22: Hoare triple {24153#true} assume !(2 == ~handle); {24153#true} is VALID [2022-02-20 17:52:21,615 INFO L290 TraceCheckUtils]: 23: Hoare triple {24153#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,615 INFO L290 TraceCheckUtils]: 24: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,615 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {24153#true} {24153#true} #414#return; {24153#true} is VALID [2022-02-20 17:52:21,615 INFO L290 TraceCheckUtils]: 26: Hoare triple {24153#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {24153#true} is VALID [2022-02-20 17:52:21,615 INFO L290 TraceCheckUtils]: 27: Hoare triple {24153#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,616 INFO L290 TraceCheckUtils]: 28: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !false; {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,616 INFO L290 TraceCheckUtils]: 29: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,616 INFO L290 TraceCheckUtils]: 30: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,616 INFO L290 TraceCheckUtils]: 31: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,617 INFO L290 TraceCheckUtils]: 32: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,617 INFO L290 TraceCheckUtils]: 33: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet15#1 && test_#t~nondet15#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet15#1;havoc test_#t~nondet15#1; {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,617 INFO L290 TraceCheckUtils]: 34: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,618 INFO L290 TraceCheckUtils]: 35: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,618 INFO L290 TraceCheckUtils]: 36: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,618 INFO L290 TraceCheckUtils]: 37: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op4~0#1;assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___6~0#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,618 INFO L290 TraceCheckUtils]: 38: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___6~0#1); {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:52:21,619 INFO L290 TraceCheckUtils]: 39: Hoare triple {24170#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 == test_~op5~0#1); {24154#false} is VALID [2022-02-20 17:52:21,619 INFO L290 TraceCheckUtils]: 40: Hoare triple {24154#false} assume !(0 == test_~op6~0#1); {24154#false} is VALID [2022-02-20 17:52:21,619 INFO L290 TraceCheckUtils]: 41: Hoare triple {24154#false} assume !(0 == test_~op7~0#1); {24154#false} is VALID [2022-02-20 17:52:21,619 INFO L290 TraceCheckUtils]: 42: Hoare triple {24154#false} assume !(0 == test_~op8~0#1); {24154#false} is VALID [2022-02-20 17:52:21,619 INFO L290 TraceCheckUtils]: 43: Hoare triple {24154#false} assume !(0 == test_~op9~0#1); {24154#false} is VALID [2022-02-20 17:52:21,619 INFO L290 TraceCheckUtils]: 44: Hoare triple {24154#false} assume !(0 == test_~op10~0#1); {24154#false} is VALID [2022-02-20 17:52:21,619 INFO L290 TraceCheckUtils]: 45: Hoare triple {24154#false} assume !(0 == test_~op11~0#1); {24154#false} is VALID [2022-02-20 17:52:21,619 INFO L290 TraceCheckUtils]: 46: Hoare triple {24154#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {24154#false} is VALID [2022-02-20 17:52:21,619 INFO L272 TraceCheckUtils]: 47: Hoare triple {24154#false} call sendEmail(~bob~0, ~rjh~0); {24154#false} is VALID [2022-02-20 17:52:21,620 INFO L290 TraceCheckUtils]: 48: Hoare triple {24154#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24154#false} is VALID [2022-02-20 17:52:21,620 INFO L272 TraceCheckUtils]: 49: Hoare triple {24154#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:21,620 INFO L290 TraceCheckUtils]: 50: Hoare triple {24195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,620 INFO L290 TraceCheckUtils]: 51: Hoare triple {24153#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,620 INFO L290 TraceCheckUtils]: 52: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,620 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {24153#true} {24154#false} #404#return; {24154#false} is VALID [2022-02-20 17:52:21,620 INFO L272 TraceCheckUtils]: 54: Hoare triple {24154#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:21,620 INFO L290 TraceCheckUtils]: 55: Hoare triple {24196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,620 INFO L290 TraceCheckUtils]: 56: Hoare triple {24153#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,620 INFO L290 TraceCheckUtils]: 57: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,620 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {24153#true} {24154#false} #406#return; {24154#false} is VALID [2022-02-20 17:52:21,621 INFO L290 TraceCheckUtils]: 59: Hoare triple {24154#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {24154#false} is VALID [2022-02-20 17:52:21,621 INFO L290 TraceCheckUtils]: 60: Hoare triple {24154#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {24154#false} is VALID [2022-02-20 17:52:21,621 INFO L272 TraceCheckUtils]: 61: Hoare triple {24154#false} call outgoing(~sender#1, ~email~0#1); {24154#false} is VALID [2022-02-20 17:52:21,621 INFO L290 TraceCheckUtils]: 62: Hoare triple {24154#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {24154#false} is VALID [2022-02-20 17:52:21,621 INFO L290 TraceCheckUtils]: 63: Hoare triple {24154#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {24154#false} is VALID [2022-02-20 17:52:21,621 INFO L290 TraceCheckUtils]: 64: Hoare triple {24154#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {24154#false} is VALID [2022-02-20 17:52:21,621 INFO L272 TraceCheckUtils]: 65: Hoare triple {24154#false} call setEmailFrom(~msg#1, ~tmp~10#1); {24195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:21,621 INFO L290 TraceCheckUtils]: 66: Hoare triple {24195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,621 INFO L290 TraceCheckUtils]: 67: Hoare triple {24153#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,621 INFO L290 TraceCheckUtils]: 68: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,621 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {24153#true} {24154#false} #392#return; {24154#false} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 70: Hoare triple {24154#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {24154#false} is VALID [2022-02-20 17:52:21,622 INFO L272 TraceCheckUtils]: 71: Hoare triple {24154#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {24153#true} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 72: Hoare triple {24153#true} ~handle := #in~handle;havoc ~retValue_acc~4; {24153#true} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 73: Hoare triple {24153#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {24153#true} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 74: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,622 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {24153#true} {24154#false} #394#return; {24154#false} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 76: Hoare triple {24154#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {24154#false} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 77: Hoare triple {24154#false} assume { :end_inline_deliver } true; {24154#false} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 78: Hoare triple {24154#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {24154#false} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 79: Hoare triple {24154#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {24154#false} is VALID [2022-02-20 17:52:21,622 INFO L290 TraceCheckUtils]: 80: Hoare triple {24154#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {24154#false} is VALID [2022-02-20 17:52:21,623 INFO L290 TraceCheckUtils]: 81: Hoare triple {24154#false} assume 0 != incoming_~fwreceiver~0#1; {24154#false} is VALID [2022-02-20 17:52:21,623 INFO L272 TraceCheckUtils]: 82: Hoare triple {24154#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {24196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:21,623 INFO L290 TraceCheckUtils]: 83: Hoare triple {24196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24153#true} is VALID [2022-02-20 17:52:21,623 INFO L290 TraceCheckUtils]: 84: Hoare triple {24153#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24153#true} is VALID [2022-02-20 17:52:21,623 INFO L290 TraceCheckUtils]: 85: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,623 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {24153#true} {24154#false} #396#return; {24154#false} is VALID [2022-02-20 17:52:21,623 INFO L290 TraceCheckUtils]: 87: Hoare triple {24154#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {24154#false} is VALID [2022-02-20 17:52:21,623 INFO L272 TraceCheckUtils]: 88: Hoare triple {24154#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {24153#true} is VALID [2022-02-20 17:52:21,623 INFO L290 TraceCheckUtils]: 89: Hoare triple {24153#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {24153#true} is VALID [2022-02-20 17:52:21,623 INFO L290 TraceCheckUtils]: 90: Hoare triple {24153#true} assume true; {24153#true} is VALID [2022-02-20 17:52:21,623 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {24153#true} {24154#false} #398#return; {24154#false} is VALID [2022-02-20 17:52:21,624 INFO L290 TraceCheckUtils]: 92: Hoare triple {24154#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {24154#false} is VALID [2022-02-20 17:52:21,624 INFO L290 TraceCheckUtils]: 93: Hoare triple {24154#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {24154#false} is VALID [2022-02-20 17:52:21,624 INFO L290 TraceCheckUtils]: 94: Hoare triple {24154#false} assume !false; {24154#false} is VALID [2022-02-20 17:52:21,624 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:21,624 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:21,624 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [235824466] [2022-02-20 17:52:21,624 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [235824466] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:21,624 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:21,625 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:52:21,625 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1247738148] [2022-02-20 17:52:21,625 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:21,625 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.666666666666666) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 95 [2022-02-20 17:52:21,625 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:21,626 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 10.666666666666666) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:21,690 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:21,691 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:52:21,691 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:21,691 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:52:21,692 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:52:21,692 INFO L87 Difference]: Start difference. First operand 1066 states and 1802 transitions. Second operand has 6 states, 6 states have (on average 10.666666666666666) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:24,115 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:24,115 INFO L93 Difference]: Finished difference Result 2711 states and 4617 transitions. [2022-02-20 17:52:24,115 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:52:24,116 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.666666666666666) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 95 [2022-02-20 17:52:24,116 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:24,116 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.666666666666666) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:24,120 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:24,120 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.666666666666666) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:24,124 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:24,125 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 545 transitions. [2022-02-20 17:52:24,534 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 545 edges. 