./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec0_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec0_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1b548755c8e9cfcfe9ed8b47fb1ac823ac6821056e7770bffa975fdbf413b243 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:53:25,286 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:53:25,289 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:53:25,322 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:53:25,322 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:53:25,323 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:53:25,324 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:53:25,325 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:53:25,326 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:53:25,326 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:53:25,327 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:53:25,328 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:53:25,328 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:53:25,329 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:53:25,329 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:53:25,330 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:53:25,331 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:53:25,331 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:53:25,332 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:53:25,333 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:53:25,334 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:53:25,335 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:53:25,336 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:53:25,336 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:53:25,341 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:53:25,342 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:53:25,342 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:53:25,343 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:53:25,343 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:53:25,345 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:53:25,345 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:53:25,345 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:53:25,346 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:53:25,347 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:53:25,348 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:53:25,349 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:53:25,349 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:53:25,350 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:53:25,350 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:53:25,351 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:53:25,351 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:53:25,352 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:53:25,371 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:53:25,374 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:53:25,374 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:53:25,374 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:53:25,375 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:53:25,375 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:53:25,375 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:53:25,375 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:53:25,376 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:53:25,376 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:53:25,376 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:53:25,377 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:53:25,377 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:53:25,377 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:53:25,377 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:53:25,377 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:53:25,377 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:53:25,377 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:53:25,377 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:53:25,378 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:53:25,378 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:53:25,378 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:53:25,378 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:53:25,378 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:53:25,378 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:53:25,378 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:53:25,379 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:53:25,379 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:53:25,379 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:53:25,379 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:53:25,379 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:53:25,379 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:53:25,380 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:53:25,380 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1b548755c8e9cfcfe9ed8b47fb1ac823ac6821056e7770bffa975fdbf413b243 [2022-02-20 17:53:25,567 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:53:25,590 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:53:25,592 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:53:25,594 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:53:25,594 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:53:25,595 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec0_productSimulator.cil.c [2022-02-20 17:53:25,635 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ed538829a/806f82b9df664a6d824095ed386590d4/FLAG214b21a18 [2022-02-20 17:53:26,074 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:53:26,076 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_productSimulator.cil.c [2022-02-20 17:53:26,094 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ed538829a/806f82b9df664a6d824095ed386590d4/FLAG214b21a18 [2022-02-20 17:53:26,105 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ed538829a/806f82b9df664a6d824095ed386590d4 [2022-02-20 17:53:26,106 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:53:26,107 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:53:26,119 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:53:26,120 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:53:26,123 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:53:26,124 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,125 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4343145a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26, skipping insertion in model container [2022-02-20 17:53:26,125 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,129 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:53:26,189 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:53:26,454 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_productSimulator.cil.c[14867,14880] [2022-02-20 17:53:26,616 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:53:26,622 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:53:26,641 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec0_productSimulator.cil.c[14867,14880] [2022-02-20 17:53:26,706 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:53:26,733 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:53:26,733 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26 WrapperNode [2022-02-20 17:53:26,734 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:53:26,734 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:53:26,735 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:53:26,735 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:53:26,739 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,762 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,829 INFO L137 Inliner]: procedures = 151, calls = 282, calls flagged for inlining = 67, calls inlined = 64, statements flattened = 1303 [2022-02-20 17:53:26,829 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:53:26,830 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:53:26,830 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:53:26,830 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:53:26,835 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,836 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,841 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,841 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,856 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,864 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,869 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,890 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:53:26,891 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:53:26,891 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:53:26,891 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:53:26,911 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (1/1) ... [2022-02-20 17:53:26,919 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:53:26,928 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:53:26,938 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:53:26,954 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:53:26,969 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:53:26,969 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:53:26,969 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 17:53:26,969 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 17:53:26,969 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 17:53:26,970 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 17:53:26,970 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:53:26,970 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:53:26,971 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:53:26,971 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:53:26,971 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:53:26,971 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:53:26,971 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:53:26,971 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:53:26,971 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 17:53:26,972 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 17:53:26,972 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:53:26,972 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:53:26,979 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 17:53:26,979 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 17:53:26,979 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:53:26,980 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:53:26,980 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:53:26,980 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:53:26,980 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:53:26,980 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:53:26,980 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 17:53:26,980 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 17:53:26,980 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 17:53:26,981 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 17:53:26,981 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:53:26,981 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:53:26,981 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:53:26,981 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:53:26,981 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:53:26,981 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:53:26,981 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:53:26,982 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 17:53:26,982 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 17:53:26,982 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:53:26,982 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:53:26,982 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 17:53:26,982 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 17:53:26,982 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:53:26,982 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:53:26,983 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 17:53:26,983 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 17:53:26,983 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:53:26,983 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:53:26,983 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:53:26,983 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:53:26,984 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:53:26,984 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 17:53:26,984 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 17:53:26,984 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 17:53:26,985 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 17:53:26,985 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 17:53:26,985 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 17:53:26,986 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:53:26,986 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:53:26,986 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:53:26,986 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:53:26,987 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:53:26,987 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:53:26,987 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:53:26,987 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:53:26,987 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:53:26,987 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:53:26,987 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:53:26,987 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:53:26,987 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:53:26,988 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:53:26,988 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 17:53:26,988 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 17:53:26,988 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 17:53:26,988 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 17:53:26,989 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:53:26,989 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:53:26,989 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:53:26,989 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:53:26,989 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:53:26,989 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:53:26,989 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:53:26,989 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 17:53:26,989 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 17:53:26,989 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 17:53:26,990 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 17:53:26,990 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:53:26,990 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:53:26,990 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:53:26,990 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:53:27,232 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:53:27,235 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:53:28,054 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:53:28,069 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:53:28,069 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:53:28,071 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:53:28 BoogieIcfgContainer [2022-02-20 17:53:28,071 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:53:28,073 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:53:28,073 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:53:28,075 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:53:28,075 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:53:26" (1/3) ... [2022-02-20 17:53:28,076 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@b8af02f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:53:28, skipping insertion in model container [2022-02-20 17:53:28,076 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:53:26" (2/3) ... [2022-02-20 17:53:28,076 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@b8af02f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:53:28, skipping insertion in model container [2022-02-20 17:53:28,076 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:53:28" (3/3) ... [2022-02-20 17:53:28,080 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec0_productSimulator.cil.c [2022-02-20 17:53:28,083 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:53:28,083 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:53:28,130 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:53:28,136 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:53:28,136 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:53:28,181 INFO L276 IsEmpty]: Start isEmpty. Operand has 600 states, 446 states have (on average 1.515695067264574) internal successors, (676), 466 states have internal predecessors, (676), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:53:28,201 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 165 [2022-02-20 17:53:28,202 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:53:28,204 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:53:28,204 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:53:28,208 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:53:28,209 INFO L85 PathProgramCache]: Analyzing trace with hash 1286037596, now seen corresponding path program 1 times [2022-02-20 17:53:28,217 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:53:28,217 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2002585599] [2022-02-20 17:53:28,218 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:53:28,218 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:53:28,405 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:53:28,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,528 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,528 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,528 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1721#return; {603#true} is VALID [2022-02-20 17:53:28,529 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:53:28,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,539 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,539 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1723#return; {603#true} is VALID [2022-02-20 17:53:28,539 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:53:28,542 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,547 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,547 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1725#return; {603#true} is VALID [2022-02-20 17:53:28,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:53:28,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,558 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,558 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,558 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1727#return; {603#true} is VALID [2022-02-20 17:53:28,558 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:53:28,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,563 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1729#return; {603#true} is VALID [2022-02-20 17:53:28,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:53:28,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,567 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,567 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,567 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1731#return; {603#true} is VALID [2022-02-20 17:53:28,567 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:53:28,569 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,571 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,571 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,571 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1733#return; {603#true} is VALID [2022-02-20 17:53:28,572 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:53:28,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,579 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,579 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1735#return; {603#true} is VALID [2022-02-20 17:53:28,585 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:53:28,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:28,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,600 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,600 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 17:53:28,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {603#true} is VALID [2022-02-20 17:53:28,602 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~bob___0, ~bob___0); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,602 INFO L290 TraceCheckUtils]: 2: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,602 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,602 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,602 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 17:53:28,603 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,603 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1741#return; {603#true} is VALID [2022-02-20 17:53:28,603 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:53:28,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,621 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:28,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,626 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1669#return; {603#true} is VALID [2022-02-20 17:53:28,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {603#true} is VALID [2022-02-20 17:53:28,627 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~rjh___0, ~rjh___0); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,627 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,628 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,628 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1669#return; {603#true} is VALID [2022-02-20 17:53:28,628 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,628 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1747#return; {603#true} is VALID [2022-02-20 17:53:28,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:53:28,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:28,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,637 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1615#return; {603#true} is VALID [2022-02-20 17:53:28,637 INFO L290 TraceCheckUtils]: 0: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {603#true} is VALID [2022-02-20 17:53:28,638 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~chuck___0, ~chuck___0); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,638 INFO L290 TraceCheckUtils]: 2: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,638 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,639 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,639 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1615#return; {603#true} is VALID [2022-02-20 17:53:28,640 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,641 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1753#return; {603#true} is VALID [2022-02-20 17:53:28,649 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:53:28,650 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,653 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,653 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,653 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1637#return; {604#false} is VALID [2022-02-20 17:53:28,659 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:53:28,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,666 INFO L290 TraceCheckUtils]: 0: Hoare triple {705#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1639#return; {604#false} is VALID [2022-02-20 17:53:28,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:53:28,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,676 INFO L290 TraceCheckUtils]: 0: Hoare triple {704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,676 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,676 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,677 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1649#return; {604#false} is VALID [2022-02-20 17:53:28,677 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:53:28,678 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,682 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~handle := #in~handle;havoc ~retValue_acc~28; {603#true} is VALID [2022-02-20 17:53:28,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {603#true} is VALID [2022-02-20 17:53:28,683 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,683 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1651#return; {604#false} is VALID [2022-02-20 17:53:28,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:53:28,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:28,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,707 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {603#true} is VALID [2022-02-20 17:53:28,708 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume { :end_inline_deliver } true; {603#true} is VALID [2022-02-20 17:53:28,708 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,708 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1717#return; {603#true} is VALID [2022-02-20 17:53:28,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {706#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {603#true} is VALID [2022-02-20 17:53:28,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {603#true} is VALID [2022-02-20 17:53:28,711 INFO L272 TraceCheckUtils]: 2: Hoare triple {603#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {603#true} is VALID [2022-02-20 17:53:28,711 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {603#true} is VALID [2022-02-20 17:53:28,711 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume { :end_inline_deliver } true; {603#true} is VALID [2022-02-20 17:53:28,711 INFO L290 TraceCheckUtils]: 5: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,711 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {603#true} {603#true} #1717#return; {603#true} is VALID [2022-02-20 17:53:28,713 INFO L290 TraceCheckUtils]: 7: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,713 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {603#true} {604#false} #1671#return; {604#false} is VALID [2022-02-20 17:53:28,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 145 [2022-02-20 17:53:28,718 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {705#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,721 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,722 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1673#return; {604#false} is VALID [2022-02-20 17:53:28,723 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 151 [2022-02-20 17:53:28,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:28,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:28,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {603#true} is VALID [2022-02-20 17:53:28,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,731 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 17:53:28,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {603#true} is VALID [2022-02-20 17:53:28,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 17:53:28,732 INFO L272 TraceCheckUtils]: 2: Hoare triple {603#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {603#true} is VALID [2022-02-20 17:53:28,733 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {603#true} is VALID [2022-02-20 17:53:28,733 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,734 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 17:53:28,734 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {603#true} is VALID [2022-02-20 17:53:28,734 INFO L290 TraceCheckUtils]: 7: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,734 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {603#true} {604#false} #1675#return; {604#false} is VALID [2022-02-20 17:53:28,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {603#true} is VALID [2022-02-20 17:53:28,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {603#true} is VALID [2022-02-20 17:53:28,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {603#true} is VALID [2022-02-20 17:53:28,739 INFO L272 TraceCheckUtils]: 3: Hoare triple {603#true} call select_features_#t~ret5#1 := select_one(); {603#true} is VALID [2022-02-20 17:53:28,739 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,739 INFO L290 TraceCheckUtils]: 5: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,739 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {603#true} {603#true} #1721#return; {603#true} is VALID [2022-02-20 17:53:28,739 INFO L290 TraceCheckUtils]: 7: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {603#true} is VALID [2022-02-20 17:53:28,740 INFO L272 TraceCheckUtils]: 8: Hoare triple {603#true} call select_features_#t~ret6#1 := select_one(); {603#true} is VALID [2022-02-20 17:53:28,741 INFO L290 TraceCheckUtils]: 9: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,741 INFO L290 TraceCheckUtils]: 10: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,741 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {603#true} {603#true} #1723#return; {603#true} is VALID [2022-02-20 17:53:28,742 INFO L290 TraceCheckUtils]: 12: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {603#true} is VALID [2022-02-20 17:53:28,743 INFO L272 TraceCheckUtils]: 13: Hoare triple {603#true} call select_features_#t~ret7#1 := select_one(); {603#true} is VALID [2022-02-20 17:53:28,749 INFO L290 TraceCheckUtils]: 14: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,749 INFO L290 TraceCheckUtils]: 15: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,749 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {603#true} {603#true} #1725#return; {603#true} is VALID [2022-02-20 17:53:28,751 INFO L290 TraceCheckUtils]: 17: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {603#true} is VALID [2022-02-20 17:53:28,751 INFO L272 TraceCheckUtils]: 18: Hoare triple {603#true} call select_features_#t~ret8#1 := select_one(); {603#true} is VALID [2022-02-20 17:53:28,752 INFO L290 TraceCheckUtils]: 19: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,752 INFO L290 TraceCheckUtils]: 20: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,752 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {603#true} {603#true} #1727#return; {603#true} is VALID [2022-02-20 17:53:28,752 INFO L290 TraceCheckUtils]: 22: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {603#true} is VALID [2022-02-20 17:53:28,753 INFO L272 TraceCheckUtils]: 23: Hoare triple {603#true} call select_features_#t~ret9#1 := select_one(); {603#true} is VALID [2022-02-20 17:53:28,753 INFO L290 TraceCheckUtils]: 24: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,754 INFO L290 TraceCheckUtils]: 25: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,754 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {603#true} {603#true} #1729#return; {603#true} is VALID [2022-02-20 17:53:28,754 INFO L290 TraceCheckUtils]: 27: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {603#true} is VALID [2022-02-20 17:53:28,754 INFO L272 TraceCheckUtils]: 28: Hoare triple {603#true} call select_features_#t~ret10#1 := select_one(); {603#true} is VALID [2022-02-20 17:53:28,754 INFO L290 TraceCheckUtils]: 29: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,754 INFO L290 TraceCheckUtils]: 30: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,755 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {603#true} {603#true} #1731#return; {603#true} is VALID [2022-02-20 17:53:28,755 INFO L290 TraceCheckUtils]: 32: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {603#true} is VALID [2022-02-20 17:53:28,755 INFO L272 TraceCheckUtils]: 33: Hoare triple {603#true} call select_features_#t~ret11#1 := select_one(); {603#true} is VALID [2022-02-20 17:53:28,755 INFO L290 TraceCheckUtils]: 34: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,755 INFO L290 TraceCheckUtils]: 35: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,755 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {603#true} {603#true} #1733#return; {603#true} is VALID [2022-02-20 17:53:28,756 INFO L290 TraceCheckUtils]: 37: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {603#true} is VALID [2022-02-20 17:53:28,756 INFO L272 TraceCheckUtils]: 38: Hoare triple {603#true} call select_features_#t~ret12#1 := select_one(); {603#true} is VALID [2022-02-20 17:53:28,756 INFO L290 TraceCheckUtils]: 39: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:53:28,756 INFO L290 TraceCheckUtils]: 40: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,757 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {603#true} {603#true} #1735#return; {603#true} is VALID [2022-02-20 17:53:28,757 INFO L290 TraceCheckUtils]: 42: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {603#true} is VALID [2022-02-20 17:53:28,757 INFO L290 TraceCheckUtils]: 43: Hoare triple {603#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {603#true} is VALID [2022-02-20 17:53:28,758 INFO L290 TraceCheckUtils]: 44: Hoare triple {603#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 17:53:28,758 INFO L290 TraceCheckUtils]: 45: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~0#1 := 0; {603#true} is VALID [2022-02-20 17:53:28,758 INFO L290 TraceCheckUtils]: 46: Hoare triple {603#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {603#true} is VALID [2022-02-20 17:53:28,758 INFO L290 TraceCheckUtils]: 47: Hoare triple {603#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {603#true} is VALID [2022-02-20 17:53:28,758 INFO L290 TraceCheckUtils]: 48: Hoare triple {603#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {603#true} is VALID [2022-02-20 17:53:28,759 INFO L290 TraceCheckUtils]: 49: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 17:53:28,759 INFO L272 TraceCheckUtils]: 50: Hoare triple {603#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,760 INFO L290 TraceCheckUtils]: 51: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {603#true} is VALID [2022-02-20 17:53:28,760 INFO L272 TraceCheckUtils]: 52: Hoare triple {603#true} call setClientId(~bob___0, ~bob___0); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,761 INFO L290 TraceCheckUtils]: 53: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,761 INFO L290 TraceCheckUtils]: 54: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,761 INFO L290 TraceCheckUtils]: 55: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,761 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 17:53:28,761 INFO L290 TraceCheckUtils]: 57: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,761 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {603#true} {603#true} #1741#return; {603#true} is VALID [2022-02-20 17:53:28,761 INFO L290 TraceCheckUtils]: 59: Hoare triple {603#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {603#true} is VALID [2022-02-20 17:53:28,762 INFO L290 TraceCheckUtils]: 60: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 17:53:28,762 INFO L272 TraceCheckUtils]: 61: Hoare triple {603#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,762 INFO L290 TraceCheckUtils]: 62: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {603#true} is VALID [2022-02-20 17:53:28,763 INFO L272 TraceCheckUtils]: 63: Hoare triple {603#true} call setClientId(~rjh___0, ~rjh___0); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,763 INFO L290 TraceCheckUtils]: 64: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,764 INFO L290 TraceCheckUtils]: 65: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,764 INFO L290 TraceCheckUtils]: 66: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,764 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {603#true} {603#true} #1669#return; {603#true} is VALID [2022-02-20 17:53:28,764 INFO L290 TraceCheckUtils]: 68: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,764 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {603#true} {603#true} #1747#return; {603#true} is VALID [2022-02-20 17:53:28,764 INFO L290 TraceCheckUtils]: 70: Hoare triple {603#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {603#true} is VALID [2022-02-20 17:53:28,765 INFO L290 TraceCheckUtils]: 71: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 17:53:28,765 INFO L272 TraceCheckUtils]: 72: Hoare triple {603#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,765 INFO L290 TraceCheckUtils]: 73: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {603#true} is VALID [2022-02-20 17:53:28,766 INFO L272 TraceCheckUtils]: 74: Hoare triple {603#true} call setClientId(~chuck___0, ~chuck___0); {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:28,766 INFO L290 TraceCheckUtils]: 75: Hoare triple {691#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,767 INFO L290 TraceCheckUtils]: 76: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,767 INFO L290 TraceCheckUtils]: 77: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,767 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {603#true} {603#true} #1615#return; {603#true} is VALID [2022-02-20 17:53:28,767 INFO L290 TraceCheckUtils]: 79: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,767 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {603#true} {603#true} #1753#return; {603#true} is VALID [2022-02-20 17:53:28,767 INFO L290 TraceCheckUtils]: 81: Hoare triple {603#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {603#true} is VALID [2022-02-20 17:53:28,768 INFO L290 TraceCheckUtils]: 82: Hoare triple {603#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {603#true} is VALID [2022-02-20 17:53:28,768 INFO L290 TraceCheckUtils]: 83: Hoare triple {603#true} assume false; {604#false} is VALID [2022-02-20 17:53:28,768 INFO L290 TraceCheckUtils]: 84: Hoare triple {604#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {604#false} is VALID [2022-02-20 17:53:28,768 INFO L272 TraceCheckUtils]: 85: Hoare triple {604#false} call sendEmail(~bob~0, ~rjh~0); {604#false} is VALID [2022-02-20 17:53:28,772 INFO L290 TraceCheckUtils]: 86: Hoare triple {604#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {604#false} is VALID [2022-02-20 17:53:28,773 INFO L272 TraceCheckUtils]: 87: Hoare triple {604#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:28,773 INFO L290 TraceCheckUtils]: 88: Hoare triple {704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,773 INFO L290 TraceCheckUtils]: 89: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,774 INFO L290 TraceCheckUtils]: 90: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,774 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {603#true} {604#false} #1637#return; {604#false} is VALID [2022-02-20 17:53:28,775 INFO L272 TraceCheckUtils]: 92: Hoare triple {604#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {705#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:28,775 INFO L290 TraceCheckUtils]: 93: Hoare triple {705#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,775 INFO L290 TraceCheckUtils]: 94: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,775 INFO L290 TraceCheckUtils]: 95: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,775 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {603#true} {604#false} #1639#return; {604#false} is VALID [2022-02-20 17:53:28,778 INFO L290 TraceCheckUtils]: 97: Hoare triple {604#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {604#false} is VALID [2022-02-20 17:53:28,778 INFO L290 TraceCheckUtils]: 98: Hoare triple {604#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {604#false} is VALID [2022-02-20 17:53:28,778 INFO L272 TraceCheckUtils]: 99: Hoare triple {604#false} call outgoing(~sender#1, ~email~0#1); {604#false} is VALID [2022-02-20 17:53:28,778 INFO L290 TraceCheckUtils]: 100: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:53:28,778 INFO L290 TraceCheckUtils]: 101: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {604#false} is VALID [2022-02-20 17:53:28,779 INFO L272 TraceCheckUtils]: 102: Hoare triple {604#false} call outgoing__before__Sign(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:53:28,779 INFO L290 TraceCheckUtils]: 103: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:53:28,779 INFO L290 TraceCheckUtils]: 104: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {604#false} is VALID [2022-02-20 17:53:28,779 INFO L272 TraceCheckUtils]: 105: Hoare triple {604#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:53:28,779 INFO L290 TraceCheckUtils]: 106: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:53:28,779 INFO L290 TraceCheckUtils]: 107: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {604#false} is VALID [2022-02-20 17:53:28,779 INFO L272 TraceCheckUtils]: 108: Hoare triple {604#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:53:28,780 INFO L290 TraceCheckUtils]: 109: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {604#false} is VALID [2022-02-20 17:53:28,782 INFO L290 TraceCheckUtils]: 110: Hoare triple {604#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {604#false} is VALID [2022-02-20 17:53:28,782 INFO L290 TraceCheckUtils]: 111: Hoare triple {604#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {604#false} is VALID [2022-02-20 17:53:28,782 INFO L272 TraceCheckUtils]: 112: Hoare triple {604#false} call setEmailFrom(~msg#1, ~tmp~2#1); {704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:28,782 INFO L290 TraceCheckUtils]: 113: Hoare triple {704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,782 INFO L290 TraceCheckUtils]: 114: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,783 INFO L290 TraceCheckUtils]: 115: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,783 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {603#true} {604#false} #1649#return; {604#false} is VALID [2022-02-20 17:53:28,783 INFO L290 TraceCheckUtils]: 117: Hoare triple {604#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {604#false} is VALID [2022-02-20 17:53:28,783 INFO L272 TraceCheckUtils]: 118: Hoare triple {604#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {603#true} is VALID [2022-02-20 17:53:28,783 INFO L290 TraceCheckUtils]: 119: Hoare triple {603#true} ~handle := #in~handle;havoc ~retValue_acc~28; {603#true} is VALID [2022-02-20 17:53:28,784 INFO L290 TraceCheckUtils]: 120: Hoare triple {603#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {603#true} is VALID [2022-02-20 17:53:28,784 INFO L290 TraceCheckUtils]: 121: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,784 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {603#true} {604#false} #1651#return; {604#false} is VALID [2022-02-20 17:53:28,784 INFO L290 TraceCheckUtils]: 123: Hoare triple {604#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {604#false} is VALID [2022-02-20 17:53:28,784 INFO L290 TraceCheckUtils]: 124: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {604#false} is VALID [2022-02-20 17:53:28,785 INFO L272 TraceCheckUtils]: 125: Hoare triple {604#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {604#false} is VALID [2022-02-20 17:53:28,785 INFO L290 TraceCheckUtils]: 126: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:53:28,785 INFO L290 TraceCheckUtils]: 127: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {604#false} is VALID [2022-02-20 17:53:28,785 INFO L272 TraceCheckUtils]: 128: Hoare triple {604#false} call incoming__before__Verify(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:53:28,785 INFO L290 TraceCheckUtils]: 129: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:53:28,786 INFO L290 TraceCheckUtils]: 130: Hoare triple {604#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {604#false} is VALID [2022-02-20 17:53:28,786 INFO L272 TraceCheckUtils]: 131: Hoare triple {604#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {706#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} is VALID [2022-02-20 17:53:28,786 INFO L290 TraceCheckUtils]: 132: Hoare triple {706#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {603#true} is VALID [2022-02-20 17:53:28,786 INFO L290 TraceCheckUtils]: 133: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {603#true} is VALID [2022-02-20 17:53:28,786 INFO L272 TraceCheckUtils]: 134: Hoare triple {603#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {603#true} is VALID [2022-02-20 17:53:28,786 INFO L290 TraceCheckUtils]: 135: Hoare triple {603#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {603#true} is VALID [2022-02-20 17:53:28,787 INFO L290 TraceCheckUtils]: 136: Hoare triple {603#true} assume { :end_inline_deliver } true; {603#true} is VALID [2022-02-20 17:53:28,787 INFO L290 TraceCheckUtils]: 137: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,790 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {603#true} {603#true} #1717#return; {603#true} is VALID [2022-02-20 17:53:28,791 INFO L290 TraceCheckUtils]: 139: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,792 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {603#true} {604#false} #1671#return; {604#false} is VALID [2022-02-20 17:53:28,794 INFO L290 TraceCheckUtils]: 141: Hoare triple {604#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {604#false} is VALID [2022-02-20 17:53:28,795 INFO L290 TraceCheckUtils]: 142: Hoare triple {604#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {604#false} is VALID [2022-02-20 17:53:28,796 INFO L290 TraceCheckUtils]: 143: Hoare triple {604#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {604#false} is VALID [2022-02-20 17:53:28,796 INFO L290 TraceCheckUtils]: 144: Hoare triple {604#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {604#false} is VALID [2022-02-20 17:53:28,796 INFO L272 TraceCheckUtils]: 145: Hoare triple {604#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {705#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:28,796 INFO L290 TraceCheckUtils]: 146: Hoare triple {705#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:53:28,797 INFO L290 TraceCheckUtils]: 147: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {603#true} is VALID [2022-02-20 17:53:28,797 INFO L290 TraceCheckUtils]: 148: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,798 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {603#true} {604#false} #1673#return; {604#false} is VALID [2022-02-20 17:53:28,800 INFO L290 TraceCheckUtils]: 150: Hoare triple {604#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {604#false} is VALID [2022-02-20 17:53:28,802 INFO L272 TraceCheckUtils]: 151: Hoare triple {604#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {603#true} is VALID [2022-02-20 17:53:28,802 INFO L290 TraceCheckUtils]: 152: Hoare triple {603#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {603#true} is VALID [2022-02-20 17:53:28,802 INFO L290 TraceCheckUtils]: 153: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 17:53:28,803 INFO L272 TraceCheckUtils]: 154: Hoare triple {603#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {603#true} is VALID [2022-02-20 17:53:28,803 INFO L290 TraceCheckUtils]: 155: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {603#true} is VALID [2022-02-20 17:53:28,803 INFO L290 TraceCheckUtils]: 156: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,803 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 17:53:28,803 INFO L290 TraceCheckUtils]: 158: Hoare triple {603#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {603#true} is VALID [2022-02-20 17:53:28,803 INFO L290 TraceCheckUtils]: 159: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:53:28,804 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {603#true} {604#false} #1675#return; {604#false} is VALID [2022-02-20 17:53:28,804 INFO L290 TraceCheckUtils]: 161: Hoare triple {604#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {604#false} is VALID [2022-02-20 17:53:28,804 INFO L290 TraceCheckUtils]: 162: Hoare triple {604#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {604#false} is VALID [2022-02-20 17:53:28,804 INFO L290 TraceCheckUtils]: 163: Hoare triple {604#false} assume !false; {604#false} is VALID [2022-02-20 17:53:28,805 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 17:53:28,805 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:53:28,806 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2002585599] [2022-02-20 17:53:28,806 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2002585599] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:53:28,806 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:53:28,807 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:53:28,808 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1658303428] [2022-02-20 17:53:28,808 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:53:28,812 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 2 states have internal predecessors, (85), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 164 [2022-02-20 17:53:28,814 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:53:28,817 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 2 states have internal predecessors, (85), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:28,921 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 138 edges. 