545 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:24,707 INFO L225 Difference]: With dead ends: 2711 [2022-02-20 17:52:24,707 INFO L226 Difference]: Without dead ends: 1803 [2022-02-20 17:52:24,709 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:52:24,709 INFO L933 BasicCegarLoop]: 267 mSDtfsCounter, 281 mSDsluCounter, 282 mSDsCounter, 0 mSdLazyCounter, 472 mSolverCounterSat, 105 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 288 SdHoareTripleChecker+Valid, 549 SdHoareTripleChecker+Invalid, 577 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 105 IncrementalHoareTripleChecker+Valid, 472 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:24,709 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [288 Valid, 549 Invalid, 577 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [105 Valid, 472 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-02-20 17:52:24,711 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1803 states. [2022-02-20 17:52:25,272 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1803 to 1690. [2022-02-20 17:52:25,272 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:25,274 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1803 states. Second operand has 1690 states, 1666 states have (on average 1.6920768307322929) internal successors, (2819), 1669 states have internal predecessors, (2819), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:25,276 INFO L74 IsIncluded]: Start isIncluded. First operand 1803 states. Second operand has 1690 states, 1666 states have (on average 1.6920768307322929) internal successors, (2819), 1669 states have internal predecessors, (2819), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:25,278 INFO L87 Difference]: Start difference. First operand 1803 states. Second operand has 1690 states, 1666 states have (on average 1.6920768307322929) internal successors, (2819), 1669 states have internal predecessors, (2819), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:25,415 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:25,415 INFO L93 Difference]: Finished difference Result 1803 states and 3012 transitions. [2022-02-20 17:52:25,416 INFO L276 IsEmpty]: Start isEmpty. Operand 1803 states and 3012 transitions. [2022-02-20 17:52:25,430 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:25,431 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:25,433 INFO L74 IsIncluded]: Start isIncluded. First operand has 1690 states, 1666 states have (on average 1.6920768307322929) internal successors, (2819), 1669 states have internal predecessors, (2819), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 1803 states. [2022-02-20 17:52:25,434 INFO L87 Difference]: Start difference. First operand has 1690 states, 1666 states have (on average 1.6920768307322929) internal successors, (2819), 1669 states have internal predecessors, (2819), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 1803 states. [2022-02-20 17:52:25,575 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:25,575 INFO L93 Difference]: Finished difference Result 1803 states and 3012 transitions. [2022-02-20 17:52:25,575 INFO L276 IsEmpty]: Start isEmpty. Operand 1803 states and 3012 transitions. [2022-02-20 17:52:25,578 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:25,578 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:25,578 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:25,578 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:25,581 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1690 states, 1666 states have (on average 1.6920768307322929) internal successors, (2819), 1669 states have internal predecessors, (2819), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:25,746 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1690 states to 1690 states and 2849 transitions. [2022-02-20 17:52:25,747 INFO L78 Accepts]: Start accepts. Automaton has 1690 states and 2849 transitions. Word has length 95 [2022-02-20 17:52:25,747 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:25,747 INFO L470 AbstractCegarLoop]: Abstraction has 1690 states and 2849 transitions. [2022-02-20 17:52:25,747 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 10.666666666666666) internal successors, (64), 3 states have internal predecessors, (64), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:25,747 INFO L276 IsEmpty]: Start isEmpty. Operand 1690 states and 2849 transitions. [2022-02-20 17:52:25,750 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-02-20 17:52:25,750 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:25,751 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:25,751 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 17:52:25,751 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:25,751 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:25,751 INFO L85 PathProgramCache]: Analyzing trace with hash -48945814, now seen corresponding path program 1 times [2022-02-20 17:52:25,751 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:25,752 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [886342211] [2022-02-20 17:52:25,752 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:25,752 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:25,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:25,828 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,830 INFO L290 TraceCheckUtils]: 0: Hoare triple {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,830 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,830 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,831 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34259#true} {34259#true} #410#return; {34259#true} is VALID [2022-02-20 17:52:25,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:25,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,834 INFO L290 TraceCheckUtils]: 0: Hoare triple {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume !(1 == ~handle); {34259#true} is VALID [2022-02-20 17:52:25,834 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,834 INFO L290 TraceCheckUtils]: 3: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,834 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34259#true} {34259#true} #412#return; {34259#true} is VALID [2022-02-20 17:52:25,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:25,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,837 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume !(1 == ~handle); {34259#true} is VALID [2022-02-20 17:52:25,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume !(2 == ~handle); {34259#true} is VALID [2022-02-20 17:52:25,838 INFO L290 TraceCheckUtils]: 3: Hoare triple {34259#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,838 INFO L290 TraceCheckUtils]: 4: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,838 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34259#true} {34259#true} #414#return; {34259#true} is VALID [2022-02-20 17:52:25,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:52:25,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,845 INFO L290 TraceCheckUtils]: 0: Hoare triple {34301#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,845 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,845 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,845 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34259#true} {34260#false} #404#return; {34260#false} is VALID [2022-02-20 17:52:25,850 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:52:25,851 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {34302#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,854 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34259#true} {34260#false} #406#return; {34260#false} is VALID [2022-02-20 17:52:25,854 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:52:25,855 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,857 INFO L290 TraceCheckUtils]: 0: Hoare triple {34301#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,857 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,857 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,857 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34259#true} {34260#false} #392#return; {34260#false} is VALID [2022-02-20 17:52:25,857 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:52:25,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,860 INFO L290 TraceCheckUtils]: 0: Hoare triple {34259#true} ~handle := #in~handle;havoc ~retValue_acc~4; {34259#true} is VALID [2022-02-20 17:52:25,860 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {34259#true} is VALID [2022-02-20 17:52:25,860 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,860 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34259#true} {34260#false} #394#return; {34260#false} is VALID [2022-02-20 17:52:25,860 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:52:25,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {34302#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,863 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,863 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,863 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34259#true} {34260#false} #396#return; {34260#false} is VALID [2022-02-20 17:52:25,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:52:25,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:25,866 INFO L290 TraceCheckUtils]: 0: Hoare triple {34259#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {34259#true} is VALID [2022-02-20 17:52:25,866 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,866 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34259#true} {34260#false} #398#return; {34260#false} is VALID [2022-02-20 17:52:25,866 INFO L290 TraceCheckUtils]: 0: Hoare triple {34259#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {34259#true} is VALID [2022-02-20 17:52:25,867 INFO L290 TraceCheckUtils]: 1: Hoare triple {34259#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {34259#true} is VALID [2022-02-20 17:52:25,867 INFO L290 TraceCheckUtils]: 2: Hoare triple {34259#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {34259#true} is VALID [2022-02-20 17:52:25,867 INFO L290 TraceCheckUtils]: 3: Hoare triple {34259#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {34259#true} is VALID [2022-02-20 17:52:25,867 INFO L290 TraceCheckUtils]: 4: Hoare triple {34259#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {34259#true} is VALID [2022-02-20 17:52:25,867 INFO L290 TraceCheckUtils]: 5: Hoare triple {34259#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34259#true} is VALID [2022-02-20 17:52:25,868 INFO L272 TraceCheckUtils]: 6: Hoare triple {34259#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:25,868 INFO L290 TraceCheckUtils]: 7: Hoare triple {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,868 INFO L290 TraceCheckUtils]: 8: Hoare triple {34259#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,868 INFO L290 TraceCheckUtils]: 9: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,868 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {34259#true} {34259#true} #410#return; {34259#true} is VALID [2022-02-20 17:52:25,868 INFO L290 TraceCheckUtils]: 11: Hoare triple {34259#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {34259#true} is VALID [2022-02-20 17:52:25,869 INFO L272 TraceCheckUtils]: 12: Hoare triple {34259#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:25,869 INFO L290 TraceCheckUtils]: 13: Hoare triple {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,869 INFO L290 TraceCheckUtils]: 14: Hoare triple {34259#true} assume !