138 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:28,921 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:53:28,921 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:53:28,939 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:53:28,940 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:53:28,946 INFO L87 Difference]: Start difference. First operand has 600 states, 446 states have (on average 1.515695067264574) internal successors, (676), 466 states have internal predecessors, (676), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 2 states have internal predecessors, (85), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:34,580 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:34,581 INFO L93 Difference]: Finished difference Result 1142 states and 1756 transitions. [2022-02-20 17:53:34,581 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:53:34,581 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 2 states have internal predecessors, (85), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 164 [2022-02-20 17:53:34,582 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:53:34,583 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 2 states have internal predecessors, (85), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:34,632 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1756 transitions. [2022-02-20 17:53:34,633 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 2 states have internal predecessors, (85), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:34,663 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1756 transitions. [2022-02-20 17:53:34,663 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1756 transitions. [2022-02-20 17:53:36,272 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1756 edges. 1756 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:36,379 INFO L225 Difference]: With dead ends: 1142 [2022-02-20 17:53:36,379 INFO L226 Difference]: Without dead ends: 804 [2022-02-20 17:53:36,386 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 59 GetRequests, 49 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=47, Invalid=85, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:53:36,389 INFO L933 BasicCegarLoop]: 909 mSDtfsCounter, 1834 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 659 mSolverCounterSat, 870 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1843 SdHoareTripleChecker+Valid, 1623 SdHoareTripleChecker+Invalid, 1529 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 870 IncrementalHoareTripleChecker+Valid, 659 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.3s IncrementalHoareTripleChecker+Time [2022-02-20 17:53:36,389 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1843 Valid, 1623 Invalid, 1529 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [870 Valid, 659 Invalid, 0 Unknown, 0 Unchecked, 2.3s Time] [2022-02-20 17:53:36,403 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 804 states. [2022-02-20 17:53:36,462 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 804 to 593. [2022-02-20 17:53:36,463 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:53:36,465 INFO L82 GeneralOperation]: Start isEquivalent. First operand 804 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:36,468 INFO L74 IsIncluded]: Start isIncluded. First operand 804 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:36,470 INFO L87 Difference]: Start difference. First operand 804 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:36,513 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:36,513 INFO L93 Difference]: Finished difference Result 804 states and 1249 transitions. [2022-02-20 17:53:36,513 INFO L276 IsEmpty]: Start isEmpty. Operand 804 states and 1249 transitions. [2022-02-20 17:53:36,517 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:53:36,517 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:53:36,519 INFO L74 IsIncluded]: Start isIncluded. First operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 804 states. [2022-02-20 17:53:36,521 INFO L87 Difference]: Start difference. First operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 804 states. [2022-02-20 17:53:36,585 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:36,585 INFO L93 Difference]: Finished difference Result 804 states and 1249 transitions. [2022-02-20 17:53:36,586 INFO L276 IsEmpty]: Start isEmpty. Operand 804 states and 1249 transitions. [2022-02-20 17:53:36,589 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:53:36,589 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:53:36,589 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:53:36,589 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:53:36,592 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:36,627 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 882 transitions. [2022-02-20 17:53:36,629 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 882 transitions. Word has length 164 [2022-02-20 17:53:36,631 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:53:36,631 INFO L470 AbstractCegarLoop]: Abstraction has 593 states and 882 transitions. [2022-02-20 17:53:36,631 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 2 states have internal predecessors, (85), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:36,632 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 882 transitions. [2022-02-20 17:53:36,635 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 166 [2022-02-20 17:53:36,635 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:53:36,635 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:53:36,636 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 17:53:36,636 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:53:36,637 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:53:36,637 INFO L85 PathProgramCache]: Analyzing trace with hash 1632157272, now seen corresponding path program 1 times [2022-02-20 17:53:36,637 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:53:36,637 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [543607515] [2022-02-20 17:53:36,637 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:53:36,637 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:53:36,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:53:36,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,737 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1721#return; {4762#true} is VALID [2022-02-20 17:53:36,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:53:36,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,743 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,743 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,743 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1723#return; {4762#true} is VALID [2022-02-20 17:53:36,743 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:53:36,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,747 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,747 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,747 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1725#return; {4762#true} is VALID [2022-02-20 17:53:36,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:53:36,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,752 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,752 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,753 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1727#return; {4762#true} is VALID [2022-02-20 17:53:36,753 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:53:36,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,759 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,760 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,760 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1729#return; {4762#true} is VALID [2022-02-20 17:53:36,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:53:36,762 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,765 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1731#return; {4762#true} is VALID [2022-02-20 17:53:36,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:53:36,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,771 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1733#return; {4762#true} is VALID [2022-02-20 17:53:36,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:53:36,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,775 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1735#return; {4762#true} is VALID [2022-02-20 17:53:36,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:53:36,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,785 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:36,785 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,789 INFO L290 TraceCheckUtils]: 0: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,789 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,789 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,790 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4762#true} #1719#return; {4762#true} is VALID [2022-02-20 17:53:36,790 INFO L290 TraceCheckUtils]: 0: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4762#true} is VALID [2022-02-20 17:53:36,790 INFO L272 TraceCheckUtils]: 1: Hoare triple {4762#true} call setClientId(~bob___0, ~bob___0); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,790 INFO L290 TraceCheckUtils]: 2: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,791 INFO L290 TraceCheckUtils]: 3: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,791 INFO L290 TraceCheckUtils]: 4: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,791 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4762#true} {4762#true} #1719#return; {4762#true} is VALID [2022-02-20 17:53:36,791 INFO L290 TraceCheckUtils]: 6: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,791 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4762#true} {4763#false} #1741#return; {4763#false} is VALID [2022-02-20 17:53:36,791 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:53:36,793 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,795 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:36,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,797 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4762#true} #1669#return; {4762#true} is VALID [2022-02-20 17:53:36,798 INFO L290 TraceCheckUtils]: 0: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4762#true} is VALID [2022-02-20 17:53:36,798 INFO L272 TraceCheckUtils]: 1: Hoare triple {4762#true} call setClientId(~rjh___0, ~rjh___0); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,798 INFO L290 TraceCheckUtils]: 2: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,798 INFO L290 TraceCheckUtils]: 3: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,799 INFO L290 TraceCheckUtils]: 4: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,799 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4762#true} {4762#true} #1669#return; {4762#true} is VALID [2022-02-20 17:53:36,799 INFO L290 TraceCheckUtils]: 6: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,799 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4762#true} {4763#false} #1747#return; {4763#false} is VALID [2022-02-20 17:53:36,799 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:53:36,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,807 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:36,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,811 INFO L290 TraceCheckUtils]: 0: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,812 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,812 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,812 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4762#true} #1615#return; {4762#true} is VALID [2022-02-20 17:53:36,812 INFO L290 TraceCheckUtils]: 0: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4762#true} is VALID [2022-02-20 17:53:36,813 INFO L272 TraceCheckUtils]: 1: Hoare triple {4762#true} call setClientId(~chuck___0, ~chuck___0); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,817 INFO L290 TraceCheckUtils]: 2: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,817 INFO L290 TraceCheckUtils]: 3: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,817 INFO L290 TraceCheckUtils]: 4: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,817 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4762#true} {4762#true} #1615#return; {4762#true} is VALID [2022-02-20 17:53:36,817 INFO L290 TraceCheckUtils]: 6: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,817 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4762#true} {4763#false} #1753#return; {4763#false} is VALID [2022-02-20 17:53:36,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:53:36,823 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,826 INFO L290 TraceCheckUtils]: 0: Hoare triple {4866#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,826 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,826 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,826 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4763#false} #1637#return; {4763#false} is VALID [2022-02-20 17:53:36,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:53:36,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {4867#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,835 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,835 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4763#false} #1639#return; {4763#false} is VALID [2022-02-20 17:53:36,835 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:53:36,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,838 INFO L290 TraceCheckUtils]: 0: Hoare triple {4866#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,838 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,838 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4763#false} #1649#return; {4763#false} is VALID [2022-02-20 17:53:36,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:53:36,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} ~handle := #in~handle;havoc ~retValue_acc~28; {4762#true} is VALID [2022-02-20 17:53:36,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {4762#true} is VALID [2022-02-20 17:53:36,841 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,841 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4763#false} #1651#return; {4763#false} is VALID [2022-02-20 17:53:36,850 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 17:53:36,854 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,857 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:36,859 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,861 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {4762#true} is VALID [2022-02-20 17:53:36,861 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume { :end_inline_deliver } true; {4762#true} is VALID [2022-02-20 17:53:36,861 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,861 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4762#true} #1717#return; {4762#true} is VALID [2022-02-20 17:53:36,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {4868#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4762#true} is VALID [2022-02-20 17:53:36,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {4762#true} is VALID [2022-02-20 17:53:36,862 INFO L272 TraceCheckUtils]: 2: Hoare triple {4762#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {4762#true} is VALID [2022-02-20 17:53:36,862 INFO L290 TraceCheckUtils]: 3: Hoare triple {4762#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {4762#true} is VALID [2022-02-20 17:53:36,862 INFO L290 TraceCheckUtils]: 4: Hoare triple {4762#true} assume { :end_inline_deliver } true; {4762#true} is VALID [2022-02-20 17:53:36,862 INFO L290 TraceCheckUtils]: 5: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,862 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4762#true} {4762#true} #1717#return; {4762#true} is VALID [2022-02-20 17:53:36,862 INFO L290 TraceCheckUtils]: 7: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,863 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {4762#true} {4763#false} #1671#return; {4763#false} is VALID [2022-02-20 17:53:36,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 146 [2022-02-20 17:53:36,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,866 INFO L290 TraceCheckUtils]: 0: Hoare triple {4867#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,866 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,866 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,867 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4762#true} {4763#false} #1673#return; {4763#false} is VALID [2022-02-20 17:53:36,867 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 152 [2022-02-20 17:53:36,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:36,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:36,873 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {4762#true} is VALID [2022-02-20 17:53:36,873 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,873 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4762#true} {4762#true} #1797#return; {4762#true} is VALID [2022-02-20 17:53:36,874 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {4762#true} is VALID [2022-02-20 17:53:36,874 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4762#true} is VALID [2022-02-20 17:53:36,874 INFO L272 TraceCheckUtils]: 2: Hoare triple {4762#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {4762#true} is VALID [2022-02-20 17:53:36,874 INFO L290 TraceCheckUtils]: 3: Hoare triple {4762#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {4762#true} is VALID [2022-02-20 17:53:36,874 INFO L290 TraceCheckUtils]: 4: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,875 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4762#true} {4762#true} #1797#return; {4762#true} is VALID [2022-02-20 17:53:36,875 INFO L290 TraceCheckUtils]: 6: Hoare triple {4762#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {4762#true} is VALID [2022-02-20 17:53:36,876 INFO L290 TraceCheckUtils]: 7: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,877 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {4762#true} {4763#false} #1675#return; {4763#false} is VALID [2022-02-20 17:53:36,877 INFO L290 TraceCheckUtils]: 0: Hoare triple {4762#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {4762#true} is VALID [2022-02-20 17:53:36,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {4762#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4762#true} is VALID [2022-02-20 17:53:36,878 INFO L290 TraceCheckUtils]: 2: Hoare triple {4762#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {4762#true} is VALID [2022-02-20 17:53:36,878 INFO L272 TraceCheckUtils]: 3: Hoare triple {4762#true} call select_features_#t~ret5#1 := select_one(); {4762#true} is VALID [2022-02-20 17:53:36,878 INFO L290 TraceCheckUtils]: 4: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,878 INFO L290 TraceCheckUtils]: 5: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,878 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4762#true} {4762#true} #1721#return; {4762#true} is VALID [2022-02-20 17:53:36,878 INFO L290 TraceCheckUtils]: 7: Hoare triple {4762#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {4762#true} is VALID [2022-02-20 17:53:36,878 INFO L272 TraceCheckUtils]: 8: Hoare triple {4762#true} call select_features_#t~ret6#1 := select_one(); {4762#true} is VALID [2022-02-20 17:53:36,879 INFO L290 TraceCheckUtils]: 9: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,879 INFO L290 TraceCheckUtils]: 10: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,879 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4762#true} {4762#true} #1723#return; {4762#true} is VALID [2022-02-20 17:53:36,879 INFO L290 TraceCheckUtils]: 12: Hoare triple {4762#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {4762#true} is VALID [2022-02-20 17:53:36,879 INFO L272 TraceCheckUtils]: 13: Hoare triple {4762#true} call select_features_#t~ret7#1 := select_one(); {4762#true} is VALID [2022-02-20 17:53:36,879 INFO L290 TraceCheckUtils]: 14: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,880 INFO L290 TraceCheckUtils]: 15: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,880 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4762#true} {4762#true} #1725#return; {4762#true} is VALID [2022-02-20 17:53:36,880 INFO L290 TraceCheckUtils]: 17: Hoare triple {4762#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {4762#true} is VALID [2022-02-20 17:53:36,880 INFO L272 TraceCheckUtils]: 18: Hoare triple {4762#true} call select_features_#t~ret8#1 := select_one(); {4762#true} is VALID [2022-02-20 17:53:36,880 INFO L290 TraceCheckUtils]: 19: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,880 INFO L290 TraceCheckUtils]: 20: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,880 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4762#true} {4762#true} #1727#return; {4762#true} is VALID [2022-02-20 17:53:36,882 INFO L290 TraceCheckUtils]: 22: Hoare triple {4762#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {4762#true} is VALID [2022-02-20 17:53:36,882 INFO L272 TraceCheckUtils]: 23: Hoare triple {4762#true} call select_features_#t~ret9#1 := select_one(); {4762#true} is VALID [2022-02-20 17:53:36,882 INFO L290 TraceCheckUtils]: 24: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,882 INFO L290 TraceCheckUtils]: 25: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4762#true} {4762#true} #1729#return; {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L290 TraceCheckUtils]: 27: Hoare triple {4762#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L272 TraceCheckUtils]: 28: Hoare triple {4762#true} call select_features_#t~ret10#1 := select_one(); {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L290 TraceCheckUtils]: 29: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L290 TraceCheckUtils]: 30: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4762#true} {4762#true} #1731#return; {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L290 TraceCheckUtils]: 32: Hoare triple {4762#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L272 TraceCheckUtils]: 33: Hoare triple {4762#true} call select_features_#t~ret11#1 := select_one(); {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L290 TraceCheckUtils]: 34: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,883 INFO L290 TraceCheckUtils]: 35: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4762#true} {4762#true} #1733#return; {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L290 TraceCheckUtils]: 37: Hoare triple {4762#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L272 TraceCheckUtils]: 38: Hoare triple {4762#true} call select_features_#t~ret12#1 := select_one(); {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L290 TraceCheckUtils]: 39: Hoare triple {4762#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L290 TraceCheckUtils]: 40: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4762#true} {4762#true} #1735#return; {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L290 TraceCheckUtils]: 42: Hoare triple {4762#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L290 TraceCheckUtils]: 43: Hoare triple {4762#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {4762#true} is VALID [2022-02-20 17:53:36,884 INFO L290 TraceCheckUtils]: 44: Hoare triple {4762#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4762#true} is VALID [2022-02-20 17:53:36,885 INFO L290 TraceCheckUtils]: 45: Hoare triple {4762#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~0#1 := 0; {4788#(= |ULTIMATE.start_valid_product_~tmp~0#1| 0)} is VALID [2022-02-20 17:53:36,885 INFO L290 TraceCheckUtils]: 46: Hoare triple {4788#(= |ULTIMATE.start_valid_product_~tmp~0#1| 0)} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {4789#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 17:53:36,886 INFO L290 TraceCheckUtils]: 47: Hoare triple {4789#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {4790#(= |ULTIMATE.start_main_~tmp~16#1| 0)} is VALID [2022-02-20 17:53:36,886 INFO L290 TraceCheckUtils]: 48: Hoare triple {4790#(= |ULTIMATE.start_main_~tmp~16#1| 0)} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4763#false} is VALID [2022-02-20 17:53:36,886 INFO L290 TraceCheckUtils]: 49: Hoare triple {4763#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4763#false} is VALID [2022-02-20 17:53:36,886 INFO L272 TraceCheckUtils]: 50: Hoare triple {4763#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,886 INFO L290 TraceCheckUtils]: 51: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4762#true} is VALID [2022-02-20 17:53:36,887 INFO L272 TraceCheckUtils]: 52: Hoare triple {4762#true} call setClientId(~bob___0, ~bob___0); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,887 INFO L290 TraceCheckUtils]: 53: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,887 INFO L290 TraceCheckUtils]: 54: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,887 INFO L290 TraceCheckUtils]: 55: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,887 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4762#true} {4762#true} #1719#return; {4762#true} is VALID [2022-02-20 17:53:36,887 INFO L290 TraceCheckUtils]: 57: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,887 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4762#true} {4763#false} #1741#return; {4763#false} is VALID [2022-02-20 17:53:36,887 INFO L290 TraceCheckUtils]: 59: Hoare triple {4763#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4763#false} is VALID [2022-02-20 17:53:36,888 INFO L290 TraceCheckUtils]: 60: Hoare triple {4763#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4763#false} is VALID [2022-02-20 17:53:36,888 INFO L272 TraceCheckUtils]: 61: Hoare triple {4763#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,888 INFO L290 TraceCheckUtils]: 62: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4762#true} is VALID [2022-02-20 17:53:36,888 INFO L272 TraceCheckUtils]: 63: Hoare triple {4762#true} call setClientId(~rjh___0, ~rjh___0); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,888 INFO L290 TraceCheckUtils]: 64: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,889 INFO L290 TraceCheckUtils]: 65: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,889 INFO L290 TraceCheckUtils]: 66: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,889 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4762#true} {4762#true} #1669#return; {4762#true} is VALID [2022-02-20 17:53:36,889 INFO L290 TraceCheckUtils]: 68: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,889 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4762#true} {4763#false} #1747#return; {4763#false} is VALID [2022-02-20 17:53:36,889 INFO L290 TraceCheckUtils]: 70: Hoare triple {4763#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4763#false} is VALID [2022-02-20 17:53:36,889 INFO L290 TraceCheckUtils]: 71: Hoare triple {4763#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4763#false} is VALID [2022-02-20 17:53:36,889 INFO L272 TraceCheckUtils]: 72: Hoare triple {4763#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,890 INFO L290 TraceCheckUtils]: 73: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4762#true} is VALID [2022-02-20 17:53:36,890 INFO L272 TraceCheckUtils]: 74: Hoare triple {4762#true} call setClientId(~chuck___0, ~chuck___0); {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:36,890 INFO L290 TraceCheckUtils]: 75: Hoare triple {4853#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,890 INFO L290 TraceCheckUtils]: 76: Hoare triple {4762#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,890 INFO L290 TraceCheckUtils]: 77: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,891 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4762#true} {4762#true} #1615#return; {4762#true} is VALID [2022-02-20 17:53:36,891 INFO L290 TraceCheckUtils]: 79: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,891 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4762#true} {4763#false} #1753#return; {4763#false} is VALID [2022-02-20 17:53:36,891 INFO L290 TraceCheckUtils]: 81: Hoare triple {4763#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {4763#false} is VALID [2022-02-20 17:53:36,891 INFO L290 TraceCheckUtils]: 82: Hoare triple {4763#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4763#false} is VALID [2022-02-20 17:53:36,891 INFO L290 TraceCheckUtils]: 83: Hoare triple {4763#false} assume !false; {4763#false} is VALID [2022-02-20 17:53:36,891 INFO L290 TraceCheckUtils]: 84: Hoare triple {4763#false} assume !(test_~splverifierCounter~0#1 < 4); {4763#false} is VALID [2022-02-20 17:53:36,891 INFO L290 TraceCheckUtils]: 85: Hoare triple {4763#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {4763#false} is VALID [2022-02-20 17:53:36,891 INFO L272 TraceCheckUtils]: 86: Hoare triple {4763#false} call sendEmail(~bob~0, ~rjh~0); {4763#false} is VALID [2022-02-20 17:53:36,892 INFO L290 TraceCheckUtils]: 87: Hoare triple {4763#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4763#false} is VALID [2022-02-20 17:53:36,892 INFO L272 TraceCheckUtils]: 88: Hoare triple {4763#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4866#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:36,892 INFO L290 TraceCheckUtils]: 89: Hoare triple {4866#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,892 INFO L290 TraceCheckUtils]: 90: Hoare triple {4762#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,892 INFO L290 TraceCheckUtils]: 91: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,892 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4762#true} {4763#false} #1637#return; {4763#false} is VALID [2022-02-20 17:53:36,892 INFO L272 TraceCheckUtils]: 93: Hoare triple {4763#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4867#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:36,892 INFO L290 TraceCheckUtils]: 94: Hoare triple {4867#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,892 INFO L290 TraceCheckUtils]: 95: Hoare triple {4762#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,892 INFO L290 TraceCheckUtils]: 96: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,893 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4762#true} {4763#false} #1639#return; {4763#false} is VALID [2022-02-20 17:53:36,893 INFO L290 TraceCheckUtils]: 98: Hoare triple {4763#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {4763#false} is VALID [2022-02-20 17:53:36,893 INFO L290 TraceCheckUtils]: 99: Hoare triple {4763#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {4763#false} is VALID [2022-02-20 17:53:36,893 INFO L272 TraceCheckUtils]: 100: Hoare triple {4763#false} call outgoing(~sender#1, ~email~0#1); {4763#false} is VALID [2022-02-20 17:53:36,893 INFO L290 TraceCheckUtils]: 101: Hoare triple {4763#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4763#false} is VALID [2022-02-20 17:53:36,893 INFO L290 TraceCheckUtils]: 102: Hoare triple {4763#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4763#false} is VALID [2022-02-20 17:53:36,893 INFO L272 TraceCheckUtils]: 103: Hoare triple {4763#false} call outgoing__before__Sign(~client#1, ~msg#1); {4763#false} is VALID [2022-02-20 17:53:36,893 INFO L290 TraceCheckUtils]: 104: Hoare triple {4763#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4763#false} is VALID [2022-02-20 17:53:36,893 INFO L290 TraceCheckUtils]: 105: Hoare triple {4763#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4763#false} is VALID [2022-02-20 17:53:36,894 INFO L272 TraceCheckUtils]: 106: Hoare triple {4763#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4763#false} is VALID [2022-02-20 17:53:36,894 INFO L290 TraceCheckUtils]: 107: Hoare triple {4763#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4763#false} is VALID [2022-02-20 17:53:36,894 INFO L290 TraceCheckUtils]: 108: Hoare triple {4763#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4763#false} is VALID [2022-02-20 17:53:36,894 INFO L272 TraceCheckUtils]: 109: Hoare triple {4763#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4763#false} is VALID [2022-02-20 17:53:36,894 INFO L290 TraceCheckUtils]: 110: Hoare triple {4763#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {4763#false} is VALID [2022-02-20 17:53:36,894 INFO L290 TraceCheckUtils]: 111: Hoare triple {4763#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {4763#false} is VALID [2022-02-20 17:53:36,894 INFO L290 TraceCheckUtils]: 112: Hoare triple {4763#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {4763#false} is VALID [2022-02-20 17:53:36,894 INFO L272 TraceCheckUtils]: 113: Hoare triple {4763#false} call setEmailFrom(~msg#1, ~tmp~2#1); {4866#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:36,894 INFO L290 TraceCheckUtils]: 114: Hoare triple {4866#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,894 INFO L290 TraceCheckUtils]: 115: Hoare triple {4762#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,895 INFO L290 TraceCheckUtils]: 116: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,895 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4762#true} {4763#false} #1649#return; {4763#false} is VALID [2022-02-20 17:53:36,895 INFO L290 TraceCheckUtils]: 118: Hoare triple {4763#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {4763#false} is VALID [2022-02-20 17:53:36,895 INFO L272 TraceCheckUtils]: 119: Hoare triple {4763#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {4762#true} is VALID [2022-02-20 17:53:36,895 INFO L290 TraceCheckUtils]: 120: Hoare triple {4762#true} ~handle := #in~handle;havoc ~retValue_acc~28; {4762#true} is VALID [2022-02-20 17:53:36,895 INFO L290 TraceCheckUtils]: 121: Hoare triple {4762#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {4762#true} is VALID [2022-02-20 17:53:36,895 INFO L290 TraceCheckUtils]: 122: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,895 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {4762#true} {4763#false} #1651#return; {4763#false} is VALID [2022-02-20 17:53:36,895 INFO L290 TraceCheckUtils]: 124: Hoare triple {4763#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {4763#false} is VALID [2022-02-20 17:53:36,895 INFO L290 TraceCheckUtils]: 125: Hoare triple {4763#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {4763#false} is VALID [2022-02-20 17:53:36,896 INFO L272 TraceCheckUtils]: 126: Hoare triple {4763#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {4763#false} is VALID [2022-02-20 17:53:36,896 INFO L290 TraceCheckUtils]: 127: Hoare triple {4763#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4763#false} is VALID [2022-02-20 17:53:36,896 INFO L290 TraceCheckUtils]: 128: Hoare triple {4763#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {4763#false} is VALID [2022-02-20 17:53:36,896 INFO L272 TraceCheckUtils]: 129: Hoare triple {4763#false} call incoming__before__Verify(~client#1, ~msg#1); {4763#false} is VALID [2022-02-20 17:53:36,896 INFO L290 TraceCheckUtils]: 130: Hoare triple {4763#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4763#false} is VALID [2022-02-20 17:53:36,896 INFO L290 TraceCheckUtils]: 131: Hoare triple {4763#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {4763#false} is VALID [2022-02-20 17:53:36,896 INFO L272 TraceCheckUtils]: 132: Hoare triple {4763#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {4868#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} is VALID [2022-02-20 17:53:36,896 INFO L290 TraceCheckUtils]: 133: Hoare triple {4868#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4762#true} is VALID [2022-02-20 17:53:36,896 INFO L290 TraceCheckUtils]: 134: Hoare triple {4762#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {4762#true} is VALID [2022-02-20 17:53:36,897 INFO L272 TraceCheckUtils]: 135: Hoare triple {4762#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {4762#true} is VALID [2022-02-20 17:53:36,897 INFO L290 TraceCheckUtils]: 136: Hoare triple {4762#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {4762#true} is VALID [2022-02-20 17:53:36,897 INFO L290 TraceCheckUtils]: 137: Hoare triple {4762#true} assume { :end_inline_deliver } true; {4762#true} is VALID [2022-02-20 17:53:36,897 INFO L290 TraceCheckUtils]: 138: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,897 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {4762#true} {4762#true} #1717#return; {4762#true} is VALID [2022-02-20 17:53:36,897 INFO L290 TraceCheckUtils]: 140: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,897 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {4762#true} {4763#false} #1671#return; {4763#false} is VALID [2022-02-20 17:53:36,897 INFO L290 TraceCheckUtils]: 142: Hoare triple {4763#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {4763#false} is VALID [2022-02-20 17:53:36,897 INFO L290 TraceCheckUtils]: 143: Hoare triple {4763#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {4763#false} is VALID [2022-02-20 17:53:36,897 INFO L290 TraceCheckUtils]: 144: Hoare triple {4763#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {4763#false} is VALID [2022-02-20 17:53:36,898 INFO L290 TraceCheckUtils]: 145: Hoare triple {4763#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {4763#false} is VALID [2022-02-20 17:53:36,898 INFO L272 TraceCheckUtils]: 146: Hoare triple {4763#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {4867#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:36,898 INFO L290 TraceCheckUtils]: 147: Hoare triple {4867#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4762#true} is VALID [2022-02-20 17:53:36,898 INFO L290 TraceCheckUtils]: 148: Hoare triple {4762#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4762#true} is VALID [2022-02-20 17:53:36,898 INFO L290 TraceCheckUtils]: 149: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,898 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {4762#true} {4763#false} #1673#return; {4763#false} is VALID [2022-02-20 17:53:36,898 INFO L290 TraceCheckUtils]: 151: Hoare triple {4763#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {4763#false} is VALID [2022-02-20 17:53:36,898 INFO L272 TraceCheckUtils]: 152: Hoare triple {4763#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {4762#true} is VALID [2022-02-20 17:53:36,898 INFO L290 TraceCheckUtils]: 153: Hoare triple {4762#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {4762#true} is VALID [2022-02-20 17:53:36,899 INFO L290 TraceCheckUtils]: 154: Hoare triple {4762#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4762#true} is VALID [2022-02-20 17:53:36,899 INFO L272 TraceCheckUtils]: 155: Hoare triple {4762#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {4762#true} is VALID [2022-02-20 17:53:36,899 INFO L290 TraceCheckUtils]: 156: Hoare triple {4762#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {4762#true} is VALID [2022-02-20 17:53:36,899 INFO L290 TraceCheckUtils]: 157: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,899 INFO L284 TraceCheckUtils]: 158: Hoare quadruple {4762#true} {4762#true} #1797#return; {4762#true} is VALID [2022-02-20 17:53:36,899 INFO L290 TraceCheckUtils]: 159: Hoare triple {4762#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {4762#true} is VALID [2022-02-20 17:53:36,899 INFO L290 TraceCheckUtils]: 160: Hoare triple {4762#true} assume true; {4762#true} is VALID [2022-02-20 17:53:36,899 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {4762#true} {4763#false} #1675#return; {4763#false} is VALID [2022-02-20 17:53:36,899 INFO L290 TraceCheckUtils]: 162: Hoare triple {4763#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {4763#false} is VALID [2022-02-20 17:53:36,899 INFO L290 TraceCheckUtils]: 163: Hoare triple {4763#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {4763#false} is VALID [2022-02-20 17:53:36,900 INFO L290 TraceCheckUtils]: 164: Hoare triple {4763#false} assume !false; {4763#false} is VALID [2022-02-20 17:53:36,901 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 17:53:36,901 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:53:36,901 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [543607515] [2022-02-20 17:53:36,901 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [543607515] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:53:36,901 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:53:36,901 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:53:36,902 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [149639123] [2022-02-20 17:53:36,902 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:53:36,905 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 9.555555555555555) internal successors, (86), 5 states have internal predecessors, (86), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 165 [2022-02-20 17:53:36,906 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:53:36,906 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 9 states have (on average 9.555555555555555) internal successors, (86), 5 states have internal predecessors, (86), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:36,999 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 139 edges. 139 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:37,000 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:53:37,000 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:53:37,000 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:53:37,000 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=56, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:53:37,001 INFO L87 Difference]: Start difference. First operand 593 states and 882 transitions. Second operand has 9 states, 9 states have (on average 9.555555555555555) internal successors, (86), 5 states have internal predecessors, (86), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:46,674 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:46,674 INFO L93 Difference]: Finished difference Result 1361 states and 2075 transitions. [2022-02-20 17:53:46,675 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 17:53:46,679 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 9.555555555555555) internal successors, (86), 5 states have internal predecessors, (86), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 165 [2022-02-20 17:53:46,679 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:53:46,680 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 9 states have (on average 9.555555555555555) internal successors, (86), 5 states have internal predecessors, (86), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:46,704 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 2075 transitions. [2022-02-20 17:53:46,705 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 9 states have (on average 9.555555555555555) internal successors, (86), 5 states have internal predecessors, (86), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:46,736 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 2075 transitions. [2022-02-20 17:53:46,736 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 2075 transitions. [2022-02-20 17:53:48,470 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 2075 edges. 2075 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:48,517 INFO L225 Difference]: With dead ends: 1361 [2022-02-20 17:53:48,518 INFO L226 Difference]: Without dead ends: 804 [2022-02-20 17:53:48,522 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 49 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 29 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=63, Invalid=209, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:53:48,524 INFO L933 BasicCegarLoop]: 900 mSDtfsCounter, 1420 mSDsluCounter, 1700 mSDsCounter, 0 mSdLazyCounter, 3169 mSolverCounterSat, 729 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1429 SdHoareTripleChecker+Valid, 2600 SdHoareTripleChecker+Invalid, 3898 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 729 IncrementalHoareTripleChecker+Valid, 3169 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.5s IncrementalHoareTripleChecker+Time [2022-02-20 17:53:48,525 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1429 Valid, 2600 Invalid, 3898 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [729 Valid, 3169 Invalid, 0 Unknown, 0 Unchecked, 4.5s Time] [2022-02-20 17:53:48,527 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 804 states. [2022-02-20 17:53:48,560 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 804 to 593. [2022-02-20 17:53:48,560 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:53:48,562 INFO L82 GeneralOperation]: Start isEquivalent. First operand 804 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:48,563 INFO L74 IsIncluded]: Start isIncluded. First operand 804 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:48,564 INFO L87 Difference]: Start difference. First operand 804 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:48,596 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:48,596 INFO L93 Difference]: Finished difference Result 804 states and 1242 transitions. [2022-02-20 17:53:48,596 INFO L276 IsEmpty]: Start isEmpty. Operand 804 states and 1242 transitions. [2022-02-20 17:53:48,600 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:53:48,600 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:53:48,601 INFO L74 IsIncluded]: Start isIncluded. First operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 804 states. [2022-02-20 17:53:48,602 INFO L87 Difference]: Start difference. First operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 804 states. [2022-02-20 17:53:48,634 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:48,634 INFO L93 Difference]: Finished difference Result 804 states and 1242 transitions. [2022-02-20 17:53:48,635 INFO L276 IsEmpty]: Start isEmpty. Operand 804 states and 1242 transitions. [2022-02-20 17:53:48,638 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:53:48,638 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:53:48,638 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:53:48,638 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:53:48,639 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:48,660 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 875 transitions. [2022-02-20 17:53:48,661 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 875 transitions. Word has length 165 [2022-02-20 17:53:48,661 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:53:48,662 INFO L470 AbstractCegarLoop]: Abstraction has 593 states and 875 transitions. [2022-02-20 17:53:48,662 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 9.555555555555555) internal successors, (86), 5 states have internal predecessors, (86), 2 states have call successors, (30), 6 states have call predecessors, (30), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:48,662 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 875 transitions. [2022-02-20 17:53:48,665 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 171 [2022-02-20 17:53:48,665 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:53:48,665 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:53:48,665 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 17:53:48,666 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:53:48,666 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:53:48,666 INFO L85 PathProgramCache]: Analyzing trace with hash 1945344603, now seen corresponding path program 1 times [2022-02-20 17:53:48,666 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:53:48,666 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1193926697] [2022-02-20 17:53:48,666 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:53:48,667 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:53:48,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:53:48,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,758 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1721#return; {9219#true} is VALID [2022-02-20 17:53:48,758 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:53:48,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,765 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1723#return; {9219#true} is VALID [2022-02-20 17:53:48,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:53:48,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,771 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1725#return; {9219#true} is VALID [2022-02-20 17:53:48,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:53:48,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,775 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1727#return; {9219#true} is VALID [2022-02-20 17:53:48,775 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:53:48,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,779 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,779 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,780 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1729#return; {9219#true} is VALID [2022-02-20 17:53:48,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:53:48,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,784 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1731#return; {9219#true} is VALID [2022-02-20 17:53:48,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:53:48,787 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,789 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,789 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,789 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1733#return; {9219#true} is VALID [2022-02-20 17:53:48,789 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:53:48,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,796 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,796 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,796 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1735#return; {9219#true} is VALID [2022-02-20 17:53:48,800 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:53:48,804 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,806 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:48,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,808 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,808 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,808 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9219#true} {9219#true} #1719#return; {9219#true} is VALID [2022-02-20 17:53:48,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {9219#true} is VALID [2022-02-20 17:53:48,809 INFO L272 TraceCheckUtils]: 1: Hoare triple {9219#true} call setClientId(~bob___0, ~bob___0); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,809 INFO L290 TraceCheckUtils]: 2: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,809 INFO L290 TraceCheckUtils]: 3: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,809 INFO L290 TraceCheckUtils]: 4: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,809 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {9219#true} {9219#true} #1719#return; {9219#true} is VALID [2022-02-20 17:53:48,809 INFO L290 TraceCheckUtils]: 6: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,810 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {9219#true} {9219#true} #1741#return; {9219#true} is VALID [2022-02-20 17:53:48,810 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:53:48,813 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,828 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:48,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,855 INFO L290 TraceCheckUtils]: 0: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9319#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:48,856 INFO L290 TraceCheckUtils]: 1: Hoare triple {9319#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9320#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:48,856 INFO L290 TraceCheckUtils]: 2: Hoare triple {9320#(= |setClientId_#in~handle| 1)} assume true; {9320#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:48,856 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9320#(= |setClientId_#in~handle| 1)} {9313#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:48,857 INFO L290 TraceCheckUtils]: 0: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {9313#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:53:48,857 INFO L272 TraceCheckUtils]: 1: Hoare triple {9313#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,858 INFO L290 TraceCheckUtils]: 2: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9319#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:48,858 INFO L290 TraceCheckUtils]: 3: Hoare triple {9319#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9320#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:48,858 INFO L290 TraceCheckUtils]: 4: Hoare triple {9320#(= |setClientId_#in~handle| 1)} assume true; {9320#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:48,859 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {9320#(= |setClientId_#in~handle| 1)} {9313#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:48,859 INFO L290 TraceCheckUtils]: 6: Hoare triple {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:48,859 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {9253#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {9220#false} is VALID [2022-02-20 17:53:48,860 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:53:48,862 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,864 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:48,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,866 INFO L290 TraceCheckUtils]: 0: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,866 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,867 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,867 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9219#true} {9219#true} #1615#return; {9219#true} is VALID [2022-02-20 17:53:48,867 INFO L290 TraceCheckUtils]: 0: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {9219#true} is VALID [2022-02-20 17:53:48,867 INFO L272 TraceCheckUtils]: 1: Hoare triple {9219#true} call setClientId(~chuck___0, ~chuck___0); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,868 INFO L290 TraceCheckUtils]: 2: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,868 INFO L290 TraceCheckUtils]: 3: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,868 INFO L290 TraceCheckUtils]: 4: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,868 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {9219#true} {9219#true} #1615#return; {9219#true} is VALID [2022-02-20 17:53:48,868 INFO L290 TraceCheckUtils]: 6: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,868 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {9219#true} {9220#false} #1753#return; {9220#false} is VALID [2022-02-20 17:53:48,874 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:53:48,875 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,877 INFO L290 TraceCheckUtils]: 0: Hoare triple {9325#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,877 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,877 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,877 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9219#true} {9220#false} #1637#return; {9220#false} is VALID [2022-02-20 17:53:48,884 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:53:48,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,887 INFO L290 TraceCheckUtils]: 0: Hoare triple {9326#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,887 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9219#true} {9220#false} #1639#return; {9220#false} is VALID [2022-02-20 17:53:48,887 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:53:48,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,890 INFO L290 TraceCheckUtils]: 0: Hoare triple {9325#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,890 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,890 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,890 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9219#true} {9220#false} #1649#return; {9220#false} is VALID [2022-02-20 17:53:48,890 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:53:48,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,894 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} ~handle := #in~handle;havoc ~retValue_acc~28; {9219#true} is VALID [2022-02-20 17:53:48,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {9219#true} is VALID [2022-02-20 17:53:48,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,894 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9219#true} {9220#false} #1651#return; {9220#false} is VALID [2022-02-20 17:53:48,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 17:53:48,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,909 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:48,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,912 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {9219#true} is VALID [2022-02-20 17:53:48,912 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume { :end_inline_deliver } true; {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9219#true} {9219#true} #1717#return; {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L290 TraceCheckUtils]: 0: Hoare triple {9327#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L272 TraceCheckUtils]: 2: Hoare triple {9219#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L290 TraceCheckUtils]: 3: Hoare triple {9219#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L290 TraceCheckUtils]: 4: Hoare triple {9219#true} assume { :end_inline_deliver } true; {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L290 TraceCheckUtils]: 5: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,913 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {9219#true} {9219#true} #1717#return; {9219#true} is VALID [2022-02-20 17:53:48,914 INFO L290 TraceCheckUtils]: 7: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,914 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {9219#true} {9220#false} #1671#return; {9220#false} is VALID [2022-02-20 17:53:48,914 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 151 [2022-02-20 17:53:48,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,917 INFO L290 TraceCheckUtils]: 0: Hoare triple {9326#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,918 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,918 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,918 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9219#true} {9220#false} #1673#return; {9220#false} is VALID [2022-02-20 17:53:48,918 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 17:53:48,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:48,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:48,924 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {9219#true} is VALID [2022-02-20 17:53:48,924 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,924 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9219#true} {9219#true} #1797#return; {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L272 TraceCheckUtils]: 2: Hoare triple {9219#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L290 TraceCheckUtils]: 3: Hoare triple {9219#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L290 TraceCheckUtils]: 4: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {9219#true} {9219#true} #1797#return; {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L290 TraceCheckUtils]: 6: Hoare triple {9219#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L290 TraceCheckUtils]: 7: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,925 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {9219#true} {9220#false} #1675#return; {9220#false} is VALID [2022-02-20 17:53:48,926 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {9219#true} is VALID [2022-02-20 17:53:48,926 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {9219#true} is VALID [2022-02-20 17:53:48,926 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {9219#true} is VALID [2022-02-20 17:53:48,926 INFO L272 TraceCheckUtils]: 3: Hoare triple {9219#true} call select_features_#t~ret5#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:48,926 INFO L290 TraceCheckUtils]: 4: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,926 INFO L290 TraceCheckUtils]: 5: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,926 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {9219#true} {9219#true} #1721#return; {9219#true} is VALID [2022-02-20 17:53:48,926 INFO L290 TraceCheckUtils]: 7: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L272 TraceCheckUtils]: 8: Hoare triple {9219#true} call select_features_#t~ret6#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L290 TraceCheckUtils]: 9: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L290 TraceCheckUtils]: 10: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {9219#true} {9219#true} #1723#return; {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L290 TraceCheckUtils]: 12: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L272 TraceCheckUtils]: 13: Hoare triple {9219#true} call select_features_#t~ret7#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L290 TraceCheckUtils]: 14: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L290 TraceCheckUtils]: 15: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,927 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9219#true} {9219#true} #1725#return; {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L290 TraceCheckUtils]: 17: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L272 TraceCheckUtils]: 18: Hoare triple {9219#true} call select_features_#t~ret8#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L290 TraceCheckUtils]: 19: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L290 TraceCheckUtils]: 20: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {9219#true} {9219#true} #1727#return; {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L290 TraceCheckUtils]: 22: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L272 TraceCheckUtils]: 23: Hoare triple {9219#true} call select_features_#t~ret9#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L290 TraceCheckUtils]: 24: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L290 TraceCheckUtils]: 25: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,928 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {9219#true} {9219#true} #1729#return; {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L290 TraceCheckUtils]: 27: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L272 TraceCheckUtils]: 28: Hoare triple {9219#true} call select_features_#t~ret10#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L290 TraceCheckUtils]: 29: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L290 TraceCheckUtils]: 30: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {9219#true} {9219#true} #1731#return; {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L290 TraceCheckUtils]: 32: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L272 TraceCheckUtils]: 33: Hoare triple {9219#true} call select_features_#t~ret11#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L290 TraceCheckUtils]: 34: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,929 INFO L290 TraceCheckUtils]: 35: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {9219#true} {9219#true} #1733#return; {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L290 TraceCheckUtils]: 37: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L272 TraceCheckUtils]: 38: Hoare triple {9219#true} call select_features_#t~ret12#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L290 TraceCheckUtils]: 39: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L290 TraceCheckUtils]: 40: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {9219#true} {9219#true} #1735#return; {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L290 TraceCheckUtils]: 42: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L290 TraceCheckUtils]: 43: Hoare triple {9219#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {9219#true} is VALID [2022-02-20 17:53:48,930 INFO L290 TraceCheckUtils]: 44: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 45: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 46: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 47: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 48: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 49: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 50: Hoare triple {9219#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 51: Hoare triple {9219#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 52: Hoare triple {9219#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {9219#true} is VALID [2022-02-20 17:53:48,931 INFO L290 TraceCheckUtils]: 53: Hoare triple {9219#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {9219#true} is VALID [2022-02-20 17:53:48,932 INFO L290 TraceCheckUtils]: 54: Hoare triple {9219#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {9219#true} is VALID [2022-02-20 17:53:48,932 INFO L272 TraceCheckUtils]: 55: Hoare triple {9219#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,932 INFO L290 TraceCheckUtils]: 56: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {9219#true} is VALID [2022-02-20 17:53:48,933 INFO L272 TraceCheckUtils]: 57: Hoare triple {9219#true} call setClientId(~bob___0, ~bob___0); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,933 INFO L290 TraceCheckUtils]: 58: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,933 INFO L290 TraceCheckUtils]: 59: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,933 INFO L290 TraceCheckUtils]: 60: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,943 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {9219#true} {9219#true} #1719#return; {9219#true} is VALID [2022-02-20 17:53:48,943 INFO L290 TraceCheckUtils]: 62: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,943 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {9219#true} {9219#true} #1741#return; {9219#true} is VALID [2022-02-20 17:53:48,944 INFO L290 TraceCheckUtils]: 64: Hoare triple {9219#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {9253#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:53:48,944 INFO L290 TraceCheckUtils]: 65: Hoare triple {9253#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {9253#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:53:48,945 INFO L272 TraceCheckUtils]: 66: Hoare triple {9253#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,945 INFO L290 TraceCheckUtils]: 67: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {9313#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:53:48,945 INFO L272 TraceCheckUtils]: 68: Hoare triple {9313#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,946 INFO L290 TraceCheckUtils]: 69: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9319#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:48,946 INFO L290 TraceCheckUtils]: 70: Hoare triple {9319#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9320#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:48,946 INFO L290 TraceCheckUtils]: 71: Hoare triple {9320#(= |setClientId_#in~handle| 1)} assume true; {9320#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:48,947 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {9320#(= |setClientId_#in~handle| 1)} {9313#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:48,947 INFO L290 TraceCheckUtils]: 73: Hoare triple {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:48,948 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {9318#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {9253#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {9220#false} is VALID [2022-02-20 17:53:48,948 INFO L290 TraceCheckUtils]: 75: Hoare triple {9220#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {9220#false} is VALID [2022-02-20 17:53:48,948 INFO L290 TraceCheckUtils]: 76: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {9220#false} is VALID [2022-02-20 17:53:48,948 INFO L272 TraceCheckUtils]: 77: Hoare triple {9220#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,948 INFO L290 TraceCheckUtils]: 78: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {9219#true} is VALID [2022-02-20 17:53:48,949 INFO L272 TraceCheckUtils]: 79: Hoare triple {9219#true} call setClientId(~chuck___0, ~chuck___0); {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:48,949 INFO L290 TraceCheckUtils]: 80: Hoare triple {9308#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,949 INFO L290 TraceCheckUtils]: 81: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,949 INFO L290 TraceCheckUtils]: 82: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,949 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {9219#true} {9219#true} #1615#return; {9219#true} is VALID [2022-02-20 17:53:48,949 INFO L290 TraceCheckUtils]: 84: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,949 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {9219#true} {9220#false} #1753#return; {9220#false} is VALID [2022-02-20 17:53:48,949 INFO L290 TraceCheckUtils]: 86: Hoare triple {9220#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {9220#false} is VALID [2022-02-20 17:53:48,949 INFO L290 TraceCheckUtils]: 87: Hoare triple {9220#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9220#false} is VALID [2022-02-20 17:53:48,950 INFO L290 TraceCheckUtils]: 88: Hoare triple {9220#false} assume !false; {9220#false} is VALID [2022-02-20 17:53:48,950 INFO L290 TraceCheckUtils]: 89: Hoare triple {9220#false} assume !(test_~splverifierCounter~0#1 < 4); {9220#false} is VALID [2022-02-20 17:53:48,950 INFO L290 TraceCheckUtils]: 90: Hoare triple {9220#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {9220#false} is VALID [2022-02-20 17:53:48,950 INFO L272 TraceCheckUtils]: 91: Hoare triple {9220#false} call sendEmail(~bob~0, ~rjh~0); {9220#false} is VALID [2022-02-20 17:53:48,950 INFO L290 TraceCheckUtils]: 92: Hoare triple {9220#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9220#false} is VALID [2022-02-20 17:53:48,950 INFO L272 TraceCheckUtils]: 93: Hoare triple {9220#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9325#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:48,950 INFO L290 TraceCheckUtils]: 94: Hoare triple {9325#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,950 INFO L290 TraceCheckUtils]: 95: Hoare triple {9219#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,951 INFO L290 TraceCheckUtils]: 96: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,951 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {9219#true} {9220#false} #1637#return; {9220#false} is VALID [2022-02-20 17:53:48,951 INFO L272 TraceCheckUtils]: 98: Hoare triple {9220#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9326#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:48,951 INFO L290 TraceCheckUtils]: 99: Hoare triple {9326#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,951 INFO L290 TraceCheckUtils]: 100: Hoare triple {9219#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,951 INFO L290 TraceCheckUtils]: 101: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,951 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {9219#true} {9220#false} #1639#return; {9220#false} is VALID [2022-02-20 17:53:48,951 INFO L290 TraceCheckUtils]: 103: Hoare triple {9220#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {9220#false} is VALID [2022-02-20 17:53:48,951 INFO L290 TraceCheckUtils]: 104: Hoare triple {9220#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {9220#false} is VALID [2022-02-20 17:53:48,951 INFO L272 TraceCheckUtils]: 105: Hoare triple {9220#false} call outgoing(~sender#1, ~email~0#1); {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L290 TraceCheckUtils]: 106: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L290 TraceCheckUtils]: 107: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L272 TraceCheckUtils]: 108: Hoare triple {9220#false} call outgoing__before__Sign(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L290 TraceCheckUtils]: 109: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L290 TraceCheckUtils]: 110: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L272 TraceCheckUtils]: 111: Hoare triple {9220#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L290 TraceCheckUtils]: 112: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L290 TraceCheckUtils]: 113: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {9220#false} is VALID [2022-02-20 17:53:48,952 INFO L272 TraceCheckUtils]: 114: Hoare triple {9220#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:48,953 INFO L290 TraceCheckUtils]: 115: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {9220#false} is VALID [2022-02-20 17:53:48,953 INFO L290 TraceCheckUtils]: 116: Hoare triple {9220#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {9220#false} is VALID [2022-02-20 17:53:48,953 INFO L290 TraceCheckUtils]: 117: Hoare triple {9220#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {9220#false} is VALID [2022-02-20 17:53:48,953 INFO L272 TraceCheckUtils]: 118: Hoare triple {9220#false} call setEmailFrom(~msg#1, ~tmp~2#1); {9325#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:48,953 INFO L290 TraceCheckUtils]: 119: Hoare triple {9325#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,953 INFO L290 TraceCheckUtils]: 120: Hoare triple {9219#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,953 INFO L290 TraceCheckUtils]: 121: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,953 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {9219#true} {9220#false} #1649#return; {9220#false} is VALID [2022-02-20 17:53:48,953 INFO L290 TraceCheckUtils]: 123: Hoare triple {9220#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {9220#false} is VALID [2022-02-20 17:53:48,953 INFO L272 TraceCheckUtils]: 124: Hoare triple {9220#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {9219#true} is VALID [2022-02-20 17:53:48,954 INFO L290 TraceCheckUtils]: 125: Hoare triple {9219#true} ~handle := #in~handle;havoc ~retValue_acc~28; {9219#true} is VALID [2022-02-20 17:53:48,954 INFO L290 TraceCheckUtils]: 126: Hoare triple {9219#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {9219#true} is VALID [2022-02-20 17:53:48,954 INFO L290 TraceCheckUtils]: 127: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,954 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {9219#true} {9220#false} #1651#return; {9220#false} is VALID [2022-02-20 17:53:48,954 INFO L290 TraceCheckUtils]: 129: Hoare triple {9220#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {9220#false} is VALID [2022-02-20 17:53:48,954 INFO L290 TraceCheckUtils]: 130: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {9220#false} is VALID [2022-02-20 17:53:48,954 INFO L272 TraceCheckUtils]: 131: Hoare triple {9220#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {9220#false} is VALID [2022-02-20 17:53:48,954 INFO L290 TraceCheckUtils]: 132: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:48,954 INFO L290 TraceCheckUtils]: 133: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {9220#false} is VALID [2022-02-20 17:53:48,955 INFO L272 TraceCheckUtils]: 134: Hoare triple {9220#false} call incoming__before__Verify(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:48,955 INFO L290 TraceCheckUtils]: 135: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:48,955 INFO L290 TraceCheckUtils]: 136: Hoare triple {9220#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {9220#false} is VALID [2022-02-20 17:53:48,955 INFO L272 TraceCheckUtils]: 137: Hoare triple {9220#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {9327#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} is VALID [2022-02-20 17:53:48,955 INFO L290 TraceCheckUtils]: 138: Hoare triple {9327#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9219#true} is VALID [2022-02-20 17:53:48,955 INFO L290 TraceCheckUtils]: 139: Hoare triple {9219#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {9219#true} is VALID [2022-02-20 17:53:48,955 INFO L272 TraceCheckUtils]: 140: Hoare triple {9219#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {9219#true} is VALID [2022-02-20 17:53:48,955 INFO L290 TraceCheckUtils]: 141: Hoare triple {9219#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {9219#true} is VALID [2022-02-20 17:53:48,955 INFO L290 TraceCheckUtils]: 142: Hoare triple {9219#true} assume { :end_inline_deliver } true; {9219#true} is VALID [2022-02-20 17:53:48,956 INFO L290 TraceCheckUtils]: 143: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,956 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {9219#true} {9219#true} #1717#return; {9219#true} is VALID [2022-02-20 17:53:48,956 INFO L290 TraceCheckUtils]: 145: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,967 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {9219#true} {9220#false} #1671#return; {9220#false} is VALID [2022-02-20 17:53:48,967 INFO L290 TraceCheckUtils]: 147: Hoare triple {9220#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {9220#false} is VALID [2022-02-20 17:53:48,967 INFO L290 TraceCheckUtils]: 148: Hoare triple {9220#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {9220#false} is VALID [2022-02-20 17:53:48,967 INFO L290 TraceCheckUtils]: 149: Hoare triple {9220#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {9220#false} is VALID [2022-02-20 17:53:48,967 INFO L290 TraceCheckUtils]: 150: Hoare triple {9220#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {9220#false} is VALID [2022-02-20 17:53:48,967 INFO L272 TraceCheckUtils]: 151: Hoare triple {9220#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {9326#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:48,967 INFO L290 TraceCheckUtils]: 152: Hoare triple {9326#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:48,967 INFO L290 TraceCheckUtils]: 153: Hoare triple {9219#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:48,967 INFO L290 TraceCheckUtils]: 154: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,967 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {9219#true} {9220#false} #1673#return; {9220#false} is VALID [2022-02-20 17:53:48,968 INFO L290 TraceCheckUtils]: 156: Hoare triple {9220#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {9220#false} is VALID [2022-02-20 17:53:48,968 INFO L272 TraceCheckUtils]: 157: Hoare triple {9220#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {9219#true} is VALID [2022-02-20 17:53:48,968 INFO L290 TraceCheckUtils]: 158: Hoare triple {9219#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {9219#true} is VALID [2022-02-20 17:53:48,968 INFO L290 TraceCheckUtils]: 159: Hoare triple {9219#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {9219#true} is VALID [2022-02-20 17:53:48,968 INFO L272 TraceCheckUtils]: 160: Hoare triple {9219#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {9219#true} is VALID [2022-02-20 17:53:48,968 INFO L290 TraceCheckUtils]: 161: Hoare triple {9219#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {9219#true} is VALID [2022-02-20 17:53:48,968 INFO L290 TraceCheckUtils]: 162: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,968 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {9219#true} {9219#true} #1797#return; {9219#true} is VALID [2022-02-20 17:53:48,968 INFO L290 TraceCheckUtils]: 164: Hoare triple {9219#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {9219#true} is VALID [2022-02-20 17:53:48,969 INFO L290 TraceCheckUtils]: 165: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:48,969 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {9219#true} {9220#false} #1675#return; {9220#false} is VALID [2022-02-20 17:53:48,969 INFO L290 TraceCheckUtils]: 167: Hoare triple {9220#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {9220#false} is VALID [2022-02-20 17:53:48,969 INFO L290 TraceCheckUtils]: 168: Hoare triple {9220#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {9220#false} is VALID [2022-02-20 17:53:48,969 INFO L290 TraceCheckUtils]: 169: Hoare triple {9220#false} assume !false; {9220#false} is VALID [2022-02-20 17:53:48,969 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 98 trivial. 0 not checked. [2022-02-20 17:53:48,970 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:53:48,970 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1193926697] [2022-02-20 17:53:48,970 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1193926697] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:53:48,970 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [851864335] [2022-02-20 17:53:48,970 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:53:48,971 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:53:48,971 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:53:48,973 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:53:48,975 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:53:49,243 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:49,248 INFO L263 TraceCheckSpWp]: Trace formula consists of 1488 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:53:49,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:49,329 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:53:49,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {9219#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {9219#true} is VALID [2022-02-20 17:53:49,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {9219#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {9219#true} is VALID [2022-02-20 17:53:49,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {9219#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {9219#true} is VALID [2022-02-20 17:53:49,657 INFO L272 TraceCheckUtils]: 3: Hoare triple {9219#true} call select_features_#t~ret5#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:49,657 INFO L290 TraceCheckUtils]: 4: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:49,657 INFO L290 TraceCheckUtils]: 5: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,657 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {9219#true} {9219#true} #1721#return; {9219#true} is VALID [2022-02-20 17:53:49,657 INFO L290 TraceCheckUtils]: 7: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {9219#true} is VALID [2022-02-20 17:53:49,657 INFO L272 TraceCheckUtils]: 8: Hoare triple {9219#true} call select_features_#t~ret6#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L290 TraceCheckUtils]: 9: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L290 TraceCheckUtils]: 10: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {9219#true} {9219#true} #1723#return; {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L290 TraceCheckUtils]: 12: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L272 TraceCheckUtils]: 13: Hoare triple {9219#true} call select_features_#t~ret7#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L290 TraceCheckUtils]: 14: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L290 TraceCheckUtils]: 15: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9219#true} {9219#true} #1725#return; {9219#true} is VALID [2022-02-20 17:53:49,658 INFO L290 TraceCheckUtils]: 17: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L272 TraceCheckUtils]: 18: Hoare triple {9219#true} call select_features_#t~ret8#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L290 TraceCheckUtils]: 19: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L290 TraceCheckUtils]: 20: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {9219#true} {9219#true} #1727#return; {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L290 TraceCheckUtils]: 22: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L272 TraceCheckUtils]: 23: Hoare triple {9219#true} call select_features_#t~ret9#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L290 TraceCheckUtils]: 24: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L290 TraceCheckUtils]: 25: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,659 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {9219#true} {9219#true} #1729#return; {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L290 TraceCheckUtils]: 27: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L272 TraceCheckUtils]: 28: Hoare triple {9219#true} call select_features_#t~ret10#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L290 TraceCheckUtils]: 29: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L290 TraceCheckUtils]: 30: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {9219#true} {9219#true} #1731#return; {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L290 TraceCheckUtils]: 32: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L272 TraceCheckUtils]: 33: Hoare triple {9219#true} call select_features_#t~ret11#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L290 TraceCheckUtils]: 34: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:49,660 INFO L290 TraceCheckUtils]: 35: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {9219#true} {9219#true} #1733#return; {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L290 TraceCheckUtils]: 37: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L272 TraceCheckUtils]: 38: Hoare triple {9219#true} call select_features_#t~ret12#1 := select_one(); {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L290 TraceCheckUtils]: 39: Hoare triple {9219#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L290 TraceCheckUtils]: 40: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {9219#true} {9219#true} #1735#return; {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L290 TraceCheckUtils]: 42: Hoare triple {9219#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L290 TraceCheckUtils]: 43: Hoare triple {9219#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {9219#true} is VALID [2022-02-20 17:53:49,661 INFO L290 TraceCheckUtils]: 44: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 45: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 46: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 47: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 48: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 49: Hoare triple {9219#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 50: Hoare triple {9219#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 51: Hoare triple {9219#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 52: Hoare triple {9219#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 53: Hoare triple {9219#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {9219#true} is VALID [2022-02-20 17:53:49,662 INFO L290 TraceCheckUtils]: 54: Hoare triple {9219#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L272 TraceCheckUtils]: 55: Hoare triple {9219#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L290 TraceCheckUtils]: 56: Hoare triple {9219#true} ~bob___0 := #in~bob___0; {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L272 TraceCheckUtils]: 57: Hoare triple {9219#true} call setClientId(~bob___0, ~bob___0); {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L290 TraceCheckUtils]: 58: Hoare triple {9219#true} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L290 TraceCheckUtils]: 59: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L290 TraceCheckUtils]: 60: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {9219#true} {9219#true} #1719#return; {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L290 TraceCheckUtils]: 62: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,663 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {9219#true} {9219#true} #1741#return; {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L290 TraceCheckUtils]: 64: Hoare triple {9219#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L290 TraceCheckUtils]: 65: Hoare triple {9219#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L272 TraceCheckUtils]: 66: Hoare triple {9219#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L290 TraceCheckUtils]: 67: Hoare triple {9219#true} ~rjh___0 := #in~rjh___0; {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L272 TraceCheckUtils]: 68: Hoare triple {9219#true} call setClientId(~rjh___0, ~rjh___0); {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L290 TraceCheckUtils]: 69: Hoare triple {9219#true} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L290 TraceCheckUtils]: 70: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L290 TraceCheckUtils]: 71: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,664 