(1 == ~handle); {34259#true} is VALID [2022-02-20 17:52:25,870 INFO L290 TraceCheckUtils]: 15: Hoare triple {34259#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,870 INFO L290 TraceCheckUtils]: 16: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,870 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {34259#true} {34259#true} #412#return; {34259#true} is VALID [2022-02-20 17:52:25,870 INFO L290 TraceCheckUtils]: 18: Hoare triple {34259#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34259#true} is VALID [2022-02-20 17:52:25,871 INFO L272 TraceCheckUtils]: 19: Hoare triple {34259#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:25,871 INFO L290 TraceCheckUtils]: 20: Hoare triple {34300#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,871 INFO L290 TraceCheckUtils]: 21: Hoare triple {34259#true} assume !(1 == ~handle); {34259#true} is VALID [2022-02-20 17:52:25,871 INFO L290 TraceCheckUtils]: 22: Hoare triple {34259#true} assume !(2 == ~handle); {34259#true} is VALID [2022-02-20 17:52:25,871 INFO L290 TraceCheckUtils]: 23: Hoare triple {34259#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,871 INFO L290 TraceCheckUtils]: 24: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,871 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {34259#true} {34259#true} #414#return; {34259#true} is VALID [2022-02-20 17:52:25,871 INFO L290 TraceCheckUtils]: 26: Hoare triple {34259#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {34259#true} is VALID [2022-02-20 17:52:25,872 INFO L290 TraceCheckUtils]: 27: Hoare triple {34259#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,872 INFO L290 TraceCheckUtils]: 28: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume !false; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,873 INFO L290 TraceCheckUtils]: 29: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,873 INFO L290 TraceCheckUtils]: 30: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,873 INFO L290 TraceCheckUtils]: 31: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,873 INFO L290 TraceCheckUtils]: 32: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,874 INFO L290 TraceCheckUtils]: 33: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet15#1 && test_#t~nondet15#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet15#1;havoc test_#t~nondet15#1; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,874 INFO L290 TraceCheckUtils]: 34: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,874 INFO L290 TraceCheckUtils]: 35: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,875 INFO L290 TraceCheckUtils]: 36: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,875 INFO L290 TraceCheckUtils]: 37: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume 0 == test_~op4~0#1;assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___6~0#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,875 INFO L290 TraceCheckUtils]: 38: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume !(0 != test_~tmp___6~0#1); {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,876 INFO L290 TraceCheckUtils]: 39: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume 0 == test_~op5~0#1;assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___5~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,876 INFO L290 TraceCheckUtils]: 40: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume !(0 != test_~tmp___5~0#1); {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} is VALID [2022-02-20 17:52:25,876 INFO L290 TraceCheckUtils]: 41: Hoare triple {34276#(= |ULTIMATE.start_test_~op6~0#1| 0)} assume !(0 == test_~op6~0#1); {34260#false} is VALID [2022-02-20 17:52:25,876 INFO L290 TraceCheckUtils]: 42: Hoare triple {34260#false} assume !(0 == test_~op7~0#1); {34260#false} is VALID [2022-02-20 17:52:25,877 INFO L290 TraceCheckUtils]: 43: Hoare triple {34260#false} assume !(0 == test_~op8~0#1); {34260#false} is VALID [2022-02-20 17:52:25,877 INFO L290 TraceCheckUtils]: 44: Hoare triple {34260#false} assume !(0 == test_~op9~0#1); {34260#false} is VALID [2022-02-20 17:52:25,877 INFO L290 TraceCheckUtils]: 45: Hoare triple {34260#false} assume !(0 == test_~op10~0#1); {34260#false} is VALID [2022-02-20 17:52:25,877 INFO L290 TraceCheckUtils]: 46: Hoare triple {34260#false} assume !(0 == test_~op11~0#1); {34260#false} is VALID [2022-02-20 17:52:25,877 INFO L290 TraceCheckUtils]: 47: Hoare triple {34260#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {34260#false} is VALID [2022-02-20 17:52:25,877 INFO L272 TraceCheckUtils]: 48: Hoare triple {34260#false} call sendEmail(~bob~0, ~rjh~0); {34260#false} is VALID [2022-02-20 17:52:25,877 INFO L290 TraceCheckUtils]: 49: Hoare triple {34260#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34260#false} is VALID [2022-02-20 17:52:25,878 INFO L272 TraceCheckUtils]: 50: Hoare triple {34260#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34301#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:25,878 INFO L290 TraceCheckUtils]: 51: Hoare triple {34301#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,878 INFO L290 TraceCheckUtils]: 52: Hoare triple {34259#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,878 INFO L290 TraceCheckUtils]: 53: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,879 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {34259#true} {34260#false} #404#return; {34260#false} is VALID [2022-02-20 17:52:25,879 INFO L272 TraceCheckUtils]: 55: Hoare triple {34260#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34302#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:25,879 INFO L290 TraceCheckUtils]: 56: Hoare triple {34302#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,879 INFO L290 TraceCheckUtils]: 57: Hoare triple {34259#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,879 INFO L290 TraceCheckUtils]: 58: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,879 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {34259#true} {34260#false} #406#return; {34260#false} is VALID [2022-02-20 17:52:25,879 INFO L290 TraceCheckUtils]: 60: Hoare triple {34260#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {34260#false} is VALID [2022-02-20 17:52:25,880 INFO L290 TraceCheckUtils]: 61: Hoare triple {34260#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {34260#false} is VALID [2022-02-20 17:52:25,880 INFO L272 TraceCheckUtils]: 62: Hoare triple {34260#false} call outgoing(~sender#1, ~email~0#1); {34260#false} is VALID [2022-02-20 17:52:25,880 INFO L290 TraceCheckUtils]: 63: Hoare triple {34260#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {34260#false} is VALID [2022-02-20 17:52:25,880 INFO L290 TraceCheckUtils]: 64: Hoare triple {34260#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {34260#false} is VALID [2022-02-20 17:52:25,880 INFO L290 TraceCheckUtils]: 65: Hoare triple {34260#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {34260#false} is VALID [2022-02-20 17:52:25,880 INFO L272 TraceCheckUtils]: 66: Hoare triple {34260#false} call setEmailFrom(~msg#1, ~tmp~10#1); {34301#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:25,880 INFO L290 TraceCheckUtils]: 67: Hoare triple {34301#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,881 INFO L290 TraceCheckUtils]: 68: Hoare triple {34259#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,881 INFO L290 TraceCheckUtils]: 69: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,881 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {34259#true} {34260#false} #392#return; {34260#false} is VALID [2022-02-20 17:52:25,881 INFO L290 TraceCheckUtils]: 71: Hoare triple {34260#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {34260#false} is VALID [2022-02-20 17:52:25,881 INFO L272 TraceCheckUtils]: 72: Hoare triple {34260#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {34259#true} is VALID [2022-02-20 17:52:25,881 INFO L290 TraceCheckUtils]: 73: Hoare triple {34259#true} ~handle := #in~handle;havoc ~retValue_acc~4; {34259#true} is VALID [2022-02-20 17:52:25,881 INFO L290 TraceCheckUtils]: 74: Hoare triple {34259#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {34259#true} is VALID [2022-02-20 17:52:25,881 INFO L290 TraceCheckUtils]: 75: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,882 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {34259#true} {34260#false} #394#return; {34260#false} is VALID [2022-02-20 17:52:25,882 INFO L290 TraceCheckUtils]: 77: Hoare triple {34260#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {34260#false} is VALID [2022-02-20 17:52:25,882 INFO L290 TraceCheckUtils]: 78: Hoare triple {34260#false} assume { :end_inline_deliver } true; {34260#false} is VALID [2022-02-20 17:52:25,882 INFO L290 TraceCheckUtils]: 79: Hoare triple {34260#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {34260#false} is VALID [2022-02-20 17:52:25,882 INFO L290 TraceCheckUtils]: 80: Hoare triple {34260#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {34260#false} is VALID [2022-02-20 17:52:25,882 INFO L290 TraceCheckUtils]: 81: Hoare triple {34260#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {34260#false} is VALID [2022-02-20 17:52:25,882 INFO L290 TraceCheckUtils]: 82: Hoare triple {34260#false} assume 0 != incoming_~fwreceiver~0#1; {34260#false} is VALID [2022-02-20 17:52:25,882 INFO L272 TraceCheckUtils]: 83: Hoare triple {34260#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {34302#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:25,883 INFO L290 TraceCheckUtils]: 84: Hoare triple {34302#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34259#true} is VALID [2022-02-20 17:52:25,883 INFO L290 TraceCheckUtils]: 85: Hoare triple {34259#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34259#true} is VALID [2022-02-20 17:52:25,883 INFO L290 TraceCheckUtils]: 86: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,883 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {34259#true} {34260#false} #396#return; {34260#false} is VALID [2022-02-20 17:52:25,883 INFO L290 TraceCheckUtils]: 88: Hoare triple {34260#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {34260#false} is VALID [2022-02-20 17:52:25,883 INFO L272 TraceCheckUtils]: 89: Hoare triple {34260#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {34259#true} is VALID [2022-02-20 17:52:25,883 INFO L290 TraceCheckUtils]: 90: Hoare triple {34259#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {34259#true} is VALID [2022-02-20 17:52:25,883 INFO L290 TraceCheckUtils]: 91: Hoare triple {34259#true} assume true; {34259#true} is VALID [2022-02-20 17:52:25,884 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {34259#true} {34260#false} #398#return; {34260#false} is VALID [2022-02-20 17:52:25,884 INFO L290 TraceCheckUtils]: 93: Hoare triple {34260#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {34260#false} is VALID [2022-02-20 17:52:25,884 INFO L290 TraceCheckUtils]: 94: Hoare triple {34260#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {34260#false} is VALID [2022-02-20 17:52:25,884 INFO L290 TraceCheckUtils]: 95: Hoare triple {34260#false} assume !false; {34260#false} is VALID [2022-02-20 17:52:25,884 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:25,885 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:25,885 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [886342211] [2022-02-20 17:52:25,885 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [886342211] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:25,885 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:25,885 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:52:25,887 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [871373513] [2022-02-20 17:52:25,887 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:25,887 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.833333333333334) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 96 [2022-02-20 17:52:25,887 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:25,888 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 10.833333333333334) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:25,946 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 85 edges. 