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {9219#true} {9219#true} #1669#return; {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L290 TraceCheckUtils]: 73: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {9219#true} {9219#true} #1747#return; {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L290 TraceCheckUtils]: 75: Hoare triple {9219#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L290 TraceCheckUtils]: 76: Hoare triple {9219#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L272 TraceCheckUtils]: 77: Hoare triple {9219#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L290 TraceCheckUtils]: 78: Hoare triple {9219#true} ~chuck___0 := #in~chuck___0; {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L272 TraceCheckUtils]: 79: Hoare triple {9219#true} call setClientId(~chuck___0, ~chuck___0); {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L290 TraceCheckUtils]: 80: Hoare triple {9219#true} ~handle := #in~handle;~value := #in~value; {9219#true} is VALID [2022-02-20 17:53:49,665 INFO L290 TraceCheckUtils]: 81: Hoare triple {9219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9219#true} is VALID [2022-02-20 17:53:49,666 INFO L290 TraceCheckUtils]: 82: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,666 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {9219#true} {9219#true} #1615#return; {9219#true} is VALID [2022-02-20 17:53:49,666 INFO L290 TraceCheckUtils]: 84: Hoare triple {9219#true} assume true; {9219#true} is VALID [2022-02-20 17:53:49,666 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {9219#true} {9219#true} #1753#return; {9219#true} is VALID [2022-02-20 17:53:49,666 INFO L290 TraceCheckUtils]: 86: Hoare triple {9219#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {9219#true} is VALID [2022-02-20 17:53:49,666 INFO L290 TraceCheckUtils]: 87: Hoare triple {9219#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9599#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:53:49,667 INFO L290 TraceCheckUtils]: 88: Hoare triple {9599#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {9599#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:53:49,667 INFO L290 TraceCheckUtils]: 89: Hoare triple {9599#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {9220#false} is VALID [2022-02-20 17:53:49,667 INFO L290 TraceCheckUtils]: 90: Hoare triple {9220#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {9220#false} is VALID [2022-02-20 17:53:49,667 INFO L272 TraceCheckUtils]: 91: Hoare triple {9220#false} call sendEmail(~bob~0, ~rjh~0); {9220#false} is VALID [2022-02-20 17:53:49,667 INFO L290 TraceCheckUtils]: 92: Hoare triple {9220#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L272 TraceCheckUtils]: 93: Hoare triple {9220#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L290 TraceCheckUtils]: 94: Hoare triple {9220#false} ~handle := #in~handle;~value := #in~value; {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L290 TraceCheckUtils]: 95: Hoare triple {9220#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L290 TraceCheckUtils]: 96: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {9220#false} {9220#false} #1637#return; {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L272 TraceCheckUtils]: 98: Hoare triple {9220#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L290 TraceCheckUtils]: 99: Hoare triple {9220#false} ~handle := #in~handle;~value := #in~value; {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L290 TraceCheckUtils]: 100: Hoare triple {9220#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9220#false} is VALID [2022-02-20 17:53:49,668 INFO L290 TraceCheckUtils]: 101: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {9220#false} {9220#false} #1639#return; {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L290 TraceCheckUtils]: 103: Hoare triple {9220#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L290 TraceCheckUtils]: 104: Hoare triple {9220#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L272 TraceCheckUtils]: 105: Hoare triple {9220#false} call outgoing(~sender#1, ~email~0#1); {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L290 TraceCheckUtils]: 106: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L290 TraceCheckUtils]: 107: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L272 TraceCheckUtils]: 108: Hoare triple {9220#false} call outgoing__before__Sign(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L290 TraceCheckUtils]: 109: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:49,669 INFO L290 TraceCheckUtils]: 110: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L272 TraceCheckUtils]: 111: Hoare triple {9220#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L290 TraceCheckUtils]: 112: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L290 TraceCheckUtils]: 113: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L272 TraceCheckUtils]: 114: Hoare triple {9220#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L290 TraceCheckUtils]: 115: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L290 TraceCheckUtils]: 116: Hoare triple {9220#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L290 TraceCheckUtils]: 117: Hoare triple {9220#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L272 TraceCheckUtils]: 118: Hoare triple {9220#false} call setEmailFrom(~msg#1, ~tmp~2#1); {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L290 TraceCheckUtils]: 119: Hoare triple {9220#false} ~handle := #in~handle;~value := #in~value; {9220#false} is VALID [2022-02-20 17:53:49,670 INFO L290 TraceCheckUtils]: 120: Hoare triple {9220#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9220#false} is VALID [2022-02-20 17:53:49,671 INFO L290 TraceCheckUtils]: 121: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,671 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {9220#false} {9220#false} #1649#return; {9220#false} is VALID [2022-02-20 17:53:49,671 INFO L290 TraceCheckUtils]: 123: Hoare triple {9220#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {9220#false} is VALID [2022-02-20 17:53:49,671 INFO L272 TraceCheckUtils]: 124: Hoare triple {9220#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,672 INFO L290 TraceCheckUtils]: 125: Hoare triple {9220#false} ~handle := #in~handle;havoc ~retValue_acc~28; {9220#false} is VALID [2022-02-20 17:53:49,672 INFO L290 TraceCheckUtils]: 126: Hoare triple {9220#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {9220#false} is VALID [2022-02-20 17:53:49,672 INFO L290 TraceCheckUtils]: 127: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,672 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {9220#false} {9220#false} #1651#return; {9220#false} is VALID [2022-02-20 17:53:49,672 INFO L290 TraceCheckUtils]: 129: Hoare triple {9220#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L290 TraceCheckUtils]: 130: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L272 TraceCheckUtils]: 131: Hoare triple {9220#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L290 TraceCheckUtils]: 132: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L290 TraceCheckUtils]: 133: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L272 TraceCheckUtils]: 134: Hoare triple {9220#false} call incoming__before__Verify(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L290 TraceCheckUtils]: 135: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L290 TraceCheckUtils]: 136: Hoare triple {9220#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L272 TraceCheckUtils]: 137: Hoare triple {9220#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L290 TraceCheckUtils]: 138: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {9220#false} is VALID [2022-02-20 17:53:49,673 INFO L290 TraceCheckUtils]: 139: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L272 TraceCheckUtils]: 140: Hoare triple {9220#false} call incoming__before__AutoResponder(~client#1, ~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L290 TraceCheckUtils]: 141: Hoare triple {9220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L290 TraceCheckUtils]: 142: Hoare triple {9220#false} assume { :end_inline_deliver } true; {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L290 TraceCheckUtils]: 143: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {9220#false} {9220#false} #1717#return; {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L290 TraceCheckUtils]: 145: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {9220#false} {9220#false} #1671#return; {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L290 TraceCheckUtils]: 147: Hoare triple {9220#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {9220#false} is VALID [2022-02-20 17:53:49,674 INFO L290 TraceCheckUtils]: 148: Hoare triple {9220#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L290 TraceCheckUtils]: 149: Hoare triple {9220#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L290 TraceCheckUtils]: 150: Hoare triple {9220#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L272 TraceCheckUtils]: 151: Hoare triple {9220#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L290 TraceCheckUtils]: 152: Hoare triple {9220#false} ~handle := #in~handle;~value := #in~value; {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L290 TraceCheckUtils]: 153: Hoare triple {9220#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L290 TraceCheckUtils]: 154: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {9220#false} {9220#false} #1673#return; {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L290 TraceCheckUtils]: 156: Hoare triple {9220#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {9220#false} is VALID [2022-02-20 17:53:49,675 INFO L272 TraceCheckUtils]: 157: Hoare triple {9220#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L290 TraceCheckUtils]: 158: Hoare triple {9220#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L290 TraceCheckUtils]: 159: Hoare triple {9220#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L272 TraceCheckUtils]: 160: Hoare triple {9220#false} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L290 TraceCheckUtils]: 161: Hoare triple {9220#false} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L290 TraceCheckUtils]: 162: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {9220#false} {9220#false} #1797#return; {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L290 TraceCheckUtils]: 164: Hoare triple {9220#false} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L290 TraceCheckUtils]: 165: Hoare triple {9220#false} assume true; {9220#false} is VALID [2022-02-20 17:53:49,676 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {9220#false} {9220#false} #1675#return; {9220#false} is VALID [2022-02-20 17:53:49,677 INFO L290 TraceCheckUtils]: 167: Hoare triple {9220#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {9220#false} is VALID [2022-02-20 17:53:49,677 INFO L290 TraceCheckUtils]: 168: Hoare triple {9220#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {9220#false} is VALID [2022-02-20 17:53:49,677 INFO L290 TraceCheckUtils]: 169: Hoare triple {9220#false} assume !false; {9220#false} is VALID [2022-02-20 17:53:49,677 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 17:53:49,677 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:53:49,677 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [851864335] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:53:49,678 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:53:49,678 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [11] total 12 [2022-02-20 17:53:49,679 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [525806371] [2022-02-20 17:53:49,679 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:53:49,680 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 30.333333333333332) internal successors, (91), 3 states have internal predecessors, (91), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 170 [2022-02-20 17:53:49,681 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:53:49,681 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 30.333333333333332) internal successors, (91), 3 states have internal predecessors, (91), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:49,759 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 144 edges. 144 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:49,760 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:53:49,761 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:53:49,762 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:53:49,762 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=110, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:53:49,762 INFO L87 Difference]: Start difference. First operand 593 states and 875 transitions. Second operand has 3 states, 3 states have (on average 30.333333333333332) internal successors, (91), 3 states have internal predecessors, (91), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:50,410 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:50,411 INFO L93 Difference]: Finished difference Result 921 states and 1333 transitions. [2022-02-20 17:53:50,411 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:53:50,411 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 30.333333333333332) internal successors, (91), 3 states have internal predecessors, (91), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 170 [2022-02-20 17:53:50,411 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:53:50,412 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 30.333333333333332) internal successors, (91), 3 states have internal predecessors, (91), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:50,423 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1333 transitions. [2022-02-20 17:53:50,423 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 30.333333333333332) internal successors, (91), 3 states have internal predecessors, (91), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:50,434 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1333 transitions. [2022-02-20 17:53:50,435 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1333 transitions. [2022-02-20 17:53:51,197 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1333 edges. 1333 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:51,217 INFO L225 Difference]: With dead ends: 921 [2022-02-20 17:53:51,218 INFO L226 Difference]: Without dead ends: 596 [2022-02-20 17:53:51,219 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 220 GetRequests, 210 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=110, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:53:51,219 INFO L933 BasicCegarLoop]: 873 mSDtfsCounter, 1 mSDsluCounter, 871 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1744 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:53:51,219 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1744 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:53:51,220 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 596 states. [2022-02-20 17:53:51,235 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 596 to 595. [2022-02-20 17:53:51,235 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:53:51,236 INFO L82 GeneralOperation]: Start isEquivalent. First operand 596 states. Second operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:51,237 INFO L74 IsIncluded]: Start isIncluded. First operand 596 states. Second operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:51,238 INFO L87 Difference]: Start difference. First operand 596 states. Second operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:51,253 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:51,253 INFO L93 Difference]: Finished difference Result 596 states and 878 transitions. [2022-02-20 17:53:51,254 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 878 transitions. [2022-02-20 17:53:51,255 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:53:51,255 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:53:51,257 INFO L74 IsIncluded]: Start isIncluded. First operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 596 states. [2022-02-20 17:53:51,258 INFO L87 Difference]: Start difference. First operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 596 states. [2022-02-20 17:53:51,273 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:51,273 INFO L93 Difference]: Finished difference Result 596 states and 878 transitions. [2022-02-20 17:53:51,273 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 878 transitions. [2022-02-20 17:53:51,275 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:53:51,275 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:53:51,275 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:53:51,275 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:53:51,277 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:53:51,296 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 595 states to 595 states and 877 transitions. [2022-02-20 17:53:51,297 INFO L78 Accepts]: Start accepts. Automaton has 595 states and 877 transitions. Word has length 170 [2022-02-20 17:53:51,297 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:53:51,297 INFO L470 AbstractCegarLoop]: Abstraction has 595 states and 877 transitions. [2022-02-20 17:53:51,297 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 30.333333333333332) internal successors, (91), 3 states have internal predecessors, (91), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:53:51,298 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 877 transitions. [2022-02-20 17:53:51,300 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 191 [2022-02-20 17:53:51,301 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:53:51,301 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:53:51,332 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:53:51,523 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:53:51,523 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:53:51,524 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:53:51,524 INFO L85 PathProgramCache]: Analyzing trace with hash -397074245, now seen corresponding path program 1 times [2022-02-20 17:53:51,524 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:53:51,524 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [146720382] [2022-02-20 17:53:51,524 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:53:51,524 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:53:51,561 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:53:51,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,586 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,586 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,586 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1721#return; {13143#true} is VALID [2022-02-20 17:53:51,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:53:51,588 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,590 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,590 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,590 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1723#return; {13143#true} is VALID [2022-02-20 17:53:51,590 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:53:51,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,594 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1725#return; {13143#true} is VALID [2022-02-20 17:53:51,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:53:51,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,597 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,597 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1727#return; {13143#true} is VALID [2022-02-20 17:53:51,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:53:51,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,602 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,602 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,602 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1729#return; {13143#true} is VALID [2022-02-20 17:53:51,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:53:51,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,607 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,607 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1731#return; {13143#true} is VALID [2022-02-20 17:53:51,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:53:51,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,611 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1733#return; {13143#true} is VALID [2022-02-20 17:53:51,611 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:53:51,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,614 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1735#return; {13143#true} is VALID [2022-02-20 17:53:51,619 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:53:51,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,622 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:51,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,625 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,625 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13143#true} {13143#true} #1719#return; {13143#true} is VALID [2022-02-20 17:53:51,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {13143#true} is VALID [2022-02-20 17:53:51,626 INFO L272 TraceCheckUtils]: 1: Hoare triple {13143#true} call setClientId(~bob___0, ~bob___0); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,626 INFO L290 TraceCheckUtils]: 3: Hoare triple {13143#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,626 INFO L290 TraceCheckUtils]: 4: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,627 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13143#true} {13143#true} #1719#return; {13143#true} is VALID [2022-02-20 17:53:51,627 INFO L290 TraceCheckUtils]: 6: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,627 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13143#true} {13143#true} #1741#return; {13143#true} is VALID [2022-02-20 17:53:51,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:53:51,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:51,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13252#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:51,652 INFO L290 TraceCheckUtils]: 1: Hoare triple {13252#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13253#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:51,653 INFO L290 TraceCheckUtils]: 2: Hoare triple {13253#(= |setClientId_#in~handle| 1)} assume true; {13253#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:51,653 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13253#(= |setClientId_#in~handle| 1)} {13246#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:51,654 INFO L290 TraceCheckUtils]: 0: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {13246#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:53:51,654 INFO L272 TraceCheckUtils]: 1: Hoare triple {13246#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,654 INFO L290 TraceCheckUtils]: 2: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13252#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:51,655 INFO L290 TraceCheckUtils]: 3: Hoare triple {13252#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13253#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:51,655 INFO L290 TraceCheckUtils]: 4: Hoare triple {13253#(= |setClientId_#in~handle| 1)} assume true; {13253#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:51,655 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13253#(= |setClientId_#in~handle| 1)} {13246#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:51,656 INFO L290 TraceCheckUtils]: 6: Hoare triple {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:51,656 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {13177#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {13144#false} is VALID [2022-02-20 17:53:51,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:53:51,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,659 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:51,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,662 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,662 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13143#true} {13143#true} #1615#return; {13143#true} is VALID [2022-02-20 17:53:51,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {13143#true} is VALID [2022-02-20 17:53:51,662 INFO L272 TraceCheckUtils]: 1: Hoare triple {13143#true} call setClientId(~chuck___0, ~chuck___0); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,662 INFO L290 TraceCheckUtils]: 2: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,662 INFO L290 TraceCheckUtils]: 3: Hoare triple {13143#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,663 INFO L290 TraceCheckUtils]: 4: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,663 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13143#true} {13143#true} #1615#return; {13143#true} is VALID [2022-02-20 17:53:51,663 INFO L290 TraceCheckUtils]: 6: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,670 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13143#true} {13144#false} #1753#return; {13144#false} is VALID [2022-02-20 17:53:51,676 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:53:51,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {13258#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,679 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13143#true} {13144#false} #1637#return; {13144#false} is VALID [2022-02-20 17:53:51,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:53:51,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {13259#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,687 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,688 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13143#true} {13144#false} #1639#return; {13144#false} is VALID [2022-02-20 17:53:51,688 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:53:51,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {13258#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,690 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13143#true} {13144#false} #1649#return; {13144#false} is VALID [2022-02-20 17:53:51,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:53:51,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} ~handle := #in~handle;havoc ~retValue_acc~28; {13143#true} is VALID [2022-02-20 17:53:51,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {13143#true} is VALID [2022-02-20 17:53:51,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13143#true} {13144#false} #1651#return; {13144#false} is VALID [2022-02-20 17:53:51,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 17:53:51,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:51,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13143#true} is VALID [2022-02-20 17:53:51,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,697 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1797#return; {13143#true} is VALID [2022-02-20 17:53:51,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {13143#true} is VALID [2022-02-20 17:53:51,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {13143#true} is VALID [2022-02-20 17:53:51,698 INFO L272 TraceCheckUtils]: 2: Hoare triple {13143#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,698 INFO L290 TraceCheckUtils]: 3: Hoare triple {13143#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13143#true} is VALID [2022-02-20 17:53:51,698 INFO L290 TraceCheckUtils]: 4: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,698 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13143#true} {13143#true} #1797#return; {13143#true} is VALID [2022-02-20 17:53:51,698 INFO L290 TraceCheckUtils]: 6: Hoare triple {13143#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {13143#true} is VALID [2022-02-20 17:53:51,698 INFO L290 TraceCheckUtils]: 7: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,698 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {13143#true} {13144#false} #1587#return; {13144#false} is VALID [2022-02-20 17:53:51,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 17:53:51,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,711 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:51,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {13143#true} is VALID [2022-02-20 17:53:51,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume { :end_inline_deliver } true; {13143#true} is VALID [2022-02-20 17:53:51,714 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,714 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13143#true} {13143#true} #1717#return; {13143#true} is VALID [2022-02-20 17:53:51,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {13263#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13143#true} is VALID [2022-02-20 17:53:51,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {13143#true} is VALID [2022-02-20 17:53:51,714 INFO L272 TraceCheckUtils]: 2: Hoare triple {13143#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,715 INFO L290 TraceCheckUtils]: 3: Hoare triple {13143#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {13143#true} is VALID [2022-02-20 17:53:51,715 INFO L290 TraceCheckUtils]: 4: Hoare triple {13143#true} assume { :end_inline_deliver } true; {13143#true} is VALID [2022-02-20 17:53:51,715 INFO L290 TraceCheckUtils]: 5: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,715 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {13143#true} {13143#true} #1717#return; {13143#true} is VALID [2022-02-20 17:53:51,715 INFO L290 TraceCheckUtils]: 7: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,715 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {13143#true} {13144#false} #1671#return; {13144#false} is VALID [2022-02-20 17:53:51,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 171 [2022-02-20 17:53:51,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {13259#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,717 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,717 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13143#true} {13144#false} #1673#return; {13144#false} is VALID [2022-02-20 17:53:51,717 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 177 [2022-02-20 17:53:51,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,720 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:51,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:51,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13143#true} {13143#true} #1797#return; {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L272 TraceCheckUtils]: 2: Hoare triple {13143#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L290 TraceCheckUtils]: 3: Hoare triple {13143#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L290 TraceCheckUtils]: 4: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13143#true} {13143#true} #1797#return; {13143#true} is VALID [2022-02-20 17:53:51,722 INFO L290 TraceCheckUtils]: 6: Hoare triple {13143#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {13143#true} is VALID [2022-02-20 17:53:51,723 INFO L290 TraceCheckUtils]: 7: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,723 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {13143#true} {13144#false} #1675#return; {13144#false} is VALID [2022-02-20 17:53:51,723 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {13143#true} is VALID [2022-02-20 17:53:51,723 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {13143#true} is VALID [2022-02-20 17:53:51,723 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {13143#true} is VALID [2022-02-20 17:53:51,723 INFO L272 TraceCheckUtils]: 3: Hoare triple {13143#true} call select_features_#t~ret5#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:51,723 INFO L290 TraceCheckUtils]: 4: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,723 INFO L290 TraceCheckUtils]: 5: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,723 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {13143#true} {13143#true} #1721#return; {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L290 TraceCheckUtils]: 7: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L272 TraceCheckUtils]: 8: Hoare triple {13143#true} call select_features_#t~ret6#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L290 TraceCheckUtils]: 9: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L290 TraceCheckUtils]: 10: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {13143#true} {13143#true} #1723#return; {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L290 TraceCheckUtils]: 12: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L272 TraceCheckUtils]: 13: Hoare triple {13143#true} call select_features_#t~ret7#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L290 TraceCheckUtils]: 14: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,724 INFO L290 TraceCheckUtils]: 15: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13143#true} {13143#true} #1725#return; {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L290 TraceCheckUtils]: 17: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L272 TraceCheckUtils]: 18: Hoare triple {13143#true} call select_features_#t~ret8#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L290 TraceCheckUtils]: 19: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L290 TraceCheckUtils]: 20: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {13143#true} {13143#true} #1727#return; {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L290 TraceCheckUtils]: 22: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L272 TraceCheckUtils]: 23: Hoare triple {13143#true} call select_features_#t~ret9#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L290 TraceCheckUtils]: 24: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,725 INFO L290 TraceCheckUtils]: 25: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {13143#true} {13143#true} #1729#return; {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L290 TraceCheckUtils]: 27: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L272 TraceCheckUtils]: 28: Hoare triple {13143#true} call select_features_#t~ret10#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L290 TraceCheckUtils]: 29: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L290 TraceCheckUtils]: 30: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {13143#true} {13143#true} #1731#return; {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L290 TraceCheckUtils]: 32: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L272 TraceCheckUtils]: 33: Hoare triple {13143#true} call select_features_#t~ret11#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:51,726 INFO L290 TraceCheckUtils]: 34: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L290 TraceCheckUtils]: 35: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13143#true} {13143#true} #1733#return; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L290 TraceCheckUtils]: 37: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L272 TraceCheckUtils]: 38: Hoare triple {13143#true} call select_features_#t~ret12#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L290 TraceCheckUtils]: 39: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L290 TraceCheckUtils]: 40: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {13143#true} {13143#true} #1735#return; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L290 TraceCheckUtils]: 42: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L290 TraceCheckUtils]: 43: Hoare triple {13143#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {13143#true} is VALID [2022-02-20 17:53:51,727 INFO L290 TraceCheckUtils]: 44: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 45: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 46: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 47: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 48: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 49: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 50: Hoare triple {13143#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 51: Hoare triple {13143#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 52: Hoare triple {13143#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {13143#true} is VALID [2022-02-20 17:53:51,728 INFO L290 TraceCheckUtils]: 53: Hoare triple {13143#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {13143#true} is VALID [2022-02-20 17:53:51,729 INFO L290 TraceCheckUtils]: 54: Hoare triple {13143#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13143#true} is VALID [2022-02-20 17:53:51,729 INFO L272 TraceCheckUtils]: 55: Hoare triple {13143#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,729 INFO L290 TraceCheckUtils]: 56: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {13143#true} is VALID [2022-02-20 17:53:51,730 INFO L272 TraceCheckUtils]: 57: Hoare triple {13143#true} call setClientId(~bob___0, ~bob___0); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,730 INFO L290 TraceCheckUtils]: 58: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,730 INFO L290 TraceCheckUtils]: 59: Hoare triple {13143#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,730 INFO L290 TraceCheckUtils]: 60: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,730 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {13143#true} {13143#true} #1719#return; {13143#true} is VALID [2022-02-20 17:53:51,730 INFO L290 TraceCheckUtils]: 62: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,730 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {13143#true} {13143#true} #1741#return; {13143#true} is VALID [2022-02-20 17:53:51,731 INFO L290 TraceCheckUtils]: 64: Hoare triple {13143#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {13177#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:53:51,731 INFO L290 TraceCheckUtils]: 65: Hoare triple {13177#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13177#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:53:51,731 INFO L272 TraceCheckUtils]: 66: Hoare triple {13177#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,732 INFO L290 TraceCheckUtils]: 67: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {13246#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:53:51,732 INFO L272 TraceCheckUtils]: 68: Hoare triple {13246#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,732 INFO L290 TraceCheckUtils]: 69: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13252#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:51,733 INFO L290 TraceCheckUtils]: 70: Hoare triple {13252#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13253#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:51,733 INFO L290 TraceCheckUtils]: 71: Hoare triple {13253#(= |setClientId_#in~handle| 1)} assume true; {13253#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:51,733 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {13253#(= |setClientId_#in~handle| 1)} {13246#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:51,734 INFO L290 TraceCheckUtils]: 73: Hoare triple {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:51,734 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {13251#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {13177#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {13144#false} is VALID [2022-02-20 17:53:51,734 INFO L290 TraceCheckUtils]: 75: Hoare triple {13144#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {13144#false} is VALID [2022-02-20 17:53:51,734 INFO L290 TraceCheckUtils]: 76: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13144#false} is VALID [2022-02-20 17:53:51,734 INFO L272 TraceCheckUtils]: 77: Hoare triple {13144#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,735 INFO L290 TraceCheckUtils]: 78: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {13143#true} is VALID [2022-02-20 17:53:51,735 INFO L272 TraceCheckUtils]: 79: Hoare triple {13143#true} call setClientId(~chuck___0, ~chuck___0); {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:51,735 INFO L290 TraceCheckUtils]: 80: Hoare triple {13241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,735 INFO L290 TraceCheckUtils]: 81: Hoare triple {13143#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,735 INFO L290 TraceCheckUtils]: 82: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,736 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {13143#true} {13143#true} #1615#return; {13143#true} is VALID [2022-02-20 17:53:51,736 INFO L290 TraceCheckUtils]: 84: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,736 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {13143#true} {13144#false} #1753#return; {13144#false} is VALID [2022-02-20 17:53:51,736 INFO L290 TraceCheckUtils]: 86: Hoare triple {13144#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {13144#false} is VALID [2022-02-20 17:53:51,736 INFO L290 TraceCheckUtils]: 87: Hoare triple {13144#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13144#false} is VALID [2022-02-20 17:53:51,736 INFO L290 TraceCheckUtils]: 88: Hoare triple {13144#false} assume !false; {13144#false} is VALID [2022-02-20 17:53:51,736 INFO L290 TraceCheckUtils]: 89: Hoare triple {13144#false} assume test_~splverifierCounter~0#1 < 4; {13144#false} is VALID [2022-02-20 17:53:51,736 INFO L290 TraceCheckUtils]: 90: Hoare triple {13144#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13144#false} is VALID [2022-02-20 17:53:51,736 INFO L290 TraceCheckUtils]: 91: Hoare triple {13144#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L290 TraceCheckUtils]: 92: Hoare triple {13144#false} assume 0 != test_~tmp___9~0#1; {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L290 TraceCheckUtils]: 93: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L290 TraceCheckUtils]: 94: Hoare triple {13144#false} test_~op1~0#1 := 1; {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L290 TraceCheckUtils]: 95: Hoare triple {13144#false} assume !false; {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L290 TraceCheckUtils]: 96: Hoare triple {13144#false} assume !(test_~splverifierCounter~0#1 < 4); {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L290 TraceCheckUtils]: 97: Hoare triple {13144#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L272 TraceCheckUtils]: 98: Hoare triple {13144#false} call sendEmail(~bob~0, ~rjh~0); {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L290 TraceCheckUtils]: 99: Hoare triple {13144#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13144#false} is VALID [2022-02-20 17:53:51,737 INFO L272 TraceCheckUtils]: 100: Hoare triple {13144#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13258#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:51,738 INFO L290 TraceCheckUtils]: 101: Hoare triple {13258#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,738 INFO L290 TraceCheckUtils]: 102: Hoare triple {13143#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,738 INFO L290 TraceCheckUtils]: 103: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,738 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {13143#true} {13144#false} #1637#return; {13144#false} is VALID [2022-02-20 17:53:51,738 INFO L272 TraceCheckUtils]: 105: Hoare triple {13144#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13259#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:51,738 INFO L290 TraceCheckUtils]: 106: Hoare triple {13259#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,738 INFO L290 TraceCheckUtils]: 107: Hoare triple {13143#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,738 INFO L290 TraceCheckUtils]: 108: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,738 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {13143#true} {13144#false} #1639#return; {13144#false} is VALID [2022-02-20 17:53:51,738 INFO L290 TraceCheckUtils]: 110: Hoare triple {13144#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L290 TraceCheckUtils]: 111: Hoare triple {13144#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L272 TraceCheckUtils]: 112: Hoare triple {13144#false} call outgoing(~sender#1, ~email~0#1); {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L290 TraceCheckUtils]: 113: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L290 TraceCheckUtils]: 114: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L272 TraceCheckUtils]: 115: Hoare triple {13144#false} call outgoing__before__Sign(~client#1, ~msg#1); {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L290 TraceCheckUtils]: 116: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L290 TraceCheckUtils]: 117: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L272 TraceCheckUtils]: 118: Hoare triple {13144#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {13144#false} is VALID [2022-02-20 17:53:51,739 INFO L290 TraceCheckUtils]: 119: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13144#false} is VALID [2022-02-20 17:53:51,740 INFO L290 TraceCheckUtils]: 120: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {13144#false} is VALID [2022-02-20 17:53:51,740 INFO L272 TraceCheckUtils]: 121: Hoare triple {13144#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {13144#false} is VALID [2022-02-20 17:53:51,740 INFO L290 TraceCheckUtils]: 122: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {13144#false} is VALID [2022-02-20 17:53:51,740 INFO L290 TraceCheckUtils]: 123: Hoare triple {13144#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {13144#false} is VALID [2022-02-20 17:53:51,740 INFO L290 TraceCheckUtils]: 124: Hoare triple {13144#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {13144#false} is VALID [2022-02-20 17:53:51,740 INFO L272 TraceCheckUtils]: 125: Hoare triple {13144#false} call setEmailFrom(~msg#1, ~tmp~2#1); {13258#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:51,740 INFO L290 TraceCheckUtils]: 126: Hoare triple {13258#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,740 INFO L290 TraceCheckUtils]: 127: Hoare triple {13143#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,740 INFO L290 TraceCheckUtils]: 128: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,740 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {13143#true} {13144#false} #1649#return; {13144#false} is VALID [2022-02-20 17:53:51,741 INFO L290 TraceCheckUtils]: 130: Hoare triple {13144#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {13144#false} is VALID [2022-02-20 17:53:51,741 INFO L272 TraceCheckUtils]: 131: Hoare triple {13144#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,741 INFO L290 TraceCheckUtils]: 132: Hoare triple {13143#true} ~handle := #in~handle;havoc ~retValue_acc~28; {13143#true} is VALID [2022-02-20 17:53:51,741 INFO L290 TraceCheckUtils]: 133: Hoare triple {13143#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {13143#true} is VALID [2022-02-20 17:53:51,741 INFO L290 TraceCheckUtils]: 134: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,741 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {13143#true} {13144#false} #1651#return; {13144#false} is VALID [2022-02-20 17:53:51,741 INFO L290 TraceCheckUtils]: 136: Hoare triple {13144#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {13144#false} is VALID [2022-02-20 17:53:51,741 INFO L290 TraceCheckUtils]: 137: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {13144#false} is VALID [2022-02-20 17:53:51,741 INFO L272 TraceCheckUtils]: 138: Hoare triple {13144#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {13144#false} is VALID [2022-02-20 17:53:51,742 INFO L290 TraceCheckUtils]: 139: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13144#false} is VALID [2022-02-20 17:53:51,742 INFO L290 TraceCheckUtils]: 140: Hoare triple {13144#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret38#1, verify_#t~ret39#1, verify_#t~ret40#1, verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_~client#1, verify_~msg#1, verify_~tmp~12#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1; {13144#false} is VALID [2022-02-20 17:53:51,742 INFO L272 TraceCheckUtils]: 141: Hoare triple {13144#false} call verify_#t~ret38#1 := isReadable(verify_~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,742 INFO L290 TraceCheckUtils]: 142: Hoare triple {13143#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {13143#true} is VALID [2022-02-20 17:53:51,742 INFO L290 TraceCheckUtils]: 143: Hoare triple {13143#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {13143#true} is VALID [2022-02-20 17:53:51,742 INFO L272 TraceCheckUtils]: 144: Hoare triple {13143#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,742 INFO L290 TraceCheckUtils]: 145: Hoare triple {13143#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13143#true} is VALID [2022-02-20 17:53:51,742 INFO L290 TraceCheckUtils]: 146: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,742 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {13143#true} {13143#true} #1797#return; {13143#true} is VALID [2022-02-20 17:53:51,743 INFO L290 TraceCheckUtils]: 148: Hoare triple {13143#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {13143#true} is VALID [2022-02-20 17:53:51,743 INFO L290 TraceCheckUtils]: 149: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,743 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {13143#true} {13144#false} #1587#return; {13144#false} is VALID [2022-02-20 17:53:51,743 INFO L290 TraceCheckUtils]: 151: Hoare triple {13144#false} assume -2147483648 <= verify_#t~ret38#1 && verify_#t~ret38#1 <= 2147483647;verify_~tmp~12#1 := verify_#t~ret38#1;havoc verify_#t~ret38#1; {13144#false} is VALID [2022-02-20 17:53:51,743 INFO L290 TraceCheckUtils]: 152: Hoare triple {13144#false} assume !(0 != verify_~tmp~12#1); {13144#false} is VALID [2022-02-20 17:53:51,743 INFO L290 TraceCheckUtils]: 153: Hoare triple {13144#false} assume { :end_inline_verify } true; {13144#false} is VALID [2022-02-20 17:53:51,743 INFO L272 TraceCheckUtils]: 154: Hoare triple {13144#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {13144#false} is VALID [2022-02-20 17:53:51,743 INFO L290 TraceCheckUtils]: 155: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13144#false} is VALID [2022-02-20 17:53:51,743 INFO L290 TraceCheckUtils]: 156: Hoare triple {13144#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {13144#false} is VALID [2022-02-20 17:53:51,744 INFO L272 TraceCheckUtils]: 157: Hoare triple {13144#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {13263#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} is VALID [2022-02-20 17:53:51,744 INFO L290 TraceCheckUtils]: 158: Hoare triple {13263#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13143#true} is VALID [2022-02-20 17:53:51,744 INFO L290 TraceCheckUtils]: 159: Hoare triple {13143#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {13143#true} is VALID [2022-02-20 17:53:51,744 INFO L272 TraceCheckUtils]: 160: Hoare triple {13143#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,744 INFO L290 TraceCheckUtils]: 161: Hoare triple {13143#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {13143#true} is VALID [2022-02-20 17:53:51,744 INFO L290 TraceCheckUtils]: 162: Hoare triple {13143#true} assume { :end_inline_deliver } true; {13143#true} is VALID [2022-02-20 17:53:51,744 INFO L290 TraceCheckUtils]: 163: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,744 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {13143#true} {13143#true} #1717#return; {13143#true} is VALID [2022-02-20 17:53:51,744 INFO L290 TraceCheckUtils]: 165: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,744 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {13143#true} {13144#false} #1671#return; {13144#false} is VALID [2022-02-20 17:53:51,745 INFO L290 TraceCheckUtils]: 167: Hoare triple {13144#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {13144#false} is VALID [2022-02-20 17:53:51,745 INFO L290 TraceCheckUtils]: 168: Hoare triple {13144#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {13144#false} is VALID [2022-02-20 17:53:51,745 INFO L290 TraceCheckUtils]: 169: Hoare triple {13144#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {13144#false} is VALID [2022-02-20 17:53:51,745 INFO L290 TraceCheckUtils]: 170: Hoare triple {13144#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {13144#false} is VALID [2022-02-20 17:53:51,745 INFO L272 TraceCheckUtils]: 171: Hoare triple {13144#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {13259#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:51,745 INFO L290 TraceCheckUtils]: 172: Hoare triple {13259#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13143#true} is VALID [2022-02-20 17:53:51,745 INFO L290 TraceCheckUtils]: 173: Hoare triple {13143#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13143#true} is VALID [2022-02-20 17:53:51,745 INFO L290 TraceCheckUtils]: 174: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,745 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {13143#true} {13144#false} #1673#return; {13144#false} is VALID [2022-02-20 17:53:51,746 INFO L290 TraceCheckUtils]: 176: Hoare triple {13144#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {13144#false} is VALID [2022-02-20 17:53:51,746 INFO L272 TraceCheckUtils]: 177: Hoare triple {13144#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,746 INFO L290 TraceCheckUtils]: 178: Hoare triple {13143#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {13143#true} is VALID [2022-02-20 17:53:51,746 INFO L290 TraceCheckUtils]: 179: Hoare triple {13143#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {13143#true} is VALID [2022-02-20 17:53:51,746 INFO L272 TraceCheckUtils]: 180: Hoare triple {13143#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {13143#true} is VALID [2022-02-20 17:53:51,746 INFO L290 TraceCheckUtils]: 181: Hoare triple {13143#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13143#true} is VALID [2022-02-20 17:53:51,746 INFO L290 TraceCheckUtils]: 182: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,746 INFO L284 TraceCheckUtils]: 183: Hoare quadruple {13143#true} {13143#true} #1797#return; {13143#true} is VALID [2022-02-20 17:53:51,746 INFO L290 TraceCheckUtils]: 184: Hoare triple {13143#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {13143#true} is VALID [2022-02-20 17:53:51,746 INFO L290 TraceCheckUtils]: 185: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:51,747 INFO L284 TraceCheckUtils]: 186: Hoare quadruple {13143#true} {13144#false} #1675#return; {13144#false} is VALID [2022-02-20 17:53:51,747 INFO L290 TraceCheckUtils]: 187: Hoare triple {13144#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {13144#false} is VALID [2022-02-20 17:53:51,747 INFO L290 TraceCheckUtils]: 188: Hoare triple {13144#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {13144#false} is VALID [2022-02-20 17:53:51,747 INFO L290 TraceCheckUtils]: 189: Hoare triple {13144#false} assume !false; {13144#false} is VALID [2022-02-20 17:53:51,747 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 109 trivial. 0 not checked. [2022-02-20 17:53:51,747 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:53:51,748 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [146720382] [2022-02-20 17:53:51,748 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [146720382] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:53:51,748 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [144165624] [2022-02-20 17:53:51,748 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:53:51,748 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:53:51,748 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:53:51,762 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:53:51,763 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:53:52,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:52,048 INFO L263 TraceCheckSpWp]: Trace formula consists of 1555 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:53:52,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:52,111 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:53:52,519 INFO L290 TraceCheckUtils]: 0: Hoare triple {13143#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {13143#true} is VALID [2022-02-20 17:53:52,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {13143#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {13143#true} is VALID [2022-02-20 17:53:52,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {13143#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {13143#true} is VALID [2022-02-20 17:53:52,519 INFO L272 TraceCheckUtils]: 3: Hoare triple {13143#true} call select_features_#t~ret5#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:52,519 INFO L290 TraceCheckUtils]: 4: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L290 TraceCheckUtils]: 5: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {13143#true} {13143#true} #1721#return; {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L290 TraceCheckUtils]: 7: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L272 TraceCheckUtils]: 8: Hoare triple {13143#true} call select_features_#t~ret6#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L290 TraceCheckUtils]: 9: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L290 TraceCheckUtils]: 10: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {13143#true} {13143#true} #1723#return; {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L290 TraceCheckUtils]: 12: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {13143#true} is VALID [2022-02-20 17:53:52,520 INFO L272 TraceCheckUtils]: 13: Hoare triple {13143#true} call select_features_#t~ret7#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L290 TraceCheckUtils]: 14: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L290 TraceCheckUtils]: 15: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13143#true} {13143#true} #1725#return; {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L290 TraceCheckUtils]: 17: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L272 TraceCheckUtils]: 18: Hoare triple {13143#true} call select_features_#t~ret8#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L290 TraceCheckUtils]: 19: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L290 TraceCheckUtils]: 20: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {13143#true} {13143#true} #1727#return; {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L290 TraceCheckUtils]: 22: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {13143#true} is VALID [2022-02-20 17:53:52,521 INFO L272 TraceCheckUtils]: 23: Hoare triple {13143#true} call select_features_#t~ret9#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L290 TraceCheckUtils]: 24: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L290 TraceCheckUtils]: 25: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {13143#true} {13143#true} #1729#return; {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L290 TraceCheckUtils]: 27: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L272 TraceCheckUtils]: 28: Hoare triple {13143#true} call select_features_#t~ret10#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L290 TraceCheckUtils]: 29: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L290 TraceCheckUtils]: 30: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {13143#true} {13143#true} #1731#return; {13143#true} is VALID [2022-02-20 17:53:52,522 INFO L290 TraceCheckUtils]: 32: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L272 TraceCheckUtils]: 33: Hoare triple {13143#true} call select_features_#t~ret11#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L290 TraceCheckUtils]: 34: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L290 TraceCheckUtils]: 35: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13143#true} {13143#true} #1733#return; {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L290 TraceCheckUtils]: 37: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L272 TraceCheckUtils]: 38: Hoare triple {13143#true} call select_features_#t~ret12#1 := select_one(); {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L290 TraceCheckUtils]: 39: Hoare triple {13143#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L290 TraceCheckUtils]: 40: Hoare triple {13143#true} assume true; {13143#true} is VALID [2022-02-20 17:53:52,523 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {13143#true} {13143#true} #1735#return; {13143#true} is VALID [2022-02-20 17:53:52,524 INFO L290 TraceCheckUtils]: 42: Hoare triple {13143#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {13143#true} is VALID [2022-02-20 17:53:52,524 INFO L290 TraceCheckUtils]: 43: Hoare triple {13143#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {13143#true} is VALID [2022-02-20 17:53:52,524 INFO L290 TraceCheckUtils]: 44: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {13143#true} is VALID [2022-02-20 17:53:52,524 INFO L290 TraceCheckUtils]: 45: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {13143#true} is VALID [2022-02-20 17:53:52,524 INFO L290 TraceCheckUtils]: 46: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {13143#true} is VALID [2022-02-20 17:53:52,524 INFO L290 TraceCheckUtils]: 47: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {13143#true} is VALID [2022-02-20 17:53:52,525 INFO L290 TraceCheckUtils]: 48: Hoare triple {13143#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,525 INFO L290 TraceCheckUtils]: 49: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 0 == ~__SELECTED_FEATURE_Sign~0; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,525 INFO L290 TraceCheckUtils]: 50: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,526 INFO L290 TraceCheckUtils]: 51: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,526 INFO L290 TraceCheckUtils]: 52: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,526 INFO L290 TraceCheckUtils]: 53: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,527 INFO L290 TraceCheckUtils]: 54: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,527 INFO L272 TraceCheckUtils]: 55: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setup_bob__before__Keys(setup_bob_~bob___0#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,527 INFO L290 TraceCheckUtils]: 56: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~bob___0 := #in~bob___0; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,528 INFO L272 TraceCheckUtils]: 57: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setClientId(~bob___0, ~bob___0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,528 INFO L290 TraceCheckUtils]: 58: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~handle := #in~handle;~value := #in~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,529 INFO L290 TraceCheckUtils]: 59: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,529 INFO L290 TraceCheckUtils]: 60: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,529 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1719#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,530 INFO L290 TraceCheckUtils]: 62: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,530 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1741#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,531 INFO L290 TraceCheckUtils]: 64: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,531 INFO L290 TraceCheckUtils]: 65: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,531 INFO L272 TraceCheckUtils]: 66: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,532 INFO L290 TraceCheckUtils]: 67: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~rjh___0 := #in~rjh___0; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,532 INFO L272 TraceCheckUtils]: 68: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setClientId(~rjh___0, ~rjh___0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,533 INFO L290 TraceCheckUtils]: 69: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~handle := #in~handle;~value := #in~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,533 INFO L290 TraceCheckUtils]: 70: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,533 INFO L290 TraceCheckUtils]: 71: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,534 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1669#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,534 INFO L290 TraceCheckUtils]: 73: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,535 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1747#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,535 INFO L290 TraceCheckUtils]: 75: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,535 INFO L290 TraceCheckUtils]: 76: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,536 INFO L272 TraceCheckUtils]: 77: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,536 INFO L290 TraceCheckUtils]: 78: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~chuck___0 := #in~chuck___0; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,537 INFO L272 TraceCheckUtils]: 79: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setClientId(~chuck___0, ~chuck___0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,537 INFO L290 TraceCheckUtils]: 80: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~handle := #in~handle;~value := #in~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,537 INFO L290 TraceCheckUtils]: 81: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,538 INFO L290 TraceCheckUtils]: 82: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,538 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1615#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,538 INFO L290 TraceCheckUtils]: 84: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,539 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1753#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,539 INFO L290 TraceCheckUtils]: 86: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,540 INFO L290 TraceCheckUtils]: 87: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,540 INFO L290 TraceCheckUtils]: 88: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !false; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,540 INFO L290 TraceCheckUtils]: 89: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume test_~splverifierCounter~0#1 < 4; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,541 INFO L290 TraceCheckUtils]: 90: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,541 INFO L290 TraceCheckUtils]: 91: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,541 INFO L290 TraceCheckUtils]: 92: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 0 != test_~tmp___9~0#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,542 INFO L290 TraceCheckUtils]: 93: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,542 INFO L290 TraceCheckUtils]: 94: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} test_~op1~0#1 := 1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,542 INFO L290 TraceCheckUtils]: 95: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !false; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,542 INFO L290 TraceCheckUtils]: 96: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(test_~splverifierCounter~0#1 < 4); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,543 INFO L290 TraceCheckUtils]: 97: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,543 INFO L272 TraceCheckUtils]: 98: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call sendEmail(~bob~0, ~rjh~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,544 INFO L290 TraceCheckUtils]: 99: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,544 INFO L272 TraceCheckUtils]: 100: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,545 INFO L290 TraceCheckUtils]: 101: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~handle := #in~handle;~value := #in~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,545 INFO L290 TraceCheckUtils]: 102: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,545 INFO L290 TraceCheckUtils]: 103: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,546 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1637#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,546 INFO L272 TraceCheckUtils]: 105: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,547 INFO L290 TraceCheckUtils]: 106: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~handle := #in~handle;~value := #in~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,547 INFO L290 TraceCheckUtils]: 107: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,547 INFO L290 TraceCheckUtils]: 108: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,548 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1639#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,548 INFO L290 TraceCheckUtils]: 110: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,549 INFO L290 TraceCheckUtils]: 111: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,549 INFO L272 TraceCheckUtils]: 112: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call outgoing(~sender#1, ~email~0#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,550 INFO L290 TraceCheckUtils]: 113: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,550 INFO L290 TraceCheckUtils]: 114: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,550 INFO L272 TraceCheckUtils]: 115: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call outgoing__before__Sign(~client#1, ~msg#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,551 INFO L290 TraceCheckUtils]: 116: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,551 INFO L290 TraceCheckUtils]: 117: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,552 INFO L272 TraceCheckUtils]: 118: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call outgoing__before__AddressBook(~client#1, ~msg#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,552 INFO L290 TraceCheckUtils]: 119: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,552 INFO L290 TraceCheckUtils]: 120: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,553 INFO L272 TraceCheckUtils]: 121: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call outgoing__before__Encrypt(~client#1, ~msg#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,553 INFO L290 TraceCheckUtils]: 122: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,554 INFO L290 TraceCheckUtils]: 123: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,554 INFO L290 TraceCheckUtils]: 124: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,554 INFO L272 TraceCheckUtils]: 125: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call setEmailFrom(~msg#1, ~tmp~2#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,555 INFO L290 TraceCheckUtils]: 126: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~handle := #in~handle;~value := #in~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,555 INFO L290 TraceCheckUtils]: 127: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,555 INFO L290 TraceCheckUtils]: 128: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,556 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1649#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,556 INFO L290 TraceCheckUtils]: 130: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,557 INFO L272 TraceCheckUtils]: 131: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,557 INFO L290 TraceCheckUtils]: 132: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~handle := #in~handle;havoc ~retValue_acc~28; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,557 INFO L290 TraceCheckUtils]: 133: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,558 INFO L290 TraceCheckUtils]: 134: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume true; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,558 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} #1651#return; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,559 INFO L290 TraceCheckUtils]: 136: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,559 INFO L290 TraceCheckUtils]: 137: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,560 INFO L272 TraceCheckUtils]: 138: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,560 INFO L290 TraceCheckUtils]: 139: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} is VALID [2022-02-20 17:53:52,560 INFO L290 TraceCheckUtils]: 140: Hoare triple {13418#(= ~__SELECTED_FEATURE_Verify~0 0)} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret38#1, verify_#t~ret39#1, verify_#t~ret40#1, verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_~client#1, verify_~msg#1, verify_~tmp~12#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1; {13144#false} is VALID [2022-02-20 17:53:52,560 INFO L272 TraceCheckUtils]: 141: Hoare triple {13144#false} call verify_#t~ret38#1 := isReadable(verify_~msg#1); {13144#false} is VALID [2022-02-20 17:53:52,560 INFO L290 TraceCheckUtils]: 142: Hoare triple {13144#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L290 TraceCheckUtils]: 143: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L272 TraceCheckUtils]: 144: Hoare triple {13144#false} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L290 TraceCheckUtils]: 145: Hoare triple {13144#false} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L290 TraceCheckUtils]: 146: Hoare triple {13144#false} assume true; {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {13144#false} {13144#false} #1797#return; {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L290 TraceCheckUtils]: 148: Hoare triple {13144#false} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L290 TraceCheckUtils]: 149: Hoare triple {13144#false} assume true; {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {13144#false} {13144#false} #1587#return; {13144#false} is VALID [2022-02-20 17:53:52,561 INFO L290 TraceCheckUtils]: 151: Hoare triple {13144#false} assume -2147483648 <= verify_#t~ret38#1 && verify_#t~ret38#1 <= 2147483647;verify_~tmp~12#1 := verify_#t~ret38#1;havoc verify_#t~ret38#1; {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L290 TraceCheckUtils]: 152: Hoare triple {13144#false} assume !(0 != verify_~tmp~12#1); {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L290 TraceCheckUtils]: 153: Hoare triple {13144#false} assume { :end_inline_verify } true; {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L272 TraceCheckUtils]: 154: Hoare triple {13144#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L290 TraceCheckUtils]: 155: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L290 TraceCheckUtils]: 156: Hoare triple {13144#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L272 TraceCheckUtils]: 157: Hoare triple {13144#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L290 TraceCheckUtils]: 158: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L290 TraceCheckUtils]: 159: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L272 TraceCheckUtils]: 160: Hoare triple {13144#false} call incoming__before__AutoResponder(~client#1, ~msg#1); {13144#false} is VALID [2022-02-20 17:53:52,562 INFO L290 TraceCheckUtils]: 161: Hoare triple {13144#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L290 TraceCheckUtils]: 162: Hoare triple {13144#false} assume { :end_inline_deliver } true; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L290 TraceCheckUtils]: 163: Hoare triple {13144#false} assume true; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {13144#false} {13144#false} #1717#return; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L290 TraceCheckUtils]: 165: Hoare triple {13144#false} assume true; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {13144#false} {13144#false} #1671#return; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L290 TraceCheckUtils]: 167: Hoare triple {13144#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L290 TraceCheckUtils]: 168: Hoare triple {13144#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L290 TraceCheckUtils]: 169: Hoare triple {13144#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {13144#false} is VALID [2022-02-20 17:53:52,563 INFO L290 TraceCheckUtils]: 170: Hoare triple {13144#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {13144#false} is VALID [2022-02-20 17:53:52,564 INFO L272 TraceCheckUtils]: 171: Hoare triple {13144#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {13144#false} is VALID [2022-02-20 17:53:52,564 INFO L290 TraceCheckUtils]: 172: Hoare triple {13144#false} ~handle := #in~handle;~value := #in~value; {13144#false} is VALID [2022-02-20 17:53:52,564 INFO L290 TraceCheckUtils]: 173: Hoare triple {13144#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13144#false} is VALID [2022-02-20 17:53:52,564 INFO L290 TraceCheckUtils]: 174: Hoare triple {13144#false} assume true; {13144#false} is VALID [2022-02-20 17:53:52,564 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {13144#false} {13144#false} #1673#return; {13144#false} is VALID [2022-02-20 17:53:52,564 INFO L290 TraceCheckUtils]: 176: Hoare triple {13144#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {13144#false} is VALID [2022-02-20 17:53:52,564 INFO L272 TraceCheckUtils]: 177: Hoare triple {13144#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {13144#false} is VALID [2022-02-20 17:53:52,564 INFO L290 TraceCheckUtils]: 178: Hoare triple {13144#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L290 TraceCheckUtils]: 179: Hoare triple {13144#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L272 TraceCheckUtils]: 180: Hoare triple {13144#false} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L290 TraceCheckUtils]: 181: Hoare triple {13144#false} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L290 TraceCheckUtils]: 182: Hoare triple {13144#false} assume true; {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L284 TraceCheckUtils]: 183: Hoare quadruple {13144#false} {13144#false} #1797#return; {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L290 TraceCheckUtils]: 184: Hoare triple {13144#false} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L290 TraceCheckUtils]: 185: Hoare triple {13144#false} assume true; {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L284 TraceCheckUtils]: 186: Hoare quadruple {13144#false} {13144#false} #1675#return; {13144#false} is VALID [2022-02-20 17:53:52,565 INFO L290 TraceCheckUtils]: 187: Hoare triple {13144#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {13144#false} is VALID [2022-02-20 17:53:52,566 INFO L290 TraceCheckUtils]: 188: Hoare triple {13144#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {13144#false} is VALID [2022-02-20 17:53:52,566 INFO L290 TraceCheckUtils]: 189: Hoare triple {13144#false} assume !false; {13144#false} is VALID [2022-02-20 17:53:52,566 INFO L134 CoverageAnalysis]: Checked inductivity of 115 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 111 trivial. 0 not checked. [2022-02-20 17:53:52,566 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:53:52,566 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [144165624] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:53:52,566 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:53:52,567 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [11] total 12 [2022-02-20 17:53:52,567 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [431566204] [2022-02-20 17:53:52,567 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:53:52,567 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) Word has length 190 [2022-02-20 17:53:52,568 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:53:52,568 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 17:53:52,664 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 158 edges. 158 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:52,664 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:53:52,664 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:53:52,664 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:53:52,664 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=110, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:53:52,665 INFO L87 Difference]: Start difference. First operand 595 states and 877 transitions. Second operand has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 17:53:53,691 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:53,692 INFO L93 Difference]: Finished difference Result 1448 states and 2144 transitions. [2022-02-20 17:53:53,692 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:53:53,692 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) Word has length 190 [2022-02-20 17:53:53,693 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:53:53,693 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 17:53:53,714 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 2140 transitions. [2022-02-20 17:53:53,715 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 17:53:53,742 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 2140 transitions. [2022-02-20 17:53:53,742 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 2140 transitions. [2022-02-20 17:53:55,117 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 2140 edges. 2140 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:55,172 INFO L225 Difference]: With dead ends: 1448 [2022-02-20 17:53:55,173 INFO L226 Difference]: Without dead ends: 1131 [2022-02-20 17:53:55,174 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 244 GetRequests, 234 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=110, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:53:55,174 INFO L933 BasicCegarLoop]: 1008 mSDtfsCounter, 741 mSDsluCounter, 840 mSDsCounter, 0 mSdLazyCounter, 7 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 741 SdHoareTripleChecker+Valid, 1848 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 7 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:53:55,175 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [741 Valid, 1848 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 7 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:53:55,176 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1131 states. [2022-02-20 17:53:55,209 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1131 to 1129. [2022-02-20 17:53:55,209 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:53:55,214 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1131 states. Second operand has 1129 states, 842 states have (on average 1.5) internal successors, (1263), 876 states have internal predecessors, (1263), 200 states have call successors, (200), 86 states have call predecessors, (200), 86 states have return successors, (211), 197 states have call predecessors, (211), 198 states have call successors, (211) [2022-02-20 17:53:55,216 INFO L74 IsIncluded]: Start isIncluded. First operand 1131 states. Second operand has 1129 states, 842 states have (on average 1.5) internal successors, (1263), 876 states have internal predecessors, (1263), 200 states have call successors, (200), 86 states have call predecessors, (200), 86 states have return successors, (211), 197 states have call predecessors, (211), 198 states have call successors, (211) [2022-02-20 17:53:55,219 INFO L87 Difference]: Start difference. First operand 1131 states. Second operand has 1129 states, 842 states have (on average 1.5) internal successors, (1263), 876 states have internal predecessors, (1263), 200 states have call successors, (200), 86 states have call predecessors, (200), 86 states have return successors, (211), 197 states have call predecessors, (211), 198 states have call successors, (211) [2022-02-20 17:53:55,264 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:55,264 INFO L93 Difference]: Finished difference Result 1131 states and 1675 transitions. [2022-02-20 17:53:55,264 INFO L276 IsEmpty]: Start isEmpty. Operand 1131 states and 1675 transitions. [2022-02-20 17:53:55,267 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:53:55,267 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:53:55,270 INFO L74 IsIncluded]: Start isIncluded. First operand has 1129 states, 842 states have (on average 1.5) internal successors, (1263), 876 states have internal predecessors, (1263), 200 states have call successors, (200), 86 states have call predecessors, (200), 86 states have return successors, (211), 197 states have call predecessors, (211), 198 states have call successors, (211) Second operand 1131 states. [2022-02-20 17:53:55,283 INFO L87 Difference]: Start difference. First operand has 1129 states, 842 states have (on average 1.5) internal successors, (1263), 876 states have internal predecessors, (1263), 200 states have call successors, (200), 86 states have call predecessors, (200), 86 states have return successors, (211), 197 states have call predecessors, (211), 198 states have call successors, (211) Second operand 1131 states. [2022-02-20 17:53:55,327 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:55,328 INFO L93 Difference]: Finished difference Result 1131 states and 1675 transitions. [2022-02-20 17:53:55,328 INFO L276 IsEmpty]: Start isEmpty. Operand 1131 states and 1675 transitions. [2022-02-20 17:53:55,331 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:53:55,331 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:53:55,331 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:53:55,331 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:53:55,334 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1129 states, 842 states have (on average 1.5) internal successors, (1263), 876 states have internal predecessors, (1263), 200 states have call successors, (200), 86 states have call predecessors, (200), 86 states have return successors, (211), 197 states have call predecessors, (211), 198 states have call successors, (211) [2022-02-20 17:53:55,396 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1129 states to 1129 states and 1674 transitions. [2022-02-20 17:53:55,396 INFO L78 Accepts]: Start accepts. Automaton has 1129 states and 1674 transitions. Word has length 190 [2022-02-20 17:53:55,397 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:53:55,397 INFO L470 AbstractCegarLoop]: Abstraction has 1129 states and 1674 transitions. [2022-02-20 17:53:55,397 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 34.333333333333336) internal successors, (103), 3 states have internal predecessors, (103), 3 states have call successors, (31), 3 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 17:53:55,397 INFO L276 IsEmpty]: Start isEmpty. Operand 1129 states and 1674 transitions. [2022-02-20 17:53:55,401 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 178 [2022-02-20 17:53:55,401 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:53:55,401 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:53:55,421 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:53:55,619 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable3 [2022-02-20 17:53:55,620 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:53:55,620 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:53:55,620 INFO L85 PathProgramCache]: Analyzing trace with hash 1445672682, now seen corresponding path program 1 times [2022-02-20 17:53:55,620 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:53:55,620 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1200958194] [2022-02-20 17:53:55,621 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:53:55,621 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:53:55,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:53:55,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,699 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1721#return; {19665#true} is VALID [2022-02-20 17:53:55,699 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:53:55,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,702 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,702 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,702 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1723#return; {19665#true} is VALID [2022-02-20 17:53:55,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:53:55,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,714 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1725#return; {19665#true} is VALID [2022-02-20 17:53:55,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:53:55,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,718 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1727#return; {19665#true} is VALID [2022-02-20 17:53:55,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:53:55,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,720 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,721 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1729#return; {19665#true} is VALID [2022-02-20 17:53:55,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:53:55,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,725 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1731#return; {19665#true} is VALID [2022-02-20 17:53:55,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:53:55,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,728 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,728 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,728 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1733#return; {19665#true} is VALID [2022-02-20 17:53:55,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:53:55,730 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,731 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1735#return; {19665#true} is VALID [2022-02-20 17:53:55,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:53:55,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,738 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:55,738 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,740 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,740 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19665#true} {19665#true} #1719#return; {19665#true} is VALID [2022-02-20 17:53:55,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {19665#true} is VALID [2022-02-20 17:53:55,741 INFO L272 TraceCheckUtils]: 1: Hoare triple {19665#true} call setClientId(~bob___0, ~bob___0); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,741 INFO L290 TraceCheckUtils]: 2: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,741 INFO L290 TraceCheckUtils]: 3: Hoare triple {19665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,741 INFO L290 TraceCheckUtils]: 4: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,741 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19665#true} {19665#true} #1719#return; {19665#true} is VALID [2022-02-20 17:53:55,741 INFO L290 TraceCheckUtils]: 6: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,742 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {19665#true} {19665#true} #1741#return; {19665#true} is VALID [2022-02-20 17:53:55,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:53:55,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:55,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19765#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:55,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {19765#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19766#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:55,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {19766#(= |setClientId_#in~handle| 1)} assume true; {19766#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:55,770 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19766#(= |setClientId_#in~handle| 1)} {19759#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:55,770 INFO L290 TraceCheckUtils]: 0: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {19759#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:53:55,771 INFO L272 TraceCheckUtils]: 1: Hoare triple {19759#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,771 INFO L290 TraceCheckUtils]: 2: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19765#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:55,772 INFO L290 TraceCheckUtils]: 3: Hoare triple {19765#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19766#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:55,772 INFO L290 TraceCheckUtils]: 4: Hoare triple {19766#(= |setClientId_#in~handle| 1)} assume true; {19766#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:55,772 