85 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:25,946 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:52:25,946 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:25,946 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:52:25,947 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:52:25,947 INFO L87 Difference]: Start difference. First operand 1690 states and 2849 transitions. Second operand has 6 states, 6 states have (on average 10.833333333333334) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:28,854 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:28,855 INFO L93 Difference]: Finished difference Result 4038 states and 6896 transitions. [2022-02-20 17:52:28,855 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:52:28,855 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 10.833333333333334) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 96 [2022-02-20 17:52:28,855 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:28,855 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.833333333333334) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:28,867 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 537 transitions. [2022-02-20 17:52:28,867 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 10.833333333333334) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:28,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 537 transitions. [2022-02-20 17:52:28,871 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 537 transitions. [2022-02-20 17:52:29,276 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 537 edges. 537 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:29,591 INFO L225 Difference]: With dead ends: 4038 [2022-02-20 17:52:29,591 INFO L226 Difference]: Without dead ends: 2686 [2022-02-20 17:52:29,593 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:52:29,594 INFO L933 BasicCegarLoop]: 268 mSDtfsCounter, 279 mSDsluCounter, 274 mSDsCounter, 0 mSdLazyCounter, 476 mSolverCounterSat, 105 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 286 SdHoareTripleChecker+Valid, 542 SdHoareTripleChecker+Invalid, 581 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 105 IncrementalHoareTripleChecker+Valid, 476 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:29,594 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [286 Valid, 542 Invalid, 581 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [105 Valid, 476 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-02-20 17:52:29,596 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2686 states. [2022-02-20 17:52:30,459 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2686 to 2573. [2022-02-20 17:52:30,460 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:30,464 INFO L82 GeneralOperation]: Start isEquivalent. First operand 2686 states. Second operand has 2573 states, 2549 states have (on average 1.6881129854845038) internal successors, (4303), 2552 states have internal predecessors, (4303), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:30,467 INFO L74 IsIncluded]: Start isIncluded. First operand 2686 states. Second operand has 2573 states, 2549 states have (on average 1.6881129854845038) internal successors, (4303), 2552 states have internal predecessors, (4303), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:30,470 INFO L87 Difference]: Start difference. First operand 2686 states. Second operand has 2573 states, 2549 states have (on average 1.6881129854845038) internal successors, (4303), 2552 states have internal predecessors, (4303), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:30,751 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:30,751 INFO L93 Difference]: Finished difference Result 2686 states and 4496 transitions. [2022-02-20 17:52:30,751 INFO L276 IsEmpty]: Start isEmpty. Operand 2686 states and 4496 transitions. [2022-02-20 17:52:30,755 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:30,755 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:30,759 INFO L74 IsIncluded]: Start isIncluded. First operand has 2573 states, 2549 states have (on average 1.6881129854845038) internal successors, (4303), 2552 states have internal predecessors, (4303), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 2686 states. [2022-02-20 17:52:30,763 INFO L87 Difference]: Start difference. First operand has 2573 states, 2549 states have (on average 1.6881129854845038) internal successors, (4303), 2552 states have internal predecessors, (4303), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 2686 states. [2022-02-20 17:52:31,068 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:31,068 INFO L93 Difference]: Finished difference Result 2686 states and 4496 transitions. [2022-02-20 17:52:31,068 INFO L276 IsEmpty]: Start isEmpty. Operand 2686 states and 4496 transitions. [2022-02-20 17:52:31,073 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:31,073 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:31,073 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:31,073 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:31,077 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2573 states, 2549 states have (on average 1.6881129854845038) internal successors, (4303), 2552 states have internal predecessors, (4303), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:31,370 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2573 states to 2573 states and 4333 transitions. [2022-02-20 17:52:31,370 INFO L78 Accepts]: Start accepts. Automaton has 2573 states and 4333 transitions. Word has length 96 [2022-02-20 17:52:31,371 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:31,371 INFO L470 AbstractCegarLoop]: Abstraction has 2573 states and 4333 transitions. [2022-02-20 17:52:31,371 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 10.833333333333334) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:31,371 INFO L276 IsEmpty]: Start isEmpty. Operand 2573 states and 4333 transitions. [2022-02-20 17:52:31,374 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 98 [2022-02-20 17:52:31,374 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:31,374 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:31,374 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-20 17:52:31,375 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:31,375 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:31,375 INFO L85 PathProgramCache]: Analyzing trace with hash 1971076502, now seen corresponding path program 1 times [2022-02-20 17:52:31,375 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:31,375 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [932259028] [2022-02-20 17:52:31,376 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:31,376 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:31,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,423 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:31,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,427 INFO L290 TraceCheckUtils]: 0: Hoare triple {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,427 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,427 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,427 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49449#true} {49449#true} #410#return; {49449#true} is VALID [2022-02-20 17:52:31,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:31,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,430 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume !(1 == ~handle); {49449#true} is VALID [2022-02-20 17:52:31,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,430 INFO L290 TraceCheckUtils]: 3: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,430 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {49449#true} {49449#true} #412#return; {49449#true} is VALID [2022-02-20 17:52:31,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:31,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume !(1 == ~handle); {49449#true} is VALID [2022-02-20 17:52:31,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume !(2 == ~handle); {49449#true} is VALID [2022-02-20 17:52:31,437 INFO L290 TraceCheckUtils]: 3: Hoare triple {49449#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,438 INFO L290 TraceCheckUtils]: 4: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,438 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {49449#true} {49449#true} #414#return; {49449#true} is VALID [2022-02-20 17:52:31,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 51 [2022-02-20 17:52:31,447 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {49491#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49449#true} {49450#false} #404#return; {49450#false} is VALID [2022-02-20 17:52:31,455 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:52:31,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,457 INFO L290 TraceCheckUtils]: 0: Hoare triple {49492#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,457 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,458 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,458 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49449#true} {49450#false} #406#return; {49450#false} is VALID [2022-02-20 17:52:31,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:52:31,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,460 INFO L290 TraceCheckUtils]: 0: Hoare triple {49491#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,460 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,460 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,461 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49449#true} {49450#false} #392#return; {49450#false} is VALID [2022-02-20 17:52:31,461 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:52:31,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {49449#true} ~handle := #in~handle;havoc ~retValue_acc~4; {49449#true} is VALID [2022-02-20 17:52:31,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {49449#true} is VALID [2022-02-20 17:52:31,463 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,464 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49449#true} {49450#false} #394#return; {49450#false} is VALID [2022-02-20 17:52:31,464 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:52:31,464 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,466 INFO L290 TraceCheckUtils]: 0: Hoare triple {49492#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,466 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,466 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,467 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {49449#true} {49450#false} #396#return; {49450#false} is VALID [2022-02-20 17:52:31,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:52:31,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:31,469 INFO L290 TraceCheckUtils]: 0: Hoare triple {49449#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {49449#true} is VALID [2022-02-20 17:52:31,469 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,469 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {49449#true} {49450#false} #398#return; {49450#false} is VALID [2022-02-20 17:52:31,469 INFO L290 TraceCheckUtils]: 0: Hoare triple {49449#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {49449#true} is VALID [2022-02-20 17:52:31,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {49449#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {49449#true} is VALID [2022-02-20 17:52:31,470 INFO L290 TraceCheckUtils]: 2: Hoare triple {49449#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {49449#true} is VALID [2022-02-20 17:52:31,470 INFO L290 TraceCheckUtils]: 3: Hoare triple {49449#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {49449#true} is VALID [2022-02-20 17:52:31,470 INFO L290 TraceCheckUtils]: 4: Hoare triple {49449#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {49449#true} is VALID [2022-02-20 17:52:31,470 INFO L290 TraceCheckUtils]: 5: Hoare triple {49449#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {49449#true} is VALID [2022-02-20 17:52:31,471 INFO L272 TraceCheckUtils]: 6: Hoare triple {49449#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:31,471 INFO L290 TraceCheckUtils]: 7: Hoare triple {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,471 INFO L290 TraceCheckUtils]: 8: Hoare triple {49449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,471 INFO L290 TraceCheckUtils]: 9: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,471 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {49449#true} {49449#true} #410#return; {49449#true} is VALID [2022-02-20 17:52:31,472 INFO L290 TraceCheckUtils]: 11: Hoare triple {49449#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {49449#true} is VALID [2022-02-20 17:52:31,472 INFO L272 TraceCheckUtils]: 12: Hoare triple {49449#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:31,472 INFO L290 TraceCheckUtils]: 13: Hoare triple {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,472 INFO L290 TraceCheckUtils]: 14: Hoare triple {49449#true} assume !(1 == ~handle); {49449#true} is VALID [2022-02-20 17:52:31,473 INFO L290 TraceCheckUtils]: 15: Hoare triple {49449#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,473 INFO L290 TraceCheckUtils]: 16: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,473 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {49449#true} {49449#true} #412#return; {49449#true} is VALID [2022-02-20 17:52:31,473 INFO L290 TraceCheckUtils]: 18: Hoare triple {49449#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {49449#true} is VALID [2022-02-20 17:52:31,474 INFO L272 TraceCheckUtils]: 19: Hoare triple {49449#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:31,474 INFO L290 TraceCheckUtils]: 20: Hoare triple {49490#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,474 INFO L290 TraceCheckUtils]: 21: Hoare triple {49449#true} assume !(1 == ~handle); {49449#true} is VALID [2022-02-20 17:52:31,474 INFO L290 TraceCheckUtils]: 22: Hoare triple {49449#true} assume !(2 == ~handle); {49449#true} is VALID [2022-02-20 17:52:31,474 INFO L290 TraceCheckUtils]: 23: Hoare triple {49449#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,474 INFO L290 TraceCheckUtils]: 24: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,475 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {49449#true} {49449#true} #414#return; {49449#true} is VALID [2022-02-20 17:52:31,475 INFO L290 TraceCheckUtils]: 26: Hoare triple {49449#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {49449#true} is VALID [2022-02-20 17:52:31,475 INFO L290 TraceCheckUtils]: 27: Hoare triple {49449#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,475 INFO L290 TraceCheckUtils]: 28: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume !false; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,476 INFO L290 TraceCheckUtils]: 29: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,476 INFO L290 TraceCheckUtils]: 30: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,476 INFO L290 TraceCheckUtils]: 31: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,477 INFO L290 TraceCheckUtils]: 32: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,477 INFO L290 TraceCheckUtils]: 33: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet15#1 && test_#t~nondet15#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet15#1;havoc test_#t~nondet15#1; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,477 INFO L290 TraceCheckUtils]: 34: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,478 INFO L290 TraceCheckUtils]: 35: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,478 INFO L290 TraceCheckUtils]: 36: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,478 INFO L290 TraceCheckUtils]: 37: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume 0 == test_~op4~0#1;assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___6~0#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,479 INFO L290 TraceCheckUtils]: 38: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume !(0 != test_~tmp___6~0#1); {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,479 INFO L290 TraceCheckUtils]: 39: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume 0 == test_~op5~0#1;assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___5~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,479 INFO L290 TraceCheckUtils]: 40: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume !(0 != test_~tmp___5~0#1); {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,480 INFO L290 TraceCheckUtils]: 41: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume 0 == test_~op6~0#1;assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___4~0#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,480 INFO L290 TraceCheckUtils]: 42: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume !(0 != test_~tmp___4~0#1); {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} is VALID [2022-02-20 17:52:31,480 INFO L290 TraceCheckUtils]: 43: Hoare triple {49466#(= |ULTIMATE.start_test_~op7~0#1| 0)} assume !(0 == test_~op7~0#1); {49450#false} is VALID [2022-02-20 17:52:31,481 INFO L290 TraceCheckUtils]: 44: Hoare triple {49450#false} assume !(0 == test_~op8~0#1); {49450#false} is VALID [2022-02-20 17:52:31,481 INFO L290 TraceCheckUtils]: 45: Hoare triple {49450#false} assume !(0 == test_~op9~0#1); {49450#false} is VALID [2022-02-20 17:52:31,481 INFO L290 TraceCheckUtils]: 46: Hoare triple {49450#false} assume !(0 == test_~op10~0#1); {49450#false} is VALID [2022-02-20 17:52:31,481 INFO L290 TraceCheckUtils]: 47: Hoare triple {49450#false} assume !(0 == test_~op11~0#1); {49450#false} is VALID [2022-02-20 17:52:31,481 INFO L290 TraceCheckUtils]: 48: Hoare triple {49450#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {49450#false} is VALID [2022-02-20 17:52:31,481 INFO L272 TraceCheckUtils]: 49: Hoare triple {49450#false} call sendEmail(~bob~0, ~rjh~0); {49450#false} is VALID [2022-02-20 17:52:31,481 INFO L290 TraceCheckUtils]: 50: Hoare triple {49450#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {49450#false} is VALID [2022-02-20 17:52:31,482 INFO L272 TraceCheckUtils]: 51: Hoare triple {49450#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {49491#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:31,482 INFO L290 TraceCheckUtils]: 52: Hoare triple {49491#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,482 INFO L290 TraceCheckUtils]: 53: Hoare triple {49449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,482 INFO L290 TraceCheckUtils]: 54: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,482 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {49449#true} {49450#false} #404#return; {49450#false} is VALID [2022-02-20 17:52:31,482 INFO L272 TraceCheckUtils]: 56: Hoare triple {49450#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {49492#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:31,482 INFO L290 TraceCheckUtils]: 57: Hoare triple {49492#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,482 INFO L290 TraceCheckUtils]: 58: Hoare triple {49449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,483 INFO L290 TraceCheckUtils]: 59: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,483 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {49449#true} {49450#false} #406#return; {49450#false} is VALID [2022-02-20 17:52:31,483 INFO L290 TraceCheckUtils]: 61: Hoare triple {49450#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {49450#false} is VALID [2022-02-20 17:52:31,483 INFO L290 TraceCheckUtils]: 62: Hoare triple {49450#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {49450#false} is VALID [2022-02-20 17:52:31,483 INFO L272 TraceCheckUtils]: 63: Hoare triple {49450#false} call outgoing(~sender#1, ~email~0#1); {49450#false} is VALID [2022-02-20 17:52:31,483 INFO L290 TraceCheckUtils]: 64: Hoare triple {49450#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {49450#false} is VALID [2022-02-20 17:52:31,483 INFO L290 TraceCheckUtils]: 65: Hoare triple {49450#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {49450#false} is VALID [2022-02-20 17:52:31,484 INFO L290 TraceCheckUtils]: 66: Hoare triple {49450#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {49450#false} is VALID [2022-02-20 17:52:31,484 INFO L272 TraceCheckUtils]: 67: Hoare triple {49450#false} call setEmailFrom(~msg#1, ~tmp~10#1); {49491#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:31,484 INFO L290 TraceCheckUtils]: 68: Hoare triple {49491#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,484 INFO L290 TraceCheckUtils]: 69: Hoare triple {49449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,484 INFO L290 TraceCheckUtils]: 70: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,484 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {49449#true} {49450#false} #392#return; {49450#false} is VALID [2022-02-20 17:52:31,484 INFO L290 TraceCheckUtils]: 72: Hoare triple {49450#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {49450#false} is VALID [2022-02-20 17:52:31,484 INFO L272 TraceCheckUtils]: 73: Hoare triple {49450#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {49449#true} is VALID [2022-02-20 17:52:31,485 INFO L290 TraceCheckUtils]: 74: Hoare triple {49449#true} ~handle := #in~handle;havoc ~retValue_acc~4; {49449#true} is VALID [2022-02-20 17:52:31,485 INFO L290 