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19766#(= |setClientId_#in~handle| 1)} {19759#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:55,773 INFO L290 TraceCheckUtils]: 6: Hoare triple {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:55,773 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {19699#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {19666#false} is VALID [2022-02-20 17:53:55,773 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:53:55,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:53:55,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,780 INFO L290 TraceCheckUtils]: 0: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,780 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,780 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,780 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19665#true} {19665#true} #1615#return; {19665#true} is VALID [2022-02-20 17:53:55,780 INFO L290 TraceCheckUtils]: 0: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {19665#true} is VALID [2022-02-20 17:53:55,781 INFO L272 TraceCheckUtils]: 1: Hoare triple {19665#true} call setClientId(~chuck___0, ~chuck___0); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,781 INFO L290 TraceCheckUtils]: 2: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,781 INFO L290 TraceCheckUtils]: 3: Hoare triple {19665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,781 INFO L290 TraceCheckUtils]: 4: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,781 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19665#true} {19665#true} #1615#return; {19665#true} is VALID [2022-02-20 17:53:55,782 INFO L290 TraceCheckUtils]: 6: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,782 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {19665#true} {19666#false} #1753#return; {19666#false} is VALID [2022-02-20 17:53:55,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:53:55,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,791 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,791 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19665#true} {19666#false} #1637#return; {19666#false} is VALID [2022-02-20 17:53:55,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:53:55,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,800 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19665#true} {19666#false} #1639#return; {19666#false} is VALID [2022-02-20 17:53:55,800 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:53:55,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,803 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19665#true} {19666#false} #1649#return; {19666#false} is VALID [2022-02-20 17:53:55,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:53:55,803 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,805 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} ~handle := #in~handle;havoc ~retValue_acc~28; {19665#true} is VALID [2022-02-20 17:53:55,805 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {19665#true} is VALID [2022-02-20 17:53:55,805 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,805 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19665#true} {19666#false} #1651#return; {19666#false} is VALID [2022-02-20 17:53:55,815 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 17:53:55,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,819 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:55,821 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,823 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {19665#true} is VALID [2022-02-20 17:53:55,823 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume { :end_inline_deliver } true; {19665#true} is VALID [2022-02-20 17:53:55,823 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,823 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19665#true} {19665#true} #1717#return; {19665#true} is VALID [2022-02-20 17:53:55,823 INFO L290 TraceCheckUtils]: 0: Hoare triple {19773#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19665#true} is VALID [2022-02-20 17:53:55,823 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {19665#true} is VALID [2022-02-20 17:53:55,824 INFO L272 TraceCheckUtils]: 2: Hoare triple {19665#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {19665#true} is VALID [2022-02-20 17:53:55,824 INFO L290 TraceCheckUtils]: 3: Hoare triple {19665#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {19665#true} is VALID [2022-02-20 17:53:55,824 INFO L290 TraceCheckUtils]: 4: Hoare triple {19665#true} assume { :end_inline_deliver } true; {19665#true} is VALID [2022-02-20 17:53:55,824 INFO L290 TraceCheckUtils]: 5: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,824 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {19665#true} {19665#true} #1717#return; {19665#true} is VALID [2022-02-20 17:53:55,824 INFO L290 TraceCheckUtils]: 7: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,824 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {19665#true} {19666#false} #1671#return; {19666#false} is VALID [2022-02-20 17:53:55,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 158 [2022-02-20 17:53:55,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,826 INFO L290 TraceCheckUtils]: 0: Hoare triple {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,827 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,827 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,827 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19665#true} {19666#false} #1673#return; {19666#false} is VALID [2022-02-20 17:53:55,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 164 [2022-02-20 17:53:55,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:53:55,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:55,836 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {19665#true} is VALID [2022-02-20 17:53:55,836 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,836 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19665#true} {19665#true} #1797#return; {19665#true} is VALID [2022-02-20 17:53:55,836 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {19665#true} is VALID [2022-02-20 17:53:55,837 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {19665#true} is VALID [2022-02-20 17:53:55,837 INFO L272 TraceCheckUtils]: 2: Hoare triple {19665#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {19665#true} is VALID [2022-02-20 17:53:55,837 INFO L290 TraceCheckUtils]: 3: Hoare triple {19665#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {19665#true} is VALID [2022-02-20 17:53:55,837 INFO L290 TraceCheckUtils]: 4: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,837 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19665#true} {19665#true} #1797#return; {19665#true} is VALID [2022-02-20 17:53:55,837 INFO L290 TraceCheckUtils]: 6: Hoare triple {19665#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {19665#true} is VALID [2022-02-20 17:53:55,837 INFO L290 TraceCheckUtils]: 7: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,837 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {19665#true} {19666#false} #1675#return; {19666#false} is VALID [2022-02-20 17:53:55,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {19665#true} is VALID [2022-02-20 17:53:55,838 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {19665#true} is VALID [2022-02-20 17:53:55,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {19665#true} is VALID [2022-02-20 17:53:55,838 INFO L272 TraceCheckUtils]: 3: Hoare triple {19665#true} call select_features_#t~ret5#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:55,838 INFO L290 TraceCheckUtils]: 4: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,838 INFO L290 TraceCheckUtils]: 5: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,838 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {19665#true} {19665#true} #1721#return; {19665#true} is VALID [2022-02-20 17:53:55,838 INFO L290 TraceCheckUtils]: 7: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {19665#true} is VALID [2022-02-20 17:53:55,838 INFO L272 TraceCheckUtils]: 8: Hoare triple {19665#true} call select_features_#t~ret6#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L290 TraceCheckUtils]: 9: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L290 TraceCheckUtils]: 10: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {19665#true} {19665#true} #1723#return; {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L290 TraceCheckUtils]: 12: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L272 TraceCheckUtils]: 13: Hoare triple {19665#true} call select_features_#t~ret7#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L290 TraceCheckUtils]: 14: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L290 TraceCheckUtils]: 15: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19665#true} {19665#true} #1725#return; {19665#true} is VALID [2022-02-20 17:53:55,839 INFO L290 TraceCheckUtils]: 17: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L272 TraceCheckUtils]: 18: Hoare triple {19665#true} call select_features_#t~ret8#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L290 TraceCheckUtils]: 19: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L290 TraceCheckUtils]: 20: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {19665#true} {19665#true} #1727#return; {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L290 TraceCheckUtils]: 22: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L272 TraceCheckUtils]: 23: Hoare triple {19665#true} call select_features_#t~ret9#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L290 TraceCheckUtils]: 24: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L290 TraceCheckUtils]: 25: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,840 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {19665#true} {19665#true} #1729#return; {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L290 TraceCheckUtils]: 27: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L272 TraceCheckUtils]: 28: Hoare triple {19665#true} call select_features_#t~ret10#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L290 TraceCheckUtils]: 29: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L290 TraceCheckUtils]: 30: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {19665#true} {19665#true} #1731#return; {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L290 TraceCheckUtils]: 32: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L272 TraceCheckUtils]: 33: Hoare triple {19665#true} call select_features_#t~ret11#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L290 TraceCheckUtils]: 34: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,841 INFO L290 TraceCheckUtils]: 35: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {19665#true} {19665#true} #1733#return; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L290 TraceCheckUtils]: 37: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L272 TraceCheckUtils]: 38: Hoare triple {19665#true} call select_features_#t~ret12#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L290 TraceCheckUtils]: 39: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L290 TraceCheckUtils]: 40: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {19665#true} {19665#true} #1735#return; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L290 TraceCheckUtils]: 42: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L290 TraceCheckUtils]: 43: Hoare triple {19665#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L290 TraceCheckUtils]: 44: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {19665#true} is VALID [2022-02-20 17:53:55,842 INFO L290 TraceCheckUtils]: 45: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 46: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 47: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 48: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 49: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 50: Hoare triple {19665#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 51: Hoare triple {19665#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 52: Hoare triple {19665#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 53: Hoare triple {19665#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {19665#true} is VALID [2022-02-20 17:53:55,843 INFO L290 TraceCheckUtils]: 54: Hoare triple {19665#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19665#true} is VALID [2022-02-20 17:53:55,844 INFO L272 TraceCheckUtils]: 55: Hoare triple {19665#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,844 INFO L290 TraceCheckUtils]: 56: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {19665#true} is VALID [2022-02-20 17:53:55,845 INFO L272 TraceCheckUtils]: 57: Hoare triple {19665#true} call setClientId(~bob___0, ~bob___0); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,845 INFO L290 TraceCheckUtils]: 58: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,845 INFO L290 TraceCheckUtils]: 59: Hoare triple {19665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,845 INFO L290 TraceCheckUtils]: 60: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,845 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {19665#true} {19665#true} #1719#return; {19665#true} is VALID [2022-02-20 17:53:55,845 INFO L290 TraceCheckUtils]: 62: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,845 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {19665#true} {19665#true} #1741#return; {19665#true} is VALID [2022-02-20 17:53:55,846 INFO L290 TraceCheckUtils]: 64: Hoare triple {19665#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {19699#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:53:55,846 INFO L290 TraceCheckUtils]: 65: Hoare triple {19699#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19699#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:53:55,846 INFO L272 TraceCheckUtils]: 66: Hoare triple {19699#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,847 INFO L290 TraceCheckUtils]: 67: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {19759#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:53:55,847 INFO L272 TraceCheckUtils]: 68: Hoare triple {19759#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,848 INFO L290 TraceCheckUtils]: 69: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19765#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:53:55,848 INFO L290 TraceCheckUtils]: 70: Hoare triple {19765#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19766#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:55,848 INFO L290 TraceCheckUtils]: 71: Hoare triple {19766#(= |setClientId_#in~handle| 1)} assume true; {19766#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:55,849 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {19766#(= |setClientId_#in~handle| 1)} {19759#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:55,849 INFO L290 TraceCheckUtils]: 73: Hoare triple {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:55,849 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {19764#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {19699#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {19666#false} is VALID [2022-02-20 17:53:55,849 INFO L290 TraceCheckUtils]: 75: Hoare triple {19666#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {19666#false} is VALID [2022-02-20 17:53:55,850 INFO L290 TraceCheckUtils]: 76: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19666#false} is VALID [2022-02-20 17:53:55,850 INFO L272 TraceCheckUtils]: 77: Hoare triple {19666#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,850 INFO L290 TraceCheckUtils]: 78: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {19665#true} is VALID [2022-02-20 17:53:55,850 INFO L272 TraceCheckUtils]: 79: Hoare triple {19665#true} call setClientId(~chuck___0, ~chuck___0); {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:53:55,850 INFO L290 TraceCheckUtils]: 80: Hoare triple {19754#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,851 INFO L290 TraceCheckUtils]: 81: Hoare triple {19665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,851 INFO L290 TraceCheckUtils]: 82: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,851 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {19665#true} {19665#true} #1615#return; {19665#true} is VALID [2022-02-20 17:53:55,851 INFO L290 TraceCheckUtils]: 84: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,851 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {19665#true} {19666#false} #1753#return; {19666#false} is VALID [2022-02-20 17:53:55,851 INFO L290 TraceCheckUtils]: 86: Hoare triple {19666#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {19666#false} is VALID [2022-02-20 17:53:55,851 INFO L290 TraceCheckUtils]: 87: Hoare triple {19666#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19666#false} is VALID [2022-02-20 17:53:55,851 INFO L290 TraceCheckUtils]: 88: Hoare triple {19666#false} assume !false; {19666#false} is VALID [2022-02-20 17:53:55,851 INFO L290 TraceCheckUtils]: 89: Hoare triple {19666#false} assume test_~splverifierCounter~0#1 < 4; {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 90: Hoare triple {19666#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 91: Hoare triple {19666#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 92: Hoare triple {19666#false} assume 0 != test_~tmp___9~0#1; {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 93: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 94: Hoare triple {19666#false} test_~op1~0#1 := 1; {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 95: Hoare triple {19666#false} assume !false; {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 96: Hoare triple {19666#false} assume !(test_~splverifierCounter~0#1 < 4); {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 97: Hoare triple {19666#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L272 TraceCheckUtils]: 98: Hoare triple {19666#false} call sendEmail(~bob~0, ~rjh~0); {19666#false} is VALID [2022-02-20 17:53:55,852 INFO L290 TraceCheckUtils]: 99: Hoare triple {19666#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19666#false} is VALID [2022-02-20 17:53:55,853 INFO L272 TraceCheckUtils]: 100: Hoare triple {19666#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:55,853 INFO L290 TraceCheckUtils]: 101: Hoare triple {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,853 INFO L290 TraceCheckUtils]: 102: Hoare triple {19665#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,853 INFO L290 TraceCheckUtils]: 103: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,853 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {19665#true} {19666#false} #1637#return; {19666#false} is VALID [2022-02-20 17:53:55,853 INFO L272 TraceCheckUtils]: 105: Hoare triple {19666#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:55,853 INFO L290 TraceCheckUtils]: 106: Hoare triple {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,853 INFO L290 TraceCheckUtils]: 107: Hoare triple {19665#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,853 INFO L290 TraceCheckUtils]: 108: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,854 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {19665#true} {19666#false} #1639#return; {19666#false} is VALID [2022-02-20 17:53:55,854 INFO L290 TraceCheckUtils]: 110: Hoare triple {19666#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {19666#false} is VALID [2022-02-20 17:53:55,854 INFO L290 TraceCheckUtils]: 111: Hoare triple {19666#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {19666#false} is VALID [2022-02-20 17:53:55,854 INFO L272 TraceCheckUtils]: 112: Hoare triple {19666#false} call outgoing(~sender#1, ~email~0#1); {19666#false} is VALID [2022-02-20 17:53:55,854 INFO L290 TraceCheckUtils]: 113: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:55,854 INFO L290 TraceCheckUtils]: 114: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {19666#false} is VALID [2022-02-20 17:53:55,854 INFO L272 TraceCheckUtils]: 115: Hoare triple {19666#false} call outgoing__before__Sign(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:55,854 INFO L290 TraceCheckUtils]: 116: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:55,854 INFO L290 TraceCheckUtils]: 117: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {19666#false} is VALID [2022-02-20 17:53:55,855 INFO L272 TraceCheckUtils]: 118: Hoare triple {19666#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:55,855 INFO L290 TraceCheckUtils]: 119: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:55,855 INFO L290 TraceCheckUtils]: 120: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {19666#false} is VALID [2022-02-20 17:53:55,855 INFO L272 TraceCheckUtils]: 121: Hoare triple {19666#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:55,855 INFO L290 TraceCheckUtils]: 122: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {19666#false} is VALID [2022-02-20 17:53:55,855 INFO L290 TraceCheckUtils]: 123: Hoare triple {19666#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {19666#false} is VALID [2022-02-20 17:53:55,855 INFO L290 TraceCheckUtils]: 124: Hoare triple {19666#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {19666#false} is VALID [2022-02-20 17:53:55,855 INFO L272 TraceCheckUtils]: 125: Hoare triple {19666#false} call setEmailFrom(~msg#1, ~tmp~2#1); {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:53:55,855 INFO L290 TraceCheckUtils]: 126: Hoare triple {19771#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,856 INFO L290 TraceCheckUtils]: 127: Hoare triple {19665#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,856 INFO L290 TraceCheckUtils]: 128: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,856 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {19665#true} {19666#false} #1649#return; {19666#false} is VALID [2022-02-20 17:53:55,856 INFO L290 TraceCheckUtils]: 130: Hoare triple {19666#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {19666#false} is VALID [2022-02-20 17:53:55,856 INFO L272 TraceCheckUtils]: 131: Hoare triple {19666#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {19665#true} is VALID [2022-02-20 17:53:55,856 INFO L290 TraceCheckUtils]: 132: Hoare triple {19665#true} ~handle := #in~handle;havoc ~retValue_acc~28; {19665#true} is VALID [2022-02-20 17:53:55,856 INFO L290 TraceCheckUtils]: 133: Hoare triple {19665#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {19665#true} is VALID [2022-02-20 17:53:55,856 INFO L290 TraceCheckUtils]: 134: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,856 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {19665#true} {19666#false} #1651#return; {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L290 TraceCheckUtils]: 136: Hoare triple {19666#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L290 TraceCheckUtils]: 137: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L272 TraceCheckUtils]: 138: Hoare triple {19666#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L290 TraceCheckUtils]: 139: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L290 TraceCheckUtils]: 140: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L272 TraceCheckUtils]: 141: Hoare triple {19666#false} call incoming__before__Verify(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L290 TraceCheckUtils]: 142: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L290 TraceCheckUtils]: 143: Hoare triple {19666#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {19666#false} is VALID [2022-02-20 17:53:55,857 INFO L272 TraceCheckUtils]: 144: Hoare triple {19666#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {19773#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} is VALID [2022-02-20 17:53:55,858 INFO L290 TraceCheckUtils]: 145: Hoare triple {19773#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19665#true} is VALID [2022-02-20 17:53:55,858 INFO L290 TraceCheckUtils]: 146: Hoare triple {19665#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {19665#true} is VALID [2022-02-20 17:53:55,858 INFO L272 TraceCheckUtils]: 147: Hoare triple {19665#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {19665#true} is VALID [2022-02-20 17:53:55,858 INFO L290 TraceCheckUtils]: 148: Hoare triple {19665#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {19665#true} is VALID [2022-02-20 17:53:55,858 INFO L290 TraceCheckUtils]: 149: Hoare triple {19665#true} assume { :end_inline_deliver } true; {19665#true} is VALID [2022-02-20 17:53:55,858 INFO L290 TraceCheckUtils]: 150: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,858 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {19665#true} {19665#true} #1717#return; {19665#true} is VALID [2022-02-20 17:53:55,858 INFO L290 TraceCheckUtils]: 152: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,858 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {19665#true} {19666#false} #1671#return; {19666#false} is VALID [2022-02-20 17:53:55,858 INFO L290 TraceCheckUtils]: 154: Hoare triple {19666#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {19666#false} is VALID [2022-02-20 17:53:55,859 INFO L290 TraceCheckUtils]: 155: Hoare triple {19666#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {19666#false} is VALID [2022-02-20 17:53:55,859 INFO L290 TraceCheckUtils]: 156: Hoare triple {19666#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {19666#false} is VALID [2022-02-20 17:53:55,859 INFO L290 TraceCheckUtils]: 157: Hoare triple {19666#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {19666#false} is VALID [2022-02-20 17:53:55,859 INFO L272 TraceCheckUtils]: 158: Hoare triple {19666#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:53:55,859 INFO L290 TraceCheckUtils]: 159: Hoare triple {19772#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:55,859 INFO L290 TraceCheckUtils]: 160: Hoare triple {19665#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:55,859 INFO L290 TraceCheckUtils]: 161: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,859 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {19665#true} {19666#false} #1673#return; {19666#false} is VALID [2022-02-20 17:53:55,859 INFO L290 TraceCheckUtils]: 163: Hoare triple {19666#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {19666#false} is VALID [2022-02-20 17:53:55,860 INFO L272 TraceCheckUtils]: 164: Hoare triple {19666#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {19665#true} is VALID [2022-02-20 17:53:55,860 INFO L290 TraceCheckUtils]: 165: Hoare triple {19665#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {19665#true} is VALID [2022-02-20 17:53:55,860 INFO L290 TraceCheckUtils]: 166: Hoare triple {19665#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {19665#true} is VALID [2022-02-20 17:53:55,860 INFO L272 TraceCheckUtils]: 167: Hoare triple {19665#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {19665#true} is VALID [2022-02-20 17:53:55,860 INFO L290 TraceCheckUtils]: 168: Hoare triple {19665#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {19665#true} is VALID [2022-02-20 17:53:55,860 INFO L290 TraceCheckUtils]: 169: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,860 INFO L284 TraceCheckUtils]: 170: Hoare quadruple {19665#true} {19665#true} #1797#return; {19665#true} is VALID [2022-02-20 17:53:55,860 INFO L290 TraceCheckUtils]: 171: Hoare triple {19665#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {19665#true} is VALID [2022-02-20 17:53:55,860 INFO L290 TraceCheckUtils]: 172: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:55,861 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {19665#true} {19666#false} #1675#return; {19666#false} is VALID [2022-02-20 17:53:55,861 INFO L290 TraceCheckUtils]: 174: Hoare triple {19666#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {19666#false} is VALID [2022-02-20 17:53:55,861 INFO L290 TraceCheckUtils]: 175: Hoare triple {19666#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {19666#false} is VALID [2022-02-20 17:53:55,861 INFO L290 TraceCheckUtils]: 176: Hoare triple {19666#false} assume !false; {19666#false} is VALID [2022-02-20 17:53:55,861 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:53:55,861 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:53:55,862 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1200958194] [2022-02-20 17:53:55,862 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1200958194] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:53:55,862 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [975792443] [2022-02-20 17:53:55,862 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:53:55,862 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:53:55,862 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:53:55,863 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:53:55,891 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:53:56,155 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:56,160 INFO L263 TraceCheckSpWp]: Trace formula consists of 1503 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:53:56,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:53:56,203 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 0: Hoare triple {19665#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 1: Hoare triple {19665#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 2: Hoare triple {19665#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L272 TraceCheckUtils]: 3: Hoare triple {19665#true} call select_features_#t~ret5#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 4: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 5: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {19665#true} {19665#true} #1721#return; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 7: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L272 TraceCheckUtils]: 8: Hoare triple {19665#true} call select_features_#t~ret6#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 9: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 10: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {19665#true} {19665#true} #1723#return; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L290 TraceCheckUtils]: 12: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {19665#true} is VALID [2022-02-20 17:53:56,613 INFO L272 TraceCheckUtils]: 13: Hoare triple {19665#true} call select_features_#t~ret7#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L290 TraceCheckUtils]: 14: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L290 TraceCheckUtils]: 15: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19665#true} {19665#true} #1725#return; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L290 TraceCheckUtils]: 17: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L272 TraceCheckUtils]: 18: Hoare triple {19665#true} call select_features_#t~ret8#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L290 TraceCheckUtils]: 19: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L290 TraceCheckUtils]: 20: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {19665#true} {19665#true} #1727#return; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L290 TraceCheckUtils]: 22: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L272 TraceCheckUtils]: 23: Hoare triple {19665#true} call select_features_#t~ret9#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L290 TraceCheckUtils]: 24: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:56,614 INFO L290 TraceCheckUtils]: 25: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,615 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {19665#true} {19665#true} #1729#return; {19665#true} is VALID [2022-02-20 17:53:56,615 INFO L290 TraceCheckUtils]: 27: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {19665#true} is VALID [2022-02-20 17:53:56,615 INFO L272 TraceCheckUtils]: 28: Hoare triple {19665#true} call select_features_#t~ret10#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L290 TraceCheckUtils]: 29: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L290 TraceCheckUtils]: 30: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {19665#true} {19665#true} #1731#return; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L290 TraceCheckUtils]: 32: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L272 TraceCheckUtils]: 33: Hoare triple {19665#true} call select_features_#t~ret11#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L290 TraceCheckUtils]: 34: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L290 TraceCheckUtils]: 35: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {19665#true} {19665#true} #1733#return; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L290 TraceCheckUtils]: 37: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L272 TraceCheckUtils]: 38: Hoare triple {19665#true} call select_features_#t~ret12#1 := select_one(); {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L290 TraceCheckUtils]: 39: Hoare triple {19665#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {19665#true} is VALID [2022-02-20 17:53:56,627 INFO L290 TraceCheckUtils]: 40: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {19665#true} {19665#true} #1735#return; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 42: Hoare triple {19665#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 43: Hoare triple {19665#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 44: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 45: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 46: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 47: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 48: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 49: Hoare triple {19665#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 50: Hoare triple {19665#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 51: Hoare triple {19665#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 52: Hoare triple {19665#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 53: Hoare triple {19665#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 54: Hoare triple {19665#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L272 TraceCheckUtils]: 55: Hoare triple {19665#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 56: Hoare triple {19665#true} ~bob___0 := #in~bob___0; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L272 TraceCheckUtils]: 57: Hoare triple {19665#true} call setClientId(~bob___0, ~bob___0); {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 58: Hoare triple {19665#true} ~handle := #in~handle;~value := #in~value; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 59: Hoare triple {19665#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 60: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {19665#true} {19665#true} #1719#return; {19665#true} is VALID [2022-02-20 17:53:56,628 INFO L290 TraceCheckUtils]: 62: Hoare triple {19665#true} assume true; {19665#true} is VALID [2022-02-20 17:53:56,629 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {19665#true} {19665#true} #1741#return; {19665#true} is VALID [2022-02-20 17:53:56,643 INFO L290 TraceCheckUtils]: 64: Hoare triple {19665#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {19976#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:53:56,644 INFO L290 TraceCheckUtils]: 65: Hoare triple {19976#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19976#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:53:56,644 INFO L272 TraceCheckUtils]: 66: Hoare triple {19976#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {19665#true} is VALID [2022-02-20 17:53:56,644 INFO L290 TraceCheckUtils]: 67: Hoare triple {19665#true} ~rjh___0 := #in~rjh___0; {19986#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 17:53:56,644 INFO L272 TraceCheckUtils]: 68: Hoare triple {19986#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {19665#true} is VALID [2022-02-20 17:53:56,644 INFO L290 TraceCheckUtils]: 69: Hoare triple {19665#true} ~handle := #in~handle;~value := #in~value; {19993#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:53:56,645 INFO L290 TraceCheckUtils]: 70: Hoare triple {19993#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19997#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:56,645 INFO L290 TraceCheckUtils]: 71: Hoare triple {19997#(<= |setClientId_#in~handle| 1)} assume true; {19997#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:53:56,646 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {19997#(<= |setClientId_#in~handle| 1)} {19986#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1669#return; {20004#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:56,646 INFO L290 TraceCheckUtils]: 73: Hoare triple {20004#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {20004#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:53:56,647 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {20004#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {19976#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1747#return; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 75: Hoare triple {19666#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 76: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L272 TraceCheckUtils]: 77: Hoare triple {19666#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 78: Hoare triple {19666#false} ~chuck___0 := #in~chuck___0; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L272 TraceCheckUtils]: 79: Hoare triple {19666#false} call setClientId(~chuck___0, ~chuck___0); {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 80: Hoare triple {19666#false} ~handle := #in~handle;~value := #in~value; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 81: Hoare triple {19666#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 82: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {19666#false} {19666#false} #1615#return; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 84: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {19666#false} {19666#false} #1753#return; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 86: Hoare triple {19666#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 87: Hoare triple {19666#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 88: Hoare triple {19666#false} assume !false; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 89: Hoare triple {19666#false} assume test_~splverifierCounter~0#1 < 4; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 90: Hoare triple {19666#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 91: Hoare triple {19666#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {19666#false} is VALID [2022-02-20 17:53:56,647 INFO L290 TraceCheckUtils]: 92: Hoare triple {19666#false} assume 0 != test_~tmp___9~0#1; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 93: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 94: Hoare triple {19666#false} test_~op1~0#1 := 1; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 95: Hoare triple {19666#false} assume !false; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 96: Hoare triple {19666#false} assume !(test_~splverifierCounter~0#1 < 4); {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 97: Hoare triple {19666#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L272 TraceCheckUtils]: 98: Hoare triple {19666#false} call sendEmail(~bob~0, ~rjh~0); {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 99: Hoare triple {19666#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L272 TraceCheckUtils]: 100: Hoare triple {19666#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 101: Hoare triple {19666#false} ~handle := #in~handle;~value := #in~value; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 102: Hoare triple {19666#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 103: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {19666#false} {19666#false} #1637#return; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L272 TraceCheckUtils]: 105: Hoare triple {19666#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 106: Hoare triple {19666#false} ~handle := #in~handle;~value := #in~value; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 107: Hoare triple {19666#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 108: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {19666#false} {19666#false} #1639#return; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 110: Hoare triple {19666#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 111: Hoare triple {19666#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L272 TraceCheckUtils]: 112: Hoare triple {19666#false} call outgoing(~sender#1, ~email~0#1); {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 113: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:56,648 INFO L290 TraceCheckUtils]: 114: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L272 TraceCheckUtils]: 115: Hoare triple {19666#false} call outgoing__before__Sign(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 116: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 117: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L272 TraceCheckUtils]: 118: Hoare triple {19666#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 119: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 120: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L272 TraceCheckUtils]: 121: Hoare triple {19666#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 122: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 123: Hoare triple {19666#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 124: Hoare triple {19666#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L272 TraceCheckUtils]: 125: Hoare triple {19666#false} call setEmailFrom(~msg#1, ~tmp~2#1); {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 126: Hoare triple {19666#false} ~handle := #in~handle;~value := #in~value; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 127: Hoare triple {19666#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 128: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {19666#false} {19666#false} #1649#return; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 130: Hoare triple {19666#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L272 TraceCheckUtils]: 131: Hoare triple {19666#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 132: Hoare triple {19666#false} ~handle := #in~handle;havoc ~retValue_acc~28; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 133: Hoare triple {19666#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 134: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {19666#false} {19666#false} #1651#return; {19666#false} is VALID [2022-02-20 17:53:56,649 INFO L290 TraceCheckUtils]: 136: Hoare triple {19666#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 137: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L272 TraceCheckUtils]: 138: Hoare triple {19666#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 139: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 140: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L272 TraceCheckUtils]: 141: Hoare triple {19666#false} call incoming__before__Verify(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 142: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 143: Hoare triple {19666#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L272 TraceCheckUtils]: 144: Hoare triple {19666#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 145: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 146: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L272 TraceCheckUtils]: 147: Hoare triple {19666#false} call incoming__before__AutoResponder(~client#1, ~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 148: Hoare triple {19666#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 149: Hoare triple {19666#false} assume { :end_inline_deliver } true; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 150: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {19666#false} {19666#false} #1717#return; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 152: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {19666#false} {19666#false} #1671#return; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 154: Hoare triple {19666#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 155: Hoare triple {19666#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 156: Hoare triple {19666#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L290 TraceCheckUtils]: 157: Hoare triple {19666#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {19666#false} is VALID [2022-02-20 17:53:56,650 INFO L272 TraceCheckUtils]: 158: Hoare triple {19666#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 159: Hoare triple {19666#false} ~handle := #in~handle;~value := #in~value; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 160: Hoare triple {19666#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 161: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {19666#false} {19666#false} #1673#return; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 163: Hoare triple {19666#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L272 TraceCheckUtils]: 164: Hoare triple {19666#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 165: Hoare triple {19666#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 166: Hoare triple {19666#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L272 TraceCheckUtils]: 167: Hoare triple {19666#false} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 168: Hoare triple {19666#false} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 169: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L284 TraceCheckUtils]: 170: Hoare quadruple {19666#false} {19666#false} #1797#return; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 171: Hoare triple {19666#false} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 172: Hoare triple {19666#false} assume true; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {19666#false} {19666#false} #1675#return; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 174: Hoare triple {19666#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 175: Hoare triple {19666#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {19666#false} is VALID [2022-02-20 17:53:56,651 INFO L290 TraceCheckUtils]: 176: Hoare triple {19666#false} assume !false; {19666#false} is VALID [2022-02-20 17:53:56,662 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 11 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 17:53:56,662 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:53:56,662 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [975792443] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:53:56,662 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:53:56,662 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [11] total 16 [2022-02-20 17:53:56,662 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2055323605] [2022-02-20 17:53:56,663 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:53:56,663 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 6 states have (on average 17.166666666666668) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 17:53:56,664 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:53:56,664 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 6 states have (on average 17.166666666666668) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:53:56,774 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 156 edges. 