TraceCheckUtils]: 75: Hoare triple {49449#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {49449#true} is VALID [2022-02-20 17:52:31,485 INFO L290 TraceCheckUtils]: 76: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,485 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {49449#true} {49450#false} #394#return; {49450#false} is VALID [2022-02-20 17:52:31,485 INFO L290 TraceCheckUtils]: 78: Hoare triple {49450#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {49450#false} is VALID [2022-02-20 17:52:31,485 INFO L290 TraceCheckUtils]: 79: Hoare triple {49450#false} assume { :end_inline_deliver } true; {49450#false} is VALID [2022-02-20 17:52:31,485 INFO L290 TraceCheckUtils]: 80: Hoare triple {49450#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {49450#false} is VALID [2022-02-20 17:52:31,486 INFO L290 TraceCheckUtils]: 81: Hoare triple {49450#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {49450#false} is VALID [2022-02-20 17:52:31,486 INFO L290 TraceCheckUtils]: 82: Hoare triple {49450#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {49450#false} is VALID [2022-02-20 17:52:31,486 INFO L290 TraceCheckUtils]: 83: Hoare triple {49450#false} assume 0 != incoming_~fwreceiver~0#1; {49450#false} is VALID [2022-02-20 17:52:31,486 INFO L272 TraceCheckUtils]: 84: Hoare triple {49450#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {49492#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:31,486 INFO L290 TraceCheckUtils]: 85: Hoare triple {49492#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {49449#true} is VALID [2022-02-20 17:52:31,486 INFO L290 TraceCheckUtils]: 86: Hoare triple {49449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {49449#true} is VALID [2022-02-20 17:52:31,486 INFO L290 TraceCheckUtils]: 87: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,487 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {49449#true} {49450#false} #396#return; {49450#false} is VALID [2022-02-20 17:52:31,487 INFO L290 TraceCheckUtils]: 89: Hoare triple {49450#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {49450#false} is VALID [2022-02-20 17:52:31,487 INFO L272 TraceCheckUtils]: 90: Hoare triple {49450#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {49449#true} is VALID [2022-02-20 17:52:31,487 INFO L290 TraceCheckUtils]: 91: Hoare triple {49449#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {49449#true} is VALID [2022-02-20 17:52:31,487 INFO L290 TraceCheckUtils]: 92: Hoare triple {49449#true} assume true; {49449#true} is VALID [2022-02-20 17:52:31,487 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {49449#true} {49450#false} #398#return; {49450#false} is VALID [2022-02-20 17:52:31,487 INFO L290 TraceCheckUtils]: 94: Hoare triple {49450#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {49450#false} is VALID [2022-02-20 17:52:31,487 INFO L290 TraceCheckUtils]: 95: Hoare triple {49450#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {49450#false} is VALID [2022-02-20 17:52:31,488 INFO L290 TraceCheckUtils]: 96: Hoare triple {49450#false} assume !false; {49450#false} is VALID [2022-02-20 17:52:31,488 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:31,488 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:31,488 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [932259028] [2022-02-20 17:52:31,488 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [932259028] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:31,488 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:31,489 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:52:31,489 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [60309429] [2022-02-20 17:52:31,489 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:31,489 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 97 [2022-02-20 17:52:31,490 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:31,490 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 11.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:31,561 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:31,562 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:52:31,562 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:31,562 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:52:31,562 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:52:31,563 INFO L87 Difference]: Start difference. First operand 2573 states and 4333 transitions. Second operand has 6 states, 6 states have (on average 11.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:36,043 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:36,043 INFO L93 Difference]: Finished difference Result 6547 states and 11148 transitions. [2022-02-20 17:52:36,043 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:52:36,043 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 97 [2022-02-20 17:52:36,043 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:52:36,043 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:36,047 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:36,047 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:36,050 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 545 transitions. [2022-02-20 17:52:36,050 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 545 transitions. [2022-02-20 17:52:36,455 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 545 edges. 545 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:37,335 INFO L225 Difference]: With dead ends: 6547 [2022-02-20 17:52:37,335 INFO L226 Difference]: Without dead ends: 4455 [2022-02-20 17:52:37,338 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:52:37,338 INFO L933 BasicCegarLoop]: 268 mSDtfsCounter, 277 mSDsluCounter, 282 mSDsCounter, 0 mSdLazyCounter, 476 mSolverCounterSat, 105 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 284 SdHoareTripleChecker+Valid, 550 SdHoareTripleChecker+Invalid, 581 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 105 IncrementalHoareTripleChecker+Valid, 476 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:52:37,338 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [284 Valid, 550 Invalid, 581 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [105 Valid, 476 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-02-20 17:52:37,341 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 4455 states. [2022-02-20 17:52:38,727 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 4455 to 4342. [2022-02-20 17:52:38,727 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:52:38,732 INFO L82 GeneralOperation]: Start isEquivalent. First operand 4455 states. Second operand has 4342 states, 4318 states have (on average 1.6764705882352942) internal successors, (7239), 4321 states have internal predecessors, (7239), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:38,736 INFO L74 IsIncluded]: Start isIncluded. First operand 4455 states. Second operand has 4342 states, 4318 states have (on average 1.6764705882352942) internal successors, (7239), 4321 states have internal predecessors, (7239), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:38,738 INFO L87 Difference]: Start difference. First operand 4455 states. Second operand has 4342 states, 4318 states have (on average 1.6764705882352942) internal successors, (7239), 4321 states have internal predecessors, (7239), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:39,300 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:39,300 INFO L93 Difference]: Finished difference Result 4455 states and 7432 transitions. [2022-02-20 17:52:39,300 INFO L276 IsEmpty]: Start isEmpty. Operand 4455 states and 7432 transitions. [2022-02-20 17:52:39,305 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:39,305 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:39,311 INFO L74 IsIncluded]: Start isIncluded. First operand has 4342 states, 4318 states have (on average 1.6764705882352942) internal successors, (7239), 4321 states have internal predecessors, (7239), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 4455 states. [2022-02-20 17:52:39,315 INFO L87 Difference]: Start difference. First operand has 4342 states, 4318 states have (on average 1.6764705882352942) internal successors, (7239), 4321 states have internal predecessors, (7239), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) Second operand 4455 states. [2022-02-20 17:52:39,943 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:52:39,944 INFO L93 Difference]: Finished difference Result 4455 states and 7432 transitions. [2022-02-20 17:52:39,944 INFO L276 IsEmpty]: Start isEmpty. Operand 4455 states and 7432 transitions. [2022-02-20 17:52:39,949 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:52:39,949 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:52:39,949 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:52:39,949 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:52:39,954 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4342 states, 4318 states have (on average 1.6764705882352942) internal successors, (7239), 4321 states have internal predecessors, (7239), 14 states have call successors, (14), 7 states have call predecessors, (14), 9 states have return successors, (16), 13 states have call predecessors, (16), 13 states have call successors, (16) [2022-02-20 17:52:40,753 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4342 states to 4342 states and 7269 transitions. [2022-02-20 17:52:40,754 INFO L78 Accepts]: Start accepts. Automaton has 4342 states and 7269 transitions. Word has length 97 [2022-02-20 17:52:40,754 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:52:40,754 INFO L470 AbstractCegarLoop]: Abstraction has 4342 states and 7269 transitions. [2022-02-20 17:52:40,754 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 11.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:40,754 INFO L276 IsEmpty]: Start isEmpty. Operand 4342 states and 7269 transitions. [2022-02-20 17:52:40,759 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-02-20 17:52:40,759 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:52:40,759 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:52:40,760 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2022-02-20 17:52:40,760 INFO L402 AbstractCegarLoop]: === Iteration 14 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:52:40,760 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:52:40,760 INFO L85 PathProgramCache]: Analyzing trace with hash -18541512, now seen corresponding path program 1 times [2022-02-20 17:52:40,760 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:52:40,761 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2143882609] [2022-02-20 17:52:40,761 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:52:40,761 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:52:40,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,811 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:52:40,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,814 INFO L290 TraceCheckUtils]: 0: Hoare triple {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,814 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,814 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,815 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {74616#true} {74616#true} #410#return; {74616#true} is VALID [2022-02-20 17:52:40,815 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:52:40,816 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,817 INFO L290 TraceCheckUtils]: 0: Hoare triple {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume !(1 == ~handle); {74616#true} is VALID [2022-02-20 17:52:40,818 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,818 INFO L290 TraceCheckUtils]: 3: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,818 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {74616#true} {74616#true} #412#return; {74616#true} is VALID [2022-02-20 17:52:40,818 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 17:52:40,819 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume !(1 == ~handle); {74616#true} is VALID [2022-02-20 17:52:40,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume !(2 == ~handle); {74616#true} is VALID [2022-02-20 17:52:40,821 INFO L290 TraceCheckUtils]: 3: Hoare triple {74616#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,822 INFO L290 TraceCheckUtils]: 4: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,822 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {74616#true} {74616#true} #414#return; {74616#true} is VALID [2022-02-20 17:52:40,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:52:40,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,829 INFO L290 TraceCheckUtils]: 0: Hoare triple {74658#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,829 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,829 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {74616#true} {74617#false} #404#return; {74617#false} is VALID [2022-02-20 17:52:40,835 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:52:40,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {74659#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,838 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,838 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {74616#true} {74617#false} #406#return; {74617#false} is VALID [2022-02-20 17:52:40,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:52:40,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {74658#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,841 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,841 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {74616#true} {74617#false} #392#return; {74617#false} is VALID [2022-02-20 17:52:40,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:52:40,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {74616#true} ~handle := #in~handle;havoc ~retValue_acc~4; {74616#true} is VALID [2022-02-20 17:52:40,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {74616#true} is VALID [2022-02-20 17:52:40,843 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,843 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {74616#true} {74617#false} #394#return; {74617#false} is VALID [2022-02-20 17:52:40,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:52:40,844 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,846 INFO L290 TraceCheckUtils]: 0: Hoare triple {74659#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,846 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,846 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,846 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {74616#true} {74617#false} #396#return; {74617#false} is VALID [2022-02-20 17:52:40,846 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:52:40,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:52:40,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {74616#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {74616#true} is VALID [2022-02-20 17:52:40,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,849 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {74616#true} {74617#false} #398#return; {74617#false} is VALID [2022-02-20 17:52:40,849 INFO L290 TraceCheckUtils]: 0: Hoare triple {74616#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {74616#true} is VALID [2022-02-20 17:52:40,849 INFO L290 TraceCheckUtils]: 1: Hoare triple {74616#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet12#1, main_#t~ret13#1, main_~retValue_acc~0#1, main_~tmp~1#1;assume -2147483648 <= main_#t~nondet12#1 && main_#t~nondet12#1 <= 2147483647;main_~retValue_acc~0#1 := main_#t~nondet12#1;havoc main_#t~nondet12#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {74616#true} is VALID [2022-02-20 17:52:40,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {74616#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {74616#true} is VALID [2022-02-20 17:52:40,849 INFO L290 TraceCheckUtils]: 3: Hoare triple {74616#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~41#1;havoc valid_product_~retValue_acc~41#1;valid_product_~retValue_acc~41#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~41#1; {74616#true} is VALID [2022-02-20 17:52:40,849 INFO L290 TraceCheckUtils]: 4: Hoare triple {74616#true} main_#t~ret13#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret13#1 && main_#t~ret13#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret13#1;havoc main_#t~ret13#1; {74616#true} is VALID [2022-02-20 17:52:40,850 INFO L290 TraceCheckUtils]: 5: Hoare triple {74616#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {74616#true} is VALID [2022-02-20 17:52:40,850 INFO L272 TraceCheckUtils]: 6: Hoare triple {74616#true} call setClientId(setup_bob_~bob___0#1, setup_bob_~bob___0#1); {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:40,850 INFO L290 TraceCheckUtils]: 7: Hoare triple {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,851 INFO L290 TraceCheckUtils]: 8: Hoare triple {74616#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,851 INFO L290 TraceCheckUtils]: 9: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,851 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {74616#true} {74616#true} #410#return; {74616#true} is VALID [2022-02-20 17:52:40,851 INFO L290 TraceCheckUtils]: 11: Hoare triple {74616#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {74616#true} is VALID [2022-02-20 17:52:40,852 INFO L272 TraceCheckUtils]: 12: Hoare triple {74616#true} call setClientId(setup_rjh_~rjh___0#1, setup_rjh_~rjh___0#1); {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:40,852 INFO L290 TraceCheckUtils]: 13: Hoare triple {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,852 INFO L290 TraceCheckUtils]: 14: Hoare triple {74616#true} assume !(1 == ~handle); {74616#true} is VALID [2022-02-20 17:52:40,852 INFO L290 TraceCheckUtils]: 15: Hoare triple {74616#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,852 INFO L290 TraceCheckUtils]: 16: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,852 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {74616#true} {74616#true} #412#return; {74616#true} is VALID [2022-02-20 17:52:40,852 INFO L290 TraceCheckUtils]: 18: Hoare triple {74616#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {74616#true} is VALID [2022-02-20 17:52:40,853 INFO L272 TraceCheckUtils]: 19: Hoare triple {74616#true} call setClientId(setup_chuck_~chuck___0#1, setup_chuck_~chuck___0#1); {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:52:40,853 INFO L290 TraceCheckUtils]: 20: Hoare triple {74657#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,853 INFO L290 TraceCheckUtils]: 21: Hoare triple {74616#true} assume !(1 == ~handle); {74616#true} is VALID [2022-02-20 17:52:40,853 INFO L290 TraceCheckUtils]: 22: Hoare triple {74616#true} assume !(2 == ~handle); {74616#true} is VALID [2022-02-20 17:52:40,854 INFO L290 TraceCheckUtils]: 23: Hoare triple {74616#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,854 INFO L290 TraceCheckUtils]: 24: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,854 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {74616#true} {74616#true} #414#return; {74616#true} is VALID [2022-02-20 17:52:40,854 INFO L290 TraceCheckUtils]: 26: Hoare triple {74616#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {74616#true} is VALID [2022-02-20 17:52:40,854 INFO L290 TraceCheckUtils]: 27: Hoare triple {74616#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_#t~nondet24#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~2#1, test_~tmp___0~1#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~2#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,855 INFO L290 TraceCheckUtils]: 28: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !false; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,855 INFO L290 TraceCheckUtils]: 29: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,855 INFO L290 TraceCheckUtils]: 30: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,856 INFO L290 TraceCheckUtils]: 31: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,856 INFO L290 TraceCheckUtils]: 32: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,856 INFO L290 TraceCheckUtils]: 33: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet15#1 && test_#t~nondet15#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet15#1;havoc test_#t~nondet15#1; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,857 INFO L290 TraceCheckUtils]: 34: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,857 INFO L290 TraceCheckUtils]: 35: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,857 INFO L290 TraceCheckUtils]: 36: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,858 INFO L290 TraceCheckUtils]: 37: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume 0 == test_~op4~0#1;assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___6~0#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,858 INFO L290 TraceCheckUtils]: 38: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !(0 != test_~tmp___6~0#1); {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,858 INFO L290 TraceCheckUtils]: 39: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume 0 == test_~op5~0#1;assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___5~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,859 INFO L290 TraceCheckUtils]: 40: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !(0 != test_~tmp___5~0#1); {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,859 INFO L290 TraceCheckUtils]: 41: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume 0 == test_~op6~0#1;assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___4~0#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,859 INFO L290 TraceCheckUtils]: 42: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !(0 != test_~tmp___4~0#1); {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,860 INFO L290 TraceCheckUtils]: 43: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume 0 == test_~op7~0#1;assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___3~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,860 INFO L290 TraceCheckUtils]: 44: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !(0 != test_~tmp___3~0#1); {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} is VALID [2022-02-20 17:52:40,860 INFO L290 TraceCheckUtils]: 45: Hoare triple {74633#(= |ULTIMATE.start_test_~op8~0#1| 0)} assume !(0 == test_~op8~0#1); {74617#false} is VALID [2022-02-20 17:52:40,861 INFO L290 TraceCheckUtils]: 46: Hoare triple {74617#false} assume !(0 == test_~op9~0#1); {74617#false} is VALID [2022-02-20 17:52:40,861 INFO L290 TraceCheckUtils]: 47: Hoare triple {74617#false} assume !(0 == test_~op10~0#1); {74617#false} is VALID [2022-02-20 17:52:40,861 INFO L290 TraceCheckUtils]: 48: Hoare triple {74617#false} assume !