156 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:53:56,774 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 17:53:56,774 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:53:56,774 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 17:53:56,774 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=35, Invalid=205, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:53:56,775 INFO L87 Difference]: Start difference. First operand 1129 states and 1674 transitions. Second operand has 7 states, 6 states have (on average 17.166666666666668) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:53:58,960 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:53:58,960 INFO L93 Difference]: Finished difference Result 2180 states and 3247 transitions. [2022-02-20 17:53:58,960 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:53:58,961 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 6 states have (on average 17.166666666666668) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 17:53:58,961 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:53:58,961 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 6 states have (on average 17.166666666666668) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:53:58,977 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1678 transitions. [2022-02-20 17:53:58,977 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 6 states have (on average 17.166666666666668) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:53:58,992 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1678 transitions. [2022-02-20 17:53:58,992 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1678 transitions. [2022-02-20 17:53:59,969 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1678 edges. 1678 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:54:00,022 INFO L225 Difference]: With dead ends: 2180 [2022-02-20 17:54:00,022 INFO L226 Difference]: Without dead ends: 1137 [2022-02-20 17:54:00,024 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 229 GetRequests, 213 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=263, Unknown=0, NotChecked=0, Total=306 [2022-02-20 17:54:00,025 INFO L933 BasicCegarLoop]: 863 mSDtfsCounter, 196 mSDsluCounter, 4090 mSDsCounter, 0 mSdLazyCounter, 73 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 223 SdHoareTripleChecker+Valid, 4953 SdHoareTripleChecker+Invalid, 73 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 73 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:54:00,026 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [223 Valid, 4953 Invalid, 73 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 73 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 17:54:00,027 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1137 states. [2022-02-20 17:54:00,100 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1137 to 1137. [2022-02-20 17:54:00,101 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:54:00,103 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1137 states. Second operand has 1137 states, 846 states have (on average 1.4976359338061467) internal successors, (1267), 882 states have internal predecessors, (1267), 200 states have call successors, (200), 86 states have call predecessors, (200), 90 states have return successors, (219), 199 states have call predecessors, (219), 198 states have call successors, (219) [2022-02-20 17:54:00,105 INFO L74 IsIncluded]: Start isIncluded. First operand 1137 states. Second operand has 1137 states, 846 states have (on average 1.4976359338061467) internal successors, (1267), 882 states have internal predecessors, (1267), 200 states have call successors, (200), 86 states have call predecessors, (200), 90 states have return successors, (219), 199 states have call predecessors, (219), 198 states have call successors, (219) [2022-02-20 17:54:00,106 INFO L87 Difference]: Start difference. First operand 1137 states. Second operand has 1137 states, 846 states have (on average 1.4976359338061467) internal successors, (1267), 882 states have internal predecessors, (1267), 200 states have call successors, (200), 86 states have call predecessors, (200), 90 states have return successors, (219), 199 states have call predecessors, (219), 198 states have call successors, (219) [2022-02-20 17:54:00,149 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:54:00,149 INFO L93 Difference]: Finished difference Result 1137 states and 1686 transitions. [2022-02-20 17:54:00,149 INFO L276 IsEmpty]: Start isEmpty. Operand 1137 states and 1686 transitions. [2022-02-20 17:54:00,152 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:54:00,152 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:54:00,154 INFO L74 IsIncluded]: Start isIncluded. First operand has 1137 states, 846 states have (on average 1.4976359338061467) internal successors, (1267), 882 states have internal predecessors, (1267), 200 states have call successors, (200), 86 states have call predecessors, (200), 90 states have return successors, (219), 199 states have call predecessors, (219), 198 states have call successors, (219) Second operand 1137 states. [2022-02-20 17:54:00,155 INFO L87 Difference]: Start difference. First operand has 1137 states, 846 states have (on average 1.4976359338061467) internal successors, (1267), 882 states have internal predecessors, (1267), 200 states have call successors, (200), 86 states have call predecessors, (200), 90 states have return successors, (219), 199 states have call predecessors, (219), 198 states have call successors, (219) Second operand 1137 states. [2022-02-20 17:54:00,198 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:54:00,198 INFO L93 Difference]: Finished difference Result 1137 states and 1686 transitions. [2022-02-20 17:54:00,198 INFO L276 IsEmpty]: Start isEmpty. Operand 1137 states and 1686 transitions. [2022-02-20 17:54:00,201 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:54:00,201 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:54:00,201 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:54:00,201 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:54:00,203 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1137 states, 846 states have (on average 1.4976359338061467) internal successors, (1267), 882 states have internal predecessors, (1267), 200 states have call successors, (200), 86 states have call predecessors, (200), 90 states have return successors, (219), 199 states have call predecessors, (219), 198 states have call successors, (219) [2022-02-20 17:54:00,277 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1137 states to 1137 states and 1686 transitions. [2022-02-20 17:54:00,278 INFO L78 Accepts]: Start accepts. Automaton has 1137 states and 1686 transitions. Word has length 177 [2022-02-20 17:54:00,278 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:54:00,278 INFO L470 AbstractCegarLoop]: Abstraction has 1137 states and 1686 transitions. [2022-02-20 17:54:00,278 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 6 states have (on average 17.166666666666668) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:54:00,278 INFO L276 IsEmpty]: Start isEmpty. Operand 1137 states and 1686 transitions. [2022-02-20 17:54:00,281 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 179 [2022-02-20 17:54:00,281 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:54:00,282 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:54:00,301 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Ended with exit code 0 [2022-02-20 17:54:00,498 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:54:00,499 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:54:00,499 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:54:00,500 INFO L85 PathProgramCache]: Analyzing trace with hash 1490272166, now seen corresponding path program 1 times [2022-02-20 17:54:00,500 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:54:00,500 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1478040638] [2022-02-20 17:54:00,500 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:54:00,500 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:54:00,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,575 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:54:00,577 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,579 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,580 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1721#return; {27153#true} is VALID [2022-02-20 17:54:00,580 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:54:00,581 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,583 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,583 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,583 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1723#return; {27153#true} is VALID [2022-02-20 17:54:00,583 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:54:00,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,586 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,587 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,587 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1725#return; {27153#true} is VALID [2022-02-20 17:54:00,587 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:54:00,588 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,591 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,591 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,591 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1727#return; {27153#true} is VALID [2022-02-20 17:54:00,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:54:00,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,594 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,595 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,595 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1729#return; {27153#true} is VALID [2022-02-20 17:54:00,595 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:54:00,597 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,598 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,598 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1731#return; {27153#true} is VALID [2022-02-20 17:54:00,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:54:00,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,601 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1733#return; {27153#true} is VALID [2022-02-20 17:54:00,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:54:00,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,604 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1735#return; {27153#true} is VALID [2022-02-20 17:54:00,608 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:54:00,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:54:00,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,612 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27153#true} {27153#true} #1719#return; {27153#true} is VALID [2022-02-20 17:54:00,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {27153#true} is VALID [2022-02-20 17:54:00,613 INFO L272 TraceCheckUtils]: 1: Hoare triple {27153#true} call setClientId(~bob___0, ~bob___0); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,613 INFO L290 TraceCheckUtils]: 2: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,613 INFO L290 TraceCheckUtils]: 3: Hoare triple {27153#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,613 INFO L290 TraceCheckUtils]: 4: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,613 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27153#true} {27153#true} #1719#return; {27153#true} is VALID [2022-02-20 17:54:00,613 INFO L290 TraceCheckUtils]: 6: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,613 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {27153#true} {27153#true} #1741#return; {27153#true} is VALID [2022-02-20 17:54:00,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:54:00,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:54:00,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume !(1 == ~handle); {27153#true} is VALID [2022-02-20 17:54:00,620 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,620 INFO L290 TraceCheckUtils]: 3: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,620 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27153#true} {27153#true} #1669#return; {27153#true} is VALID [2022-02-20 17:54:00,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {27153#true} is VALID [2022-02-20 17:54:00,621 INFO L272 TraceCheckUtils]: 1: Hoare triple {27153#true} call setClientId(~rjh___0, ~rjh___0); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,621 INFO L290 TraceCheckUtils]: 2: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,621 INFO L290 TraceCheckUtils]: 3: Hoare triple {27153#true} assume !(1 == ~handle); {27153#true} is VALID [2022-02-20 17:54:00,621 INFO L290 TraceCheckUtils]: 4: Hoare triple {27153#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,621 INFO L290 TraceCheckUtils]: 5: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,621 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {27153#true} {27153#true} #1669#return; {27153#true} is VALID [2022-02-20 17:54:00,621 INFO L290 TraceCheckUtils]: 7: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,621 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {27153#true} {27153#true} #1747#return; {27153#true} is VALID [2022-02-20 17:54:00,622 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:54:00,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:54:00,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,649 INFO L290 TraceCheckUtils]: 0: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27259#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:00,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {27259#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27260#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:54:00,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {27260#(= |setClientId_#in~handle| 1)} assume true; {27260#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:54:00,651 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27260#(= |setClientId_#in~handle| 1)} {27253#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:54:00,651 INFO L290 TraceCheckUtils]: 0: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {27253#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:00,652 INFO L272 TraceCheckUtils]: 1: Hoare triple {27253#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,652 INFO L290 TraceCheckUtils]: 2: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27259#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:00,652 INFO L290 TraceCheckUtils]: 3: Hoare triple {27259#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27260#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:54:00,652 INFO L290 TraceCheckUtils]: 4: Hoare triple {27260#(= |setClientId_#in~handle| 1)} assume true; {27260#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:54:00,653 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27260#(= |setClientId_#in~handle| 1)} {27253#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:54:00,653 INFO L290 TraceCheckUtils]: 6: Hoare triple {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:54:00,653 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {27196#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #1753#return; {27154#false} is VALID [2022-02-20 17:54:00,659 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:54:00,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {27261#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,661 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27153#true} {27154#false} #1637#return; {27154#false} is VALID [2022-02-20 17:54:00,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:54:00,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {27262#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,671 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,671 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27153#true} {27154#false} #1639#return; {27154#false} is VALID [2022-02-20 17:54:00,671 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 17:54:00,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {27261#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27153#true} {27154#false} #1649#return; {27154#false} is VALID [2022-02-20 17:54:00,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 17:54:00,674 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,676 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} ~handle := #in~handle;havoc ~retValue_acc~28; {27153#true} is VALID [2022-02-20 17:54:00,676 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {27153#true} is VALID [2022-02-20 17:54:00,676 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,676 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27153#true} {27154#false} #1651#return; {27154#false} is VALID [2022-02-20 17:54:00,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 145 [2022-02-20 17:54:00,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,688 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:54:00,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {27153#true} is VALID [2022-02-20 17:54:00,691 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume { :end_inline_deliver } true; {27153#true} is VALID [2022-02-20 17:54:00,691 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,691 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27153#true} {27153#true} #1717#return; {27153#true} is VALID [2022-02-20 17:54:00,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {27263#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {27153#true} is VALID [2022-02-20 17:54:00,691 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {27153#true} is VALID [2022-02-20 17:54:00,691 INFO L272 TraceCheckUtils]: 2: Hoare triple {27153#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {27153#true} is VALID [2022-02-20 17:54:00,692 INFO L290 TraceCheckUtils]: 3: Hoare triple {27153#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {27153#true} is VALID [2022-02-20 17:54:00,692 INFO L290 TraceCheckUtils]: 4: Hoare triple {27153#true} assume { :end_inline_deliver } true; {27153#true} is VALID [2022-02-20 17:54:00,692 INFO L290 TraceCheckUtils]: 5: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,692 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {27153#true} {27153#true} #1717#return; {27153#true} is VALID [2022-02-20 17:54:00,692 INFO L290 TraceCheckUtils]: 7: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,692 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {27153#true} {27154#false} #1671#return; {27154#false} is VALID [2022-02-20 17:54:00,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 159 [2022-02-20 17:54:00,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {27262#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,694 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,694 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,694 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27153#true} {27154#false} #1673#return; {27154#false} is VALID [2022-02-20 17:54:00,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 165 [2022-02-20 17:54:00,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:54:00,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:00,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {27153#true} is VALID [2022-02-20 17:54:00,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,699 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27153#true} {27153#true} #1797#return; {27153#true} is VALID [2022-02-20 17:54:00,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {27153#true} is VALID [2022-02-20 17:54:00,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {27153#true} is VALID [2022-02-20 17:54:00,699 INFO L272 TraceCheckUtils]: 2: Hoare triple {27153#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {27153#true} is VALID [2022-02-20 17:54:00,699 INFO L290 TraceCheckUtils]: 3: Hoare triple {27153#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {27153#true} is VALID [2022-02-20 17:54:00,699 INFO L290 TraceCheckUtils]: 4: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,700 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27153#true} {27153#true} #1797#return; {27153#true} is VALID [2022-02-20 17:54:00,700 INFO L290 TraceCheckUtils]: 6: Hoare triple {27153#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {27153#true} is VALID [2022-02-20 17:54:00,700 INFO L290 TraceCheckUtils]: 7: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,700 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {27153#true} {27154#false} #1675#return; {27154#false} is VALID [2022-02-20 17:54:00,700 INFO L290 TraceCheckUtils]: 0: Hoare triple {27153#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {27153#true} is VALID [2022-02-20 17:54:00,700 INFO L290 TraceCheckUtils]: 1: Hoare triple {27153#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {27153#true} is VALID [2022-02-20 17:54:00,700 INFO L290 TraceCheckUtils]: 2: Hoare triple {27153#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {27153#true} is VALID [2022-02-20 17:54:00,700 INFO L272 TraceCheckUtils]: 3: Hoare triple {27153#true} call select_features_#t~ret5#1 := select_one(); {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L290 TraceCheckUtils]: 4: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L290 TraceCheckUtils]: 5: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {27153#true} {27153#true} #1721#return; {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L290 TraceCheckUtils]: 7: Hoare triple {27153#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L272 TraceCheckUtils]: 8: Hoare triple {27153#true} call select_features_#t~ret6#1 := select_one(); {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L290 TraceCheckUtils]: 9: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L290 TraceCheckUtils]: 10: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {27153#true} {27153#true} #1723#return; {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L290 TraceCheckUtils]: 12: Hoare triple {27153#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {27153#true} is VALID [2022-02-20 17:54:00,701 INFO L272 TraceCheckUtils]: 13: Hoare triple {27153#true} call select_features_#t~ret7#1 := select_one(); {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L290 TraceCheckUtils]: 14: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L290 TraceCheckUtils]: 15: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27153#true} {27153#true} #1725#return; {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L290 TraceCheckUtils]: 17: Hoare triple {27153#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L272 TraceCheckUtils]: 18: Hoare triple {27153#true} call select_features_#t~ret8#1 := select_one(); {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L290 TraceCheckUtils]: 19: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L290 TraceCheckUtils]: 20: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {27153#true} {27153#true} #1727#return; {27153#true} is VALID [2022-02-20 17:54:00,702 INFO L290 TraceCheckUtils]: 22: Hoare triple {27153#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L272 TraceCheckUtils]: 23: Hoare triple {27153#true} call select_features_#t~ret9#1 := select_one(); {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L290 TraceCheckUtils]: 24: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L290 TraceCheckUtils]: 25: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {27153#true} {27153#true} #1729#return; {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L290 TraceCheckUtils]: 27: Hoare triple {27153#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L272 TraceCheckUtils]: 28: Hoare triple {27153#true} call select_features_#t~ret10#1 := select_one(); {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L290 TraceCheckUtils]: 29: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L290 TraceCheckUtils]: 30: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {27153#true} {27153#true} #1731#return; {27153#true} is VALID [2022-02-20 17:54:00,703 INFO L290 TraceCheckUtils]: 32: Hoare triple {27153#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L272 TraceCheckUtils]: 33: Hoare triple {27153#true} call select_features_#t~ret11#1 := select_one(); {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L290 TraceCheckUtils]: 34: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L290 TraceCheckUtils]: 35: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {27153#true} {27153#true} #1733#return; {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L290 TraceCheckUtils]: 37: Hoare triple {27153#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L272 TraceCheckUtils]: 38: Hoare triple {27153#true} call select_features_#t~ret12#1 := select_one(); {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L290 TraceCheckUtils]: 39: Hoare triple {27153#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L290 TraceCheckUtils]: 40: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {27153#true} {27153#true} #1735#return; {27153#true} is VALID [2022-02-20 17:54:00,704 INFO L290 TraceCheckUtils]: 42: Hoare triple {27153#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 43: Hoare triple {27153#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 44: Hoare triple {27153#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 45: Hoare triple {27153#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 46: Hoare triple {27153#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 47: Hoare triple {27153#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 48: Hoare triple {27153#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 49: Hoare triple {27153#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 50: Hoare triple {27153#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 51: Hoare triple {27153#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {27153#true} is VALID [2022-02-20 17:54:00,705 INFO L290 TraceCheckUtils]: 52: Hoare triple {27153#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {27153#true} is VALID [2022-02-20 17:54:00,706 INFO L290 TraceCheckUtils]: 53: Hoare triple {27153#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {27153#true} is VALID [2022-02-20 17:54:00,706 INFO L290 TraceCheckUtils]: 54: Hoare triple {27153#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {27153#true} is VALID [2022-02-20 17:54:00,706 INFO L272 TraceCheckUtils]: 55: Hoare triple {27153#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,706 INFO L290 TraceCheckUtils]: 56: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {27153#true} is VALID [2022-02-20 17:54:00,707 INFO L272 TraceCheckUtils]: 57: Hoare triple {27153#true} call setClientId(~bob___0, ~bob___0); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,707 INFO L290 TraceCheckUtils]: 58: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,707 INFO L290 TraceCheckUtils]: 59: Hoare triple {27153#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,707 INFO L290 TraceCheckUtils]: 60: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,707 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {27153#true} {27153#true} #1719#return; {27153#true} is VALID [2022-02-20 17:54:00,707 INFO L290 TraceCheckUtils]: 62: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,707 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {27153#true} {27153#true} #1741#return; {27153#true} is VALID [2022-02-20 17:54:00,708 INFO L290 TraceCheckUtils]: 64: Hoare triple {27153#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {27153#true} is VALID [2022-02-20 17:54:00,708 INFO L290 TraceCheckUtils]: 65: Hoare triple {27153#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {27153#true} is VALID [2022-02-20 17:54:00,708 INFO L272 TraceCheckUtils]: 66: Hoare triple {27153#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,708 INFO L290 TraceCheckUtils]: 67: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {27153#true} is VALID [2022-02-20 17:54:00,709 INFO L272 TraceCheckUtils]: 68: Hoare triple {27153#true} call setClientId(~rjh___0, ~rjh___0); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,709 INFO L290 TraceCheckUtils]: 69: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,709 INFO L290 TraceCheckUtils]: 70: Hoare triple {27153#true} assume !(1 == ~handle); {27153#true} is VALID [2022-02-20 17:54:00,709 INFO L290 TraceCheckUtils]: 71: Hoare triple {27153#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,709 INFO L290 TraceCheckUtils]: 72: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,709 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {27153#true} {27153#true} #1669#return; {27153#true} is VALID [2022-02-20 17:54:00,709 INFO L290 TraceCheckUtils]: 74: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,709 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {27153#true} {27153#true} #1747#return; {27153#true} is VALID [2022-02-20 17:54:00,710 INFO L290 TraceCheckUtils]: 76: Hoare triple {27153#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {27196#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:54:00,710 INFO L290 TraceCheckUtils]: 77: Hoare triple {27196#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {27196#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:54:00,711 INFO L272 TraceCheckUtils]: 78: Hoare triple {27196#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,711 INFO L290 TraceCheckUtils]: 79: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {27253#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:00,711 INFO L272 TraceCheckUtils]: 80: Hoare triple {27253#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:00,712 INFO L290 TraceCheckUtils]: 81: Hoare triple {27243#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27259#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:00,712 INFO L290 TraceCheckUtils]: 82: Hoare triple {27259#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27260#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:54:00,712 INFO L290 TraceCheckUtils]: 83: Hoare triple {27260#(= |setClientId_#in~handle| 1)} assume true; {27260#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:54:00,713 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {27260#(= |setClientId_#in~handle| 1)} {27253#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:54:00,713 INFO L290 TraceCheckUtils]: 85: Hoare triple {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:54:00,713 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {27258#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {27196#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #1753#return; {27154#false} is VALID [2022-02-20 17:54:00,713 INFO L290 TraceCheckUtils]: 87: Hoare triple {27154#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {27154#false} is VALID [2022-02-20 17:54:00,713 INFO L290 TraceCheckUtils]: 88: Hoare triple {27154#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {27154#false} is VALID [2022-02-20 17:54:00,713 INFO L290 TraceCheckUtils]: 89: Hoare triple {27154#false} assume !false; {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 90: Hoare triple {27154#false} assume test_~splverifierCounter~0#1 < 4; {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 91: Hoare triple {27154#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 92: Hoare triple {27154#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 93: Hoare triple {27154#false} assume 0 != test_~tmp___9~0#1; {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 94: Hoare triple {27154#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 95: Hoare triple {27154#false} test_~op1~0#1 := 1; {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 96: Hoare triple {27154#false} assume !false; {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 97: Hoare triple {27154#false} assume !(test_~splverifierCounter~0#1 < 4); {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L290 TraceCheckUtils]: 98: Hoare triple {27154#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {27154#false} is VALID [2022-02-20 17:54:00,714 INFO L272 TraceCheckUtils]: 99: Hoare triple {27154#false} call sendEmail(~bob~0, ~rjh~0); {27154#false} is VALID [2022-02-20 17:54:00,715 INFO L290 TraceCheckUtils]: 100: Hoare triple {27154#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27154#false} is VALID [2022-02-20 17:54:00,715 INFO L272 TraceCheckUtils]: 101: Hoare triple {27154#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27261#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:54:00,715 INFO L290 TraceCheckUtils]: 102: Hoare triple {27261#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,715 INFO L290 TraceCheckUtils]: 103: Hoare triple {27153#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,715 INFO L290 TraceCheckUtils]: 104: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,715 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {27153#true} {27154#false} #1637#return; {27154#false} is VALID [2022-02-20 17:54:00,715 INFO L272 TraceCheckUtils]: 106: Hoare triple {27154#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {27262#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:54:00,715 INFO L290 TraceCheckUtils]: 107: Hoare triple {27262#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,715 INFO L290 TraceCheckUtils]: 108: Hoare triple {27153#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,716 INFO L290 TraceCheckUtils]: 109: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,716 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {27153#true} {27154#false} #1639#return; {27154#false} is VALID [2022-02-20 17:54:00,716 INFO L290 TraceCheckUtils]: 111: Hoare triple {27154#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {27154#false} is VALID [2022-02-20 17:54:00,716 INFO L290 TraceCheckUtils]: 112: Hoare triple {27154#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {27154#false} is VALID [2022-02-20 17:54:00,716 INFO L272 TraceCheckUtils]: 113: Hoare triple {27154#false} call outgoing(~sender#1, ~email~0#1); {27154#false} is VALID [2022-02-20 17:54:00,716 INFO L290 TraceCheckUtils]: 114: Hoare triple {27154#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {27154#false} is VALID [2022-02-20 17:54:00,716 INFO L290 TraceCheckUtils]: 115: Hoare triple {27154#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {27154#false} is VALID [2022-02-20 17:54:00,716 INFO L272 TraceCheckUtils]: 116: Hoare triple {27154#false} call outgoing__before__Sign(~client#1, ~msg#1); {27154#false} is VALID [2022-02-20 17:54:00,716 INFO L290 TraceCheckUtils]: 117: Hoare triple {27154#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {27154#false} is VALID [2022-02-20 17:54:00,716 INFO L290 TraceCheckUtils]: 118: Hoare triple {27154#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {27154#false} is VALID [2022-02-20 17:54:00,717 INFO L272 TraceCheckUtils]: 119: Hoare triple {27154#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {27154#false} is VALID [2022-02-20 17:54:00,717 INFO L290 TraceCheckUtils]: 120: Hoare triple {27154#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {27154#false} is VALID [2022-02-20 17:54:00,717 INFO L290 TraceCheckUtils]: 121: Hoare triple {27154#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {27154#false} is VALID [2022-02-20 17:54:00,717 INFO L272 TraceCheckUtils]: 122: Hoare triple {27154#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {27154#false} is VALID [2022-02-20 17:54:00,717 INFO L290 TraceCheckUtils]: 123: Hoare triple {27154#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {27154#false} is VALID [2022-02-20 17:54:00,717 INFO L290 TraceCheckUtils]: 124: Hoare triple {27154#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {27154#false} is VALID [2022-02-20 17:54:00,717 INFO L290 TraceCheckUtils]: 125: Hoare triple {27154#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {27154#false} is VALID [2022-02-20 17:54:00,717 INFO L272 TraceCheckUtils]: 126: Hoare triple {27154#false} call setEmailFrom(~msg#1, ~tmp~2#1); {27261#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:54:00,717 INFO L290 TraceCheckUtils]: 127: Hoare triple {27261#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,717 INFO L290 TraceCheckUtils]: 128: Hoare triple {27153#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,718 INFO L290 TraceCheckUtils]: 129: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,718 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {27153#true} {27154#false} #1649#return; {27154#false} is VALID [2022-02-20 17:54:00,718 INFO L290 TraceCheckUtils]: 131: Hoare triple {27154#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {27154#false} is VALID [2022-02-20 17:54:00,718 INFO L272 TraceCheckUtils]: 132: Hoare triple {27154#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {27153#true} is VALID [2022-02-20 17:54:00,718 INFO L290 TraceCheckUtils]: 133: Hoare triple {27153#true} ~handle := #in~handle;havoc ~retValue_acc~28; {27153#true} is VALID [2022-02-20 17:54:00,718 INFO L290 TraceCheckUtils]: 134: Hoare triple {27153#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {27153#true} is VALID [2022-02-20 17:54:00,718 INFO L290 TraceCheckUtils]: 135: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,718 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {27153#true} {27154#false} #1651#return; {27154#false} is VALID [2022-02-20 17:54:00,718 INFO L290 TraceCheckUtils]: 137: Hoare triple {27154#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {27154#false} is VALID [2022-02-20 17:54:00,718 INFO L290 TraceCheckUtils]: 138: Hoare triple {27154#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {27154#false} is VALID [2022-02-20 17:54:00,719 INFO L272 TraceCheckUtils]: 139: Hoare triple {27154#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {27154#false} is VALID [2022-02-20 17:54:00,719 INFO L290 TraceCheckUtils]: 140: Hoare triple {27154#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {27154#false} is VALID [2022-02-20 17:54:00,719 INFO L290 TraceCheckUtils]: 141: Hoare triple {27154#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {27154#false} is VALID [2022-02-20 17:54:00,719 INFO L272 TraceCheckUtils]: 142: Hoare triple {27154#false} call incoming__before__Verify(~client#1, ~msg#1); {27154#false} is VALID [2022-02-20 17:54:00,719 INFO L290 TraceCheckUtils]: 143: Hoare triple {27154#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {27154#false} is VALID [2022-02-20 17:54:00,719 INFO L290 TraceCheckUtils]: 144: Hoare triple {27154#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {27154#false} is VALID [2022-02-20 17:54:00,719 INFO L272 TraceCheckUtils]: 145: Hoare triple {27154#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {27263#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} is VALID [2022-02-20 17:54:00,719 INFO L290 TraceCheckUtils]: 146: Hoare triple {27263#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {27153#true} is VALID [2022-02-20 17:54:00,719 INFO L290 TraceCheckUtils]: 147: Hoare triple {27153#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {27153#true} is VALID [2022-02-20 17:54:00,719 INFO L272 TraceCheckUtils]: 148: Hoare triple {27153#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {27153#true} is VALID [2022-02-20 17:54:00,720 INFO L290 TraceCheckUtils]: 149: Hoare triple {27153#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {27153#true} is VALID [2022-02-20 17:54:00,720 INFO L290 TraceCheckUtils]: 150: Hoare triple {27153#true} assume { :end_inline_deliver } true; {27153#true} is VALID [2022-02-20 17:54:00,720 INFO L290 TraceCheckUtils]: 151: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,720 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {27153#true} {27153#true} #1717#return; {27153#true} is VALID [2022-02-20 17:54:00,720 INFO L290 TraceCheckUtils]: 153: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,720 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {27153#true} {27154#false} #1671#return; {27154#false} is VALID [2022-02-20 17:54:00,720 INFO L290 TraceCheckUtils]: 155: Hoare triple {27154#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {27154#false} is VALID [2022-02-20 17:54:00,720 INFO L290 TraceCheckUtils]: 156: Hoare triple {27154#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {27154#false} is VALID [2022-02-20 17:54:00,720 INFO L290 TraceCheckUtils]: 157: Hoare triple {27154#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {27154#false} is VALID [2022-02-20 17:54:00,721 INFO L290 TraceCheckUtils]: 158: Hoare triple {27154#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {27154#false} is VALID [2022-02-20 17:54:00,721 INFO L272 TraceCheckUtils]: 159: Hoare triple {27154#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {27262#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:54:00,721 INFO L290 TraceCheckUtils]: 160: Hoare triple {27262#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27153#true} is VALID [2022-02-20 17:54:00,721 INFO L290 TraceCheckUtils]: 161: Hoare triple {27153#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27153#true} is VALID [2022-02-20 17:54:00,721 INFO L290 TraceCheckUtils]: 162: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,721 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {27153#true} {27154#false} #1673#return; {27154#false} is VALID [2022-02-20 17:54:00,721 INFO L290 TraceCheckUtils]: 164: Hoare triple {27154#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {27154#false} is VALID [2022-02-20 17:54:00,721 INFO L272 TraceCheckUtils]: 165: Hoare triple {27154#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {27153#true} is VALID [2022-02-20 17:54:00,721 INFO L290 TraceCheckUtils]: 166: Hoare triple {27153#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {27153#true} is VALID [2022-02-20 17:54:00,721 INFO L290 TraceCheckUtils]: 167: Hoare triple {27153#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {27153#true} is VALID [2022-02-20 17:54:00,722 INFO L272 TraceCheckUtils]: 168: Hoare triple {27153#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {27153#true} is VALID [2022-02-20 17:54:00,722 INFO L290 TraceCheckUtils]: 169: Hoare triple {27153#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {27153#true} is VALID [2022-02-20 17:54:00,722 INFO L290 TraceCheckUtils]: 170: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,722 INFO L284 TraceCheckUtils]: 171: Hoare quadruple {27153#true} {27153#true} #1797#return; {27153#true} is VALID [2022-02-20 17:54:00,722 INFO L290 TraceCheckUtils]: 172: Hoare triple {27153#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {27153#true} is VALID [2022-02-20 17:54:00,722 INFO L290 TraceCheckUtils]: 173: Hoare triple {27153#true} assume true; {27153#true} is VALID [2022-02-20 17:54:00,722 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {27153#true} {27154#false} #1675#return; {27154#false} is VALID [2022-02-20 17:54:00,722 INFO L290 TraceCheckUtils]: 175: Hoare triple {27154#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {27154#false} is VALID [2022-02-20 17:54:00,722 INFO L290 TraceCheckUtils]: 176: Hoare triple {27154#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {27154#false} is VALID [2022-02-20 17:54:00,722 INFO L290 TraceCheckUtils]: 177: Hoare triple {27154#false} assume !false; {27154#false} is VALID [2022-02-20 17:54:00,723 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:54:00,724 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:54:00,724 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1478040638] [2022-02-20 17:54:00,724 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1478040638] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:54:00,724 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:54:00,724 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 17:54:00,724 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1006519892] [2022-02-20 17:54:00,724 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:54:00,725 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 10.2) internal successors, (102), 7 states have internal predecessors, (102), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 178 [2022-02-20 17:54:00,726 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:54:00,727 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 10.2) internal successors, (102), 7 states have internal predecessors, (102), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:54:00,811 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 155 edges. 155 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:54:00,811 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 17:54:00,811 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:54:00,811 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 17:54:00,812 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=90, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:54:00,812 INFO L87 Difference]: Start difference. First operand 1137 states and 1686 transitions. Second operand has 11 states, 10 states have (on average 10.2) internal successors, (102), 7 states have internal predecessors, (102), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:54:14,187 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:54:14,188 INFO L93 Difference]: Finished difference Result 2555 states and 4025 transitions. [2022-02-20 17:54:14,188 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2022-02-20 17:54:14,188 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 10.2) internal successors, (102), 7 states have internal predecessors, (102), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 178 [2022-02-20 17:54:14,188 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:54:14,188 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 10.2) internal successors, (102), 7 states have internal predecessors, (102), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:54:14,215 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 16 states to 16 states and 2023 transitions. [2022-02-20 17:54:14,216 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 10.2) internal successors, (102), 7 states have internal predecessors, (102), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:54:14,234 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 16 states to 16 states and 2023 transitions. [2022-02-20 17:54:14,235 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states and 2023 transitions. [2022-02-20 17:54:15,942 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 2023 edges. 2023 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:54:16,065 INFO L225 Difference]: With dead ends: 2555 [2022-02-20 17:54:16,065 INFO L226 Difference]: Without dead ends: 1544 [2022-02-20 17:54:16,072 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 69 GetRequests, 48 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=117, Invalid=389, Unknown=0, NotChecked=0, Total=506 [2022-02-20 17:54:16,074 INFO L933 BasicCegarLoop]: 882 mSDtfsCounter, 2009 mSDsluCounter, 1782 mSDsCounter, 0 mSdLazyCounter, 4659 mSolverCounterSat, 926 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 6.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2037 SdHoareTripleChecker+Valid, 2664 SdHoareTripleChecker+Invalid, 5585 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 926 IncrementalHoareTripleChecker+Valid, 4659 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 6.3s IncrementalHoareTripleChecker+Time [2022-02-20 17:54:16,074 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2037 Valid, 2664 Invalid, 5585 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [926 Valid, 4659 Invalid, 0 Unknown, 0 Unchecked, 6.3s Time] [2022-02-20 17:54:16,076 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1544 states. [2022-02-20 17:54:16,162 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1544 to 1153. [2022-02-20 17:54:16,162 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:54:16,164 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1544 states. Second operand has 1153 states, 858 states have (on average 1.4953379953379953) internal successors, (1283), 895 states have internal predecessors, (1283), 200 states have call successors, (200), 86 states have call predecessors, (200), 94 states have return successors, (224), 203 states have call predecessors, (224), 198 states have call successors, (224) [2022-02-20 17:54:16,165 INFO L74 IsIncluded]: Start isIncluded. First operand 1544 states. Second operand has 1153 states, 858 states have (on average 1.4953379953379953) internal successors, (1283), 895 states have internal predecessors, (1283), 200 states have call successors, (200), 86 states have call predecessors, (200), 94 states have return successors, (224), 203 states have call predecessors, (224), 198 states have call successors, (224) [2022-02-20 17:54:16,167 INFO L87 Difference]: Start difference. First operand 1544 states. Second operand has 1153 states, 858 states have (on average 1.4953379953379953) internal successors, (1283), 895 states have internal predecessors, (1283), 200 states have call successors, (200), 86 states have call predecessors, (200), 94 states have return successors, (224), 203 states have call predecessors, (224), 198 states have call successors, (224) [2022-02-20 17:54:16,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:54:16,260 INFO L93 Difference]: Finished difference Result 1544 states and 2508 transitions. [2022-02-20 17:54:16,260 INFO L276 IsEmpty]: Start isEmpty. Operand 1544 states and 2508 transitions. [2022-02-20 17:54:16,265 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:54:16,266 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:54:16,267 INFO L74 IsIncluded]: Start isIncluded. First operand has 1153 states, 858 states have (on average 1.4953379953379953) internal successors, (1283), 895 states have internal predecessors, (1283), 200 states have call successors, (200), 86 states have call predecessors, (200), 94 states have return successors, (224), 203 states have call predecessors, (224), 198 states have call successors, (224) Second operand 1544 states. [2022-02-20 17:54:16,269 INFO L87 Difference]: Start difference. First operand has 1153 states, 858 states have (on average 1.4953379953379953) internal successors, (1283), 895 states have internal predecessors, (1283), 200 states have call successors, (200), 86 states have call predecessors, (200), 94 states have return successors, (224), 203 states have call predecessors, (224), 198 states have call successors, (224) Second operand 1544 states. [2022-02-20 17:54:16,358 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:54:16,359 INFO L93 Difference]: Finished difference Result 1544 states and 2508 transitions. [2022-02-20 17:54:16,359 INFO L276 IsEmpty]: Start isEmpty. Operand 1544 states and 2508 transitions. [2022-02-20 17:54:16,363 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:54:16,364 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:54:16,364 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:54:16,364 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:54:16,366 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1153 states, 858 states have (on average 1.4953379953379953) internal successors, (1283), 895 states have internal predecessors, (1283), 200 states have call successors, (200), 86 states have call predecessors, (200), 94 states have return successors, (224), 203 states have call predecessors, (224), 198 states have call successors, (224) [2022-02-20 17:54:16,432 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1153 states to 1153 states and 1707 transitions. [2022-02-20 17:54:16,432 INFO L78 Accepts]: Start accepts. Automaton has 1153 states and 1707 transitions. Word has length 178 [2022-02-20 17:54:16,433 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:54:16,433 INFO L470 AbstractCegarLoop]: Abstraction has 1153 states and 1707 transitions. [2022-02-20 17:54:16,433 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 10.2) internal successors, (102), 7 states have internal predecessors, (102), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:54:16,433 INFO L276 IsEmpty]: Start isEmpty. Operand 1153 states and 1707 transitions. [2022-02-20 17:54:16,436 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 180 [2022-02-20 17:54:16,436 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:54:16,436 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:54:16,436 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:54:16,437 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__VerifyErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:54:16,437 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:54:16,437 INFO L85 PathProgramCache]: Analyzing trace with hash -633321864, now seen corresponding path program 2 times [2022-02-20 17:54:16,437 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:54:16,437 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [709732930] [2022-02-20 17:54:16,437 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:54:16,437 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:54:16,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,510 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:54:16,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,514 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,514 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,514 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1721#return; {35501#true} is VALID [2022-02-20 17:54:16,514 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:54:16,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,517 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,518 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1723#return; {35501#true} is VALID [2022-02-20 17:54:16,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:54:16,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,522 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,522 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,522 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1725#return; {35501#true} is VALID [2022-02-20 17:54:16,522 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:54:16,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,525 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,525 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,525 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1727#return; {35501#true} is VALID [2022-02-20 17:54:16,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:54:16,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,528 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,528 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,529 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1729#return; {35501#true} is VALID [2022-02-20 17:54:16,529 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:54:16,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,532 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,532 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1731#return; {35501#true} is VALID [2022-02-20 17:54:16,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:54:16,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,537 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,537 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1733#return; {35501#true} is VALID [2022-02-20 17:54:16,537 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:54:16,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,540 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,540 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,541 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1735#return; {35501#true} is VALID [2022-02-20 17:54:16,545 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:54:16,546 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:54:16,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,551 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,551 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,551 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35501#true} {35501#true} #1719#return; {35501#true} is VALID [2022-02-20 17:54:16,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {35501#true} is VALID [2022-02-20 17:54:16,552 INFO L272 TraceCheckUtils]: 1: Hoare triple {35501#true} call setClientId(~bob___0, ~bob___0); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,552 INFO L290 TraceCheckUtils]: 2: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,552 INFO L290 TraceCheckUtils]: 3: Hoare triple {35501#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,552 INFO L290 TraceCheckUtils]: 4: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,552 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {35501#true} {35501#true} #1719#return; {35501#true} is VALID [2022-02-20 17:54:16,552 INFO L290 TraceCheckUtils]: 6: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,553 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {35501#true} {35501#true} #1741#return; {35501#true} is VALID [2022-02-20 17:54:16,553 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:54:16,554 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,556 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:54:16,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,558 INFO L290 TraceCheckUtils]: 0: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,558 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume !(1 == ~handle); {35501#true} is VALID [2022-02-20 17:54:16,559 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,559 INFO L290 TraceCheckUtils]: 3: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,559 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {35501#true} {35501#true} #1669#return; {35501#true} is VALID [2022-02-20 17:54:16,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {35501#true} is VALID [2022-02-20 17:54:16,560 INFO L272 TraceCheckUtils]: 1: Hoare triple {35501#true} call setClientId(~rjh___0, ~rjh___0); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,560 INFO L290 TraceCheckUtils]: 2: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,560 INFO L290 TraceCheckUtils]: 3: Hoare triple {35501#true} assume !(1 == ~handle); {35501#true} is VALID [2022-02-20 17:54:16,560 INFO L290 TraceCheckUtils]: 4: Hoare triple {35501#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,560 INFO L290 TraceCheckUtils]: 5: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,560 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {35501#true} {35501#true} #1669#return; {35501#true} is VALID [2022-02-20 17:54:16,560 INFO L290 TraceCheckUtils]: 7: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,560 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {35501#true} {35501#true} #1747#return; {35501#true} is VALID [2022-02-20 17:54:16,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:54:16,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,575 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:54:16,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,595 INFO L290 TraceCheckUtils]: 0: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35609#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,595 INFO L290 TraceCheckUtils]: 1: Hoare triple {35609#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {35609#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,595 INFO L290 TraceCheckUtils]: 2: Hoare triple {35609#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35610#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,596 INFO L290 TraceCheckUtils]: 3: Hoare triple {35610#(= 2 |setClientId_#in~handle|)} assume true; {35610#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,596 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {35610#(= 2 |setClientId_#in~handle|)} {35602#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:16,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {35602#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:16,597 INFO L272 TraceCheckUtils]: 1: Hoare triple {35602#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35609#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,605 INFO L290 TraceCheckUtils]: 3: Hoare triple {35609#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {35609#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,606 INFO L290 TraceCheckUtils]: 4: Hoare triple {35609#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35610#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,606 INFO L290 TraceCheckUtils]: 5: Hoare triple {35610#(= 2 |setClientId_#in~handle|)} assume true; {35610#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,607 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {35610#(= 2 |setClientId_#in~handle|)} {35602#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:16,607 INFO L290 TraceCheckUtils]: 7: Hoare triple {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} assume true; {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:16,607 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} {35544#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #1753#return; {35502#false} is VALID [2022-02-20 17:54:16,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:54:16,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {35611#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35501#true} {35502#false} #1637#return; {35502#false} is VALID [2022-02-20 17:54:16,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 17:54:16,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {35612#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,628 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35501#true} {35502#false} #1639#return; {35502#false} is VALID [2022-02-20 17:54:16,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:54:16,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {35611#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,630 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35501#true} {35502#false} #1649#return; {35502#false} is VALID [2022-02-20 17:54:16,630 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 17:54:16,631 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,632 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} ~handle := #in~handle;havoc ~retValue_acc~28; {35501#true} is VALID [2022-02-20 17:54:16,632 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {35501#true} is VALID [2022-02-20 17:54:16,633 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,633 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35501#true} {35502#false} #1651#return; {35502#false} is VALID [2022-02-20 17:54:16,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 146 [2022-02-20 17:54:16,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:54:16,650 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume { :end_inline_deliver } true; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35501#true} {35501#true} #1717#return; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {35613#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L272 TraceCheckUtils]: 2: Hoare triple {35501#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 3: Hoare triple {35501#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 4: Hoare triple {35501#true} assume { :end_inline_deliver } true; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 5: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {35501#true} {35501#true} #1717#return; {35501#true} is VALID [2022-02-20 17:54:16,652 INFO L290 TraceCheckUtils]: 7: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,653 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {35501#true} {35502#false} #1671#return; {35502#false} is VALID [2022-02-20 17:54:16,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-02-20 17:54:16,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {35612#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,655 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,655 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,655 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35501#true} {35502#false} #1673#return; {35502#false} is VALID [2022-02-20 17:54:16,655 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 166 [2022-02-20 17:54:16,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:54:16,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:54:16,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {35501#true} is VALID [2022-02-20 17:54:16,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,660 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35501#true} {35501#true} #1797#return; {35501#true} is VALID [2022-02-20 17:54:16,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {35501#true} is VALID [2022-02-20 17:54:16,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L272 TraceCheckUtils]: 2: Hoare triple {35501#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 3: Hoare triple {35501#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 4: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {35501#true} {35501#true} #1797#return; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 6: Hoare triple {35501#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 7: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {35501#true} {35502#false} #1675#return; {35502#false} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {35501#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(16, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(21, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);call #Ultimate.allocInit(30, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(25, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {35501#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~36#1, main_~tmp~16#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {35501#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L272 TraceCheckUtils]: 3: Hoare triple {35501#true} call select_features_#t~ret5#1 := select_one(); {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 4: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L290 TraceCheckUtils]: 5: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,661 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {35501#true} {35501#true} #1721#return; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 7: Hoare triple {35501#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L272 TraceCheckUtils]: 8: Hoare triple {35501#true} call select_features_#t~ret6#1 := select_one(); {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 9: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 10: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {35501#true} {35501#true} #1723#return; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 12: Hoare triple {35501#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L272 TraceCheckUtils]: 13: Hoare triple {35501#true} call select_features_#t~ret7#1 := select_one(); {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 14: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 15: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {35501#true} {35501#true} #1725#return; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 17: Hoare triple {35501#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L272 TraceCheckUtils]: 18: Hoare triple {35501#true} call select_features_#t~ret8#1 := select_one(); {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 19: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 20: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {35501#true} {35501#true} #1727#return; {35501#true} is VALID [2022-02-20 17:54:16,662 INFO L290 TraceCheckUtils]: 22: Hoare triple {35501#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L272 TraceCheckUtils]: 23: Hoare triple {35501#true} call select_features_#t~ret9#1 := select_one(); {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 24: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 25: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {35501#true} {35501#true} #1729#return; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 27: Hoare triple {35501#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L272 TraceCheckUtils]: 28: Hoare triple {35501#true} call select_features_#t~ret10#1 := select_one(); {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 29: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 30: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {35501#true} {35501#true} #1731#return; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 32: Hoare triple {35501#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1;~__SELECTED_FEATURE_Forward~0 := 1; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L272 TraceCheckUtils]: 33: Hoare triple {35501#true} call select_features_#t~ret11#1 := select_one(); {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 34: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 35: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {35501#true} {35501#true} #1733#return; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L290 TraceCheckUtils]: 37: Hoare triple {35501#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {35501#true} is VALID [2022-02-20 17:54:16,663 INFO L272 TraceCheckUtils]: 38: Hoare triple {35501#true} call select_features_#t~ret12#1 := select_one(); {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 39: Hoare triple {35501#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 40: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {35501#true} {35501#true} #1735#return; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 42: Hoare triple {35501#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 43: Hoare triple {35501#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 44: Hoare triple {35501#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 45: Hoare triple {35501#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 46: Hoare triple {35501#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 47: Hoare triple {35501#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 48: Hoare triple {35501#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 49: Hoare triple {35501#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 50: Hoare triple {35501#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 51: Hoare triple {35501#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 52: Hoare triple {35501#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 53: Hoare triple {35501#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {35501#true} is VALID [2022-02-20 17:54:16,664 INFO L290 TraceCheckUtils]: 54: Hoare triple {35501#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {35501#true} is VALID [2022-02-20 17:54:16,665 INFO L272 TraceCheckUtils]: 55: Hoare triple {35501#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,665 INFO L290 TraceCheckUtils]: 56: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {35501#true} is VALID [2022-02-20 17:54:16,666 INFO L272 TraceCheckUtils]: 57: Hoare triple {35501#true} call setClientId(~bob___0, ~bob___0); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,666 INFO L290 TraceCheckUtils]: 58: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,666 INFO L290 TraceCheckUtils]: 59: Hoare triple {35501#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,666 INFO L290 TraceCheckUtils]: 60: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,666 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {35501#true} {35501#true} #1719#return; {35501#true} is VALID [2022-02-20 17:54:16,666 INFO L290 TraceCheckUtils]: 62: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,666 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {35501#true} {35501#true} #1741#return; {35501#true} is VALID [2022-02-20 17:54:16,666 INFO L290 TraceCheckUtils]: 64: Hoare triple {35501#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {35501#true} is VALID [2022-02-20 17:54:16,666 INFO L290 TraceCheckUtils]: 65: Hoare triple {35501#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {35501#true} is VALID [2022-02-20 17:54:16,667 INFO L272 TraceCheckUtils]: 66: Hoare triple {35501#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,667 INFO L290 TraceCheckUtils]: 67: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {35501#true} is VALID [2022-02-20 17:54:16,667 INFO L272 TraceCheckUtils]: 68: Hoare triple {35501#true} call setClientId(~rjh___0, ~rjh___0); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,667 INFO L290 TraceCheckUtils]: 69: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,668 INFO L290 TraceCheckUtils]: 70: Hoare triple {35501#true} assume !(1 == ~handle); {35501#true} is VALID [2022-02-20 17:54:16,668 INFO L290 TraceCheckUtils]: 71: Hoare triple {35501#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,668 INFO L290 TraceCheckUtils]: 72: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,668 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {35501#true} {35501#true} #1669#return; {35501#true} is VALID [2022-02-20 17:54:16,668 INFO L290 TraceCheckUtils]: 74: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,668 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {35501#true} {35501#true} #1747#return; {35501#true} is VALID [2022-02-20 17:54:16,668 INFO L290 TraceCheckUtils]: 76: Hoare triple {35501#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {35544#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:54:16,669 INFO L290 TraceCheckUtils]: 77: Hoare triple {35544#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {35544#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:54:16,669 INFO L272 TraceCheckUtils]: 78: Hoare triple {35544#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,669 INFO L290 TraceCheckUtils]: 79: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {35602#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:16,670 INFO L272 TraceCheckUtils]: 80: Hoare triple {35602#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:54:16,670 INFO L290 TraceCheckUtils]: 81: Hoare triple {35592#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35609#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,671 INFO L290 TraceCheckUtils]: 82: Hoare triple {35609#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {35609#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,671 INFO L290 TraceCheckUtils]: 83: Hoare triple {35609#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35610#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,671 INFO L290 TraceCheckUtils]: 84: Hoare triple {35610#(= 2 |setClientId_#in~handle|)} assume true; {35610#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:54:16,672 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {35610#(= 2 |setClientId_#in~handle|)} {35602#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:16,672 INFO L290 TraceCheckUtils]: 86: Hoare triple {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} assume true; {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:54:16,672 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {35608#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} {35544#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #1753#return; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 88: Hoare triple {35502#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet54#1; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 89: Hoare triple {35502#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~18#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~18#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 90: Hoare triple {35502#false} assume !false; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 91: Hoare triple {35502#false} assume test_~splverifierCounter~0#1 < 4; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 92: Hoare triple {35502#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 93: Hoare triple {35502#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 94: Hoare triple {35502#false} assume 0 != test_~tmp___9~0#1; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 95: Hoare triple {35502#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 96: Hoare triple {35502#false} test_~op1~0#1 := 1; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 97: Hoare triple {35502#false} assume !false; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 98: Hoare triple {35502#false} assume !(test_~splverifierCounter~0#1 < 4); {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 99: Hoare triple {35502#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret47#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L272 TraceCheckUtils]: 100: Hoare triple {35502#false} call sendEmail(~bob~0, ~rjh~0); {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 101: Hoare triple {35502#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {35502#false} is VALID [2022-02-20 17:54:16,673 INFO L272 TraceCheckUtils]: 102: Hoare triple {35502#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {35611#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:54:16,673 INFO L290 TraceCheckUtils]: 103: Hoare triple {35611#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 104: Hoare triple {35501#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 105: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,674 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {35501#true} {35502#false} #1637#return; {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L272 TraceCheckUtils]: 107: Hoare triple {35502#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {35612#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 108: Hoare triple {35612#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 109: Hoare triple {35501#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 110: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,674 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {35501#true} {35502#false} #1639#return; {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 112: Hoare triple {35502#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 113: Hoare triple {35502#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L272 TraceCheckUtils]: 114: Hoare triple {35502#false} call outgoing(~sender#1, ~email~0#1); {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 115: Hoare triple {35502#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 116: Hoare triple {35502#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L272 TraceCheckUtils]: 117: Hoare triple {35502#false} call outgoing__before__Sign(~client#1, ~msg#1); {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 118: Hoare triple {35502#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35502#false} is VALID [2022-02-20 17:54:16,674 INFO L290 TraceCheckUtils]: 119: Hoare triple {35502#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L272 TraceCheckUtils]: 120: Hoare triple {35502#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 121: Hoare triple {35502#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 122: Hoare triple {35502#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L272 TraceCheckUtils]: 123: Hoare triple {35502#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 124: Hoare triple {35502#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 125: Hoare triple {35502#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 126: Hoare triple {35502#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L272 TraceCheckUtils]: 127: Hoare triple {35502#false} call setEmailFrom(~msg#1, ~tmp~2#1); {35611#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 128: Hoare triple {35611#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 129: Hoare triple {35501#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 130: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,675 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {35501#true} {35502#false} #1649#return; {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 132: Hoare triple {35502#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {35502#false} is VALID [2022-02-20 17:54:16,675 INFO L272 TraceCheckUtils]: 133: Hoare triple {35502#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {35501#true} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 134: Hoare triple {35501#true} ~handle := #in~handle;havoc ~retValue_acc~28; {35501#true} is VALID [2022-02-20 17:54:16,675 INFO L290 TraceCheckUtils]: 135: Hoare triple {35501#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {35501#true} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 136: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,676 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {35501#true} {35502#false} #1651#return; {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 138: Hoare triple {35502#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 139: Hoare triple {35502#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L272 TraceCheckUtils]: 140: Hoare triple {35502#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 141: Hoare triple {35502#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 142: Hoare triple {35502#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L272 TraceCheckUtils]: 143: Hoare triple {35502#false} call incoming__before__Verify(~client#1, ~msg#1); {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 144: Hoare triple {35502#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 145: Hoare triple {35502#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {35502#false} is VALID [2022-02-20 17:54:16,676 INFO L272 TraceCheckUtils]: 146: Hoare triple {35502#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {35613#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 147: Hoare triple {35613#(and (= ~queued_message~0 |old(~queued_message~0)|) (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|) (= |old(~queue_empty~0)| ~queue_empty~0) (= ~queued_client~0 |old(~queued_client~0)|))} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35501#true} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 148: Hoare triple {35501#true} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {35501#true} is VALID [2022-02-20 17:54:16,676 INFO L272 TraceCheckUtils]: 149: Hoare triple {35501#true} call incoming__before__AutoResponder(~client#1, ~msg#1); {35501#true} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 150: Hoare triple {35501#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {35501#true} is VALID [2022-02-20 17:54:16,676 INFO L290 TraceCheckUtils]: 151: Hoare triple {35501#true} assume { :end_inline_deliver } true; {35501#true} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 152: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,677 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {35501#true} {35501#true} #1717#return; {35501#true} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 154: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,677 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {35501#true} {35502#false} #1671#return; {35502#false} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 156: Hoare triple {35502#false} assume { :begin_inline_getClientForwardReceiver } true;getClientForwardReceiver_#in~handle#1 := incoming__role__Forward_~client#1;havoc getClientForwardReceiver_#res#1;havoc getClientForwardReceiver_~handle#1, getClientForwardReceiver_~retValue_acc~23#1;getClientForwardReceiver_~handle#1 := getClientForwardReceiver_#in~handle#1;havoc getClientForwardReceiver_~retValue_acc~23#1; {35502#false} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 157: Hoare triple {35502#false} assume 1 == getClientForwardReceiver_~handle#1;getClientForwardReceiver_~retValue_acc~23#1 := ~__ste_client_forwardReceiver0~0;getClientForwardReceiver_#res#1 := getClientForwardReceiver_~retValue_acc~23#1; {35502#false} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 158: Hoare triple {35502#false} incoming__role__Forward_#t~ret26#1 := getClientForwardReceiver_#res#1;assume { :end_inline_getClientForwardReceiver } true;assume -2147483648 <= incoming__role__Forward_#t~ret26#1 && incoming__role__Forward_#t~ret26#1 <= 2147483647;incoming__role__Forward_~tmp~6#1 := incoming__role__Forward_#t~ret26#1;havoc incoming__role__Forward_#t~ret26#1;incoming__role__Forward_~fwreceiver~0#1 := incoming__role__Forward_~tmp~6#1; {35502#false} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 159: Hoare triple {35502#false} assume 0 != incoming__role__Forward_~fwreceiver~0#1; {35502#false} is VALID [2022-02-20 17:54:16,677 INFO L272 TraceCheckUtils]: 160: Hoare triple {35502#false} call setEmailTo(incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1); {35612#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 161: Hoare triple {35612#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {35501#true} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 162: Hoare triple {35501#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35501#true} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 163: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,677 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {35501#true} {35502#false} #1673#return; {35502#false} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 165: Hoare triple {35502#false} assume { :begin_inline_forward } true;forward_#in~client#1, forward_#in~msg#1 := incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1;havoc forward_#t~ret37#1, forward_~client#1, forward_~msg#1, forward_~__utac__ad__arg1~0#1;forward_~client#1 := forward_#in~client#1;forward_~msg#1 := forward_#in~msg#1;havoc forward_~__utac__ad__arg1~0#1;forward_~__utac__ad__arg1~0#1 := forward_~msg#1;assume { :begin_inline___utac_acc__DecryptForward_spec__1 } true;__utac_acc__DecryptForward_spec__1_#in~msg#1 := forward_~__utac__ad__arg1~0#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1, __utac_acc__DecryptForward_spec__1_#t~ret79#1, __utac_acc__DecryptForward_spec__1_~msg#1, __utac_acc__DecryptForward_spec__1_~tmp~19#1;__utac_acc__DecryptForward_spec__1_~msg#1 := __utac_acc__DecryptForward_spec__1_#in~msg#1;havoc __utac_acc__DecryptForward_spec__1_~tmp~19#1;call __utac_acc__DecryptForward_spec__1_#t~ret78#1 := puts(20, 0);assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret78#1 && __utac_acc__DecryptForward_spec__1_#t~ret78#1 <= 2147483647;havoc __utac_acc__DecryptForward_spec__1_#t~ret78#1; {35502#false} is VALID [2022-02-20 17:54:16,677 INFO L272 TraceCheckUtils]: 166: Hoare triple {35502#false} call __utac_acc__DecryptForward_spec__1_#t~ret79#1 := isReadable(__utac_acc__DecryptForward_spec__1_~msg#1); {35501#true} is VALID [2022-02-20 17:54:16,677 INFO L290 TraceCheckUtils]: 167: Hoare triple {35501#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~39#1; {35501#true} is VALID [2022-02-20 17:54:16,678 INFO L290 TraceCheckUtils]: 168: Hoare triple {35501#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {35501#true} is VALID [2022-02-20 17:54:16,678 INFO L272 TraceCheckUtils]: 169: Hoare triple {35501#true} call #t~ret101#1 := isReadable__before__Encrypt(~msg#1); {35501#true} is VALID [2022-02-20 17:54:16,678 INFO L290 TraceCheckUtils]: 170: Hoare triple {35501#true} ~msg := #in~msg;havoc ~retValue_acc~37;~retValue_acc~37 := 1;#res := ~retValue_acc~37; {35501#true} is VALID [2022-02-20 17:54:16,678 INFO L290 TraceCheckUtils]: 171: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,678 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {35501#true} {35501#true} #1797#return; {35501#true} is VALID [2022-02-20 17:54:16,678 INFO L290 TraceCheckUtils]: 173: Hoare triple {35501#true} assume -2147483648 <= #t~ret101#1 && #t~ret101#1 <= 2147483647;~retValue_acc~39#1 := #t~ret101#1;havoc #t~ret101#1;#res#1 := ~retValue_acc~39#1; {35501#true} is VALID [2022-02-20 17:54:16,678 INFO L290 TraceCheckUtils]: 174: Hoare triple {35501#true} assume true; {35501#true} is VALID [2022-02-20 17:54:16,678 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {35501#true} {35502#false} #1675#return; {35502#false} is VALID [2022-02-20 17:54:16,678 INFO L290 TraceCheckUtils]: 176: Hoare triple {35502#false} assume -2147483648 <= __utac_acc__DecryptForward_spec__1_#t~ret79#1 && __utac_acc__DecryptForward_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__DecryptForward_spec__1_~tmp~19#1 := __utac_acc__DecryptForward_spec__1_#t~ret79#1;havoc __utac_acc__DecryptForward_spec__1_#t~ret79#1; {35502#false} is VALID [2022-02-20 17:54:16,678 INFO L290 TraceCheckUtils]: 177: Hoare triple {35502#false} assume !(0 != __utac_acc__DecryptForward_spec__1_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {35502#false} is VALID [2022-02-20 17:54:16,678 INFO L290 TraceCheckUtils]: 178: Hoare triple {35502#false} assume !false; {35502#false} is VALID [2022-02-20 17:54:16,679 INFO L134 CoverageAnalysis]: Checked inductivity of 107 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:54:16,679 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:54:16,679 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [709732930] [2022-02-20 17:54:16,679 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [709732930] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:54:16,679 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:54:16,679 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 17:54:16,679 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1271184807] [2022-02-20 17:54:16,679 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:54:16,680 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 10.3) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 179 [2022-02-20 17:54:16,680 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:54:16,680 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 10.3) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:54:16,774 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 156 edges. 156 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:54:16,775 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 17:54:16,775 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:54:16,775 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 17:54:16,775 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=90, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:54:16,775 INFO L87 Difference]: Start difference. First operand 1153 states and 1707 transitions. Second operand has 11 states, 10 states have (on average 10.3) internal successors, (103), 7 states have internal predecessors, (103), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23)