(0 == test_~op11~0#1); {74617#false} is VALID [2022-02-20 17:52:40,861 INFO L290 TraceCheckUtils]: 49: Hoare triple {74617#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {74617#false} is VALID [2022-02-20 17:52:40,861 INFO L272 TraceCheckUtils]: 50: Hoare triple {74617#false} call sendEmail(~bob~0, ~rjh~0); {74617#false} is VALID [2022-02-20 17:52:40,861 INFO L290 TraceCheckUtils]: 51: Hoare triple {74617#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~39#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~39#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {74617#false} is VALID [2022-02-20 17:52:40,861 INFO L272 TraceCheckUtils]: 52: Hoare triple {74617#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {74658#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:40,862 INFO L290 TraceCheckUtils]: 53: Hoare triple {74658#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,862 INFO L290 TraceCheckUtils]: 54: Hoare triple {74616#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,862 INFO L290 TraceCheckUtils]: 55: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,862 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {74616#true} {74617#false} #404#return; {74617#false} is VALID [2022-02-20 17:52:40,862 INFO L272 TraceCheckUtils]: 57: Hoare triple {74617#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {74659#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:40,862 INFO L290 TraceCheckUtils]: 58: Hoare triple {74659#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,862 INFO L290 TraceCheckUtils]: 59: Hoare triple {74616#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,862 INFO L290 TraceCheckUtils]: 60: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,863 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {74616#true} {74617#false} #406#return; {74617#false} is VALID [2022-02-20 17:52:40,863 INFO L290 TraceCheckUtils]: 62: Hoare triple {74617#false} createEmail_~retValue_acc~39#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~39#1; {74617#false} is VALID [2022-02-20 17:52:40,863 INFO L290 TraceCheckUtils]: 63: Hoare triple {74617#false} #t~ret58#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret58#1 && #t~ret58#1 <= 2147483647;~tmp~13#1 := #t~ret58#1;havoc #t~ret58#1;~email~0#1 := ~tmp~13#1; {74617#false} is VALID [2022-02-20 17:52:40,863 INFO L272 TraceCheckUtils]: 64: Hoare triple {74617#false} call outgoing(~sender#1, ~email~0#1); {74617#false} is VALID [2022-02-20 17:52:40,863 INFO L290 TraceCheckUtils]: 65: Hoare triple {74617#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~31#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~31#1; {74617#false} is VALID [2022-02-20 17:52:40,863 INFO L290 TraceCheckUtils]: 66: Hoare triple {74617#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~31#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~31#1; {74617#false} is VALID [2022-02-20 17:52:40,863 INFO L290 TraceCheckUtils]: 67: Hoare triple {74617#false} #t~ret54#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret54#1 && #t~ret54#1 <= 2147483647;~tmp~10#1 := #t~ret54#1;havoc #t~ret54#1; {74617#false} is VALID [2022-02-20 17:52:40,864 INFO L272 TraceCheckUtils]: 68: Hoare triple {74617#false} call setEmailFrom(~msg#1, ~tmp~10#1); {74658#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:52:40,864 INFO L290 TraceCheckUtils]: 69: Hoare triple {74658#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,864 INFO L290 TraceCheckUtils]: 70: Hoare triple {74616#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,864 INFO L290 TraceCheckUtils]: 71: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,864 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {74616#true} {74617#false} #392#return; {74617#false} is VALID [2022-02-20 17:52:40,864 INFO L290 TraceCheckUtils]: 73: Hoare triple {74617#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret52#1, mail_#t~ret53#1, mail_~client#1, mail_~msg#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~9#1;call mail_#t~ret52#1 := puts(22, 0);assume -2147483648 <= mail_#t~ret52#1 && mail_#t~ret52#1 <= 2147483647;havoc mail_#t~ret52#1; {74617#false} is VALID [2022-02-20 17:52:40,864 INFO L272 TraceCheckUtils]: 74: Hoare triple {74617#false} call mail_#t~ret53#1 := getEmailTo(mail_~msg#1); {74616#true} is VALID [2022-02-20 17:52:40,864 INFO L290 TraceCheckUtils]: 75: Hoare triple {74616#true} ~handle := #in~handle;havoc ~retValue_acc~4; {74616#true} is VALID [2022-02-20 17:52:40,865 INFO L290 TraceCheckUtils]: 76: Hoare triple {74616#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_email_to0~0;#res := ~retValue_acc~4; {74616#true} is VALID [2022-02-20 17:52:40,865 INFO L290 TraceCheckUtils]: 77: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,865 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {74616#true} {74617#false} #394#return; {74617#false} is VALID [2022-02-20 17:52:40,865 INFO L290 TraceCheckUtils]: 79: Hoare triple {74617#false} assume -2147483648 <= mail_#t~ret53#1 && mail_#t~ret53#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret53#1;havoc mail_#t~ret53#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret56#1, incoming_~client#1, incoming_~msg#1, incoming_~fwreceiver~0#1, incoming_~tmp~11#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~fwreceiver~0#1;havoc incoming_~tmp~11#1;assume { :begin_inline_incoming__wrappee__Base } true;incoming__wrappee__Base_#in~client#1, incoming__wrappee__Base_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;incoming__wrappee__Base_~client#1 := incoming__wrappee__Base_#in~client#1;incoming__wrappee__Base_~msg#1 := incoming__wrappee__Base_#in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := incoming__wrappee__Base_~client#1, incoming__wrappee__Base_~msg#1;havoc deliver_#t~ret55#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret55#1 := puts(23, 0);assume -2147483648 <= deliver_#t~ret55#1 && deliver_#t~ret55#1 <= 2147483647;havoc deliver_#t~ret55#1; {74617#false} is VALID [2022-02-20 17:52:40,865 INFO L290 TraceCheckUtils]: 80: Hoare triple {74617#false} assume { :end_inline_deliver } true; {74617#false} is VALID [2022-02-20 17:52:40,865 INFO L290 TraceCheckUtils]: 81: Hoare triple {74617#false} assume { :end_inline_incoming__wrappee__Base } true;assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~30#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~30#1; {74617#false} is VALID [2022-02-20 17:52:40,865 INFO L290 TraceCheckUtils]: 82: Hoare triple {74617#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~30#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~30#1; {74617#false} is VALID [2022-02-20 17:52:40,866 INFO L290 TraceCheckUtils]: 83: Hoare triple {74617#false} incoming_#t~ret56#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming_#t~ret56#1 && incoming_#t~ret56#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret56#1;havoc incoming_#t~ret56#1;incoming_~fwreceiver~0#1 := incoming_~tmp~11#1; {74617#false} is VALID [2022-02-20 17:52:40,866 INFO L290 TraceCheckUtils]: 84: Hoare triple {74617#false} assume 0 != incoming_~fwreceiver~0#1; {74617#false} is VALID [2022-02-20 17:52:40,866 INFO L272 TraceCheckUtils]: 85: Hoare triple {74617#false} call setEmailTo(incoming_~msg#1, incoming_~fwreceiver~0#1); {74659#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:52:40,866 INFO L290 TraceCheckUtils]: 86: Hoare triple {74659#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {74616#true} is VALID [2022-02-20 17:52:40,866 INFO L290 TraceCheckUtils]: 87: Hoare triple {74616#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {74616#true} is VALID [2022-02-20 17:52:40,866 INFO L290 TraceCheckUtils]: 88: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,866 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {74616#true} {74617#false} #396#return; {74617#false} is VALID [2022-02-20 17:52:40,866 INFO L290 TraceCheckUtils]: 90: Hoare triple {74617#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc forward_#t~ret59#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1, __utac_acc__DecryptForward_spec__1_#t~ret49#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~6#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~6#1;call __utac_acc__DecryptForward_spec__1_#t~ret48#1 := puts(21, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret48#1 && __utac_acc__DecryptForward_spec__1_#t~ret48#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret48#1; {74617#false} is VALID [2022-02-20 17:52:40,867 INFO L272 TraceCheckUtils]: 91: Hoare triple {74617#false} call __utac_acc__DecryptForward_spec__1_#t~ret49#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {74616#true} is VALID [2022-02-20 17:52:40,867 INFO L290 TraceCheckUtils]: 92: Hoare triple {74616#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {74616#true} is VALID [2022-02-20 17:52:40,867 INFO L290 TraceCheckUtils]: 93: Hoare triple {74616#true} assume true; {74616#true} is VALID [2022-02-20 17:52:40,867 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {74616#true} {74617#false} #398#return; {74617#false} is VALID [2022-02-20 17:52:40,867 INFO L290 TraceCheckUtils]: 95: Hoare triple {74617#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret49#1 && __utac_acc__DecryptForward_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~6#1 := __utac_acc__DecryptForward_spec__1_#t~ret49#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret49#1; {74617#false} is VALID [2022-02-20 17:52:40,867 INFO L290 TraceCheckUtils]: 96: Hoare triple {74617#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~6#1);assume { :begin_inline___automaton_fail } true; {74617#false} is VALID [2022-02-20 17:52:40,867 INFO L290 TraceCheckUtils]: 97: Hoare triple {74617#false} assume !false; {74617#false} is VALID [2022-02-20 17:52:40,868 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-02-20 17:52:40,868 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:52:40,868 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2143882609] [2022-02-20 17:52:40,868 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2143882609] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:52:40,868 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:52:40,868 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:52:40,869 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1543116426] [2022-02-20 17:52:40,869 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:52:40,869 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.166666666666666) internal successors, (67), 3 states have internal predecessors, (67), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 98 [2022-02-20 17:52:40,869 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:52:40,870 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 11.166666666666666) internal successors, (67), 3 states have internal predecessors, (67), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2022-02-20 17:52:40,942 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:52:40,942 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:52:40,942 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:52:40,942 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:52:40,943 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:52:40,943 INFO L87 Difference]: Start difference. First operand 4342 states and 7269 transitions. Second operand has 6 states, 6 states have (on average 11.166666666666666) internal successors, (67), 3 states have internal predecessors, (67), 2 states have call successors, (11), 5 states have call predecessors, (11), 1 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9)