./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec11_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec11_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1c5af94617941f44648ac9498189d5e73562b4cbf6ae0ea00b10262137b50bb0 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:54:56,625 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:54:56,626 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:54:56,659 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:54:56,661 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:54:56,665 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:54:56,667 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:54:56,671 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:54:56,672 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:54:56,673 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:54:56,674 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:54:56,676 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:54:56,676 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:54:56,681 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:54:56,682 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:54:56,683 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:54:56,684 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:54:56,686 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:54:56,687 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:54:56,688 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:54:56,688 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:54:56,692 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:54:56,693 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:54:56,693 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:54:56,695 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:54:56,698 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:54:56,698 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:54:56,699 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:54:56,700 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:54:56,700 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:54:56,701 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:54:56,701 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:54:56,702 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:54:56,703 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:54:56,703 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:54:56,704 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:54:56,705 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:54:56,705 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:54:56,705 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:54:56,706 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:54:56,706 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:54:56,707 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:54:56,728 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:54:56,728 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:54:56,729 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:54:56,729 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:54:56,730 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:54:56,730 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:54:56,730 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:54:56,730 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:54:56,730 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:54:56,731 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:54:56,731 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:54:56,731 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:54:56,732 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:54:56,732 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:54:56,732 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:54:56,732 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:54:56,732 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:54:56,732 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:54:56,732 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:54:56,732 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:54:56,733 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:54:56,733 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:54:56,733 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:54:56,733 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:54:56,733 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:54:56,733 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:54:56,733 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:54:56,735 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:54:56,735 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:54:56,735 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:54:56,735 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:54:56,735 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:54:56,735 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:54:56,736 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1c5af94617941f44648ac9498189d5e73562b4cbf6ae0ea00b10262137b50bb0 [2022-02-20 17:54:56,905 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:54:56,927 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:54:56,928 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:54:56,929 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:54:56,930 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:54:56,930 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec11_productSimulator.cil.c [2022-02-20 17:54:56,995 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4211eea24/ad39a4388b304ba7851384dd49fa431b/FLAGf35ba0b4d [2022-02-20 17:54:57,444 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:54:57,446 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_productSimulator.cil.c [2022-02-20 17:54:57,465 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4211eea24/ad39a4388b304ba7851384dd49fa431b/FLAGf35ba0b4d [2022-02-20 17:54:57,475 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4211eea24/ad39a4388b304ba7851384dd49fa431b [2022-02-20 17:54:57,477 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:54:57,478 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:54:57,479 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:54:57,479 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:54:57,481 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:54:57,482 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:54:57" (1/1) ... [2022-02-20 17:54:57,483 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@3d72b638 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:57, skipping insertion in model container [2022-02-20 17:54:57,483 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:54:57" (1/1) ... [2022-02-20 17:54:57,487 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:54:57,527 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:54:57,891 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_productSimulator.cil.c[48047,48060] [2022-02-20 17:54:57,944 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:54:57,951 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:54:58,017 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec11_productSimulator.cil.c[48047,48060] [2022-02-20 17:54:58,046 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:54:58,069 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:54:58,070 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58 WrapperNode [2022-02-20 17:54:58,070 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:54:58,070 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:54:58,071 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:54:58,071 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:54:58,075 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,104 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,187 INFO L137 Inliner]: procedures = 151, calls = 282, calls flagged for inlining = 67, calls inlined = 64, statements flattened = 1306 [2022-02-20 17:54:58,195 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:54:58,196 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:54:58,196 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:54:58,196 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:54:58,202 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,202 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,213 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,214 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,244 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,254 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,263 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,274 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:54:58,275 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:54:58,275 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:54:58,275 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:54:58,276 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (1/1) ... [2022-02-20 17:54:58,299 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:54:58,308 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:54:58,325 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:54:58,340 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:54:58,352 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:54:58,352 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:54:58,352 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 17:54:58,352 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 17:54:58,352 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 17:54:58,353 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 17:54:58,353 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:54:58,353 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:54:58,354 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:54:58,354 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:54:58,354 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:54:58,354 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:54:58,354 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:54:58,354 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:54:58,354 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 17:54:58,355 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 17:54:58,355 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:54:58,355 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:54:58,355 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 17:54:58,355 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 17:54:58,355 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:54:58,355 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:54:58,355 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:54:58,356 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:54:58,356 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:54:58,356 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:54:58,356 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 17:54:58,356 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 17:54:58,356 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 17:54:58,356 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 17:54:58,356 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:54:58,356 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:54:58,357 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:54:58,357 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:54:58,357 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:54:58,357 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:54:58,357 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:54:58,357 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 17:54:58,357 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 17:54:58,358 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:54:58,358 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:54:58,358 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 17:54:58,358 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 17:54:58,358 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:54:58,359 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:54:58,359 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 17:54:58,359 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 17:54:58,359 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:54:58,359 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:54:58,359 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:54:58,359 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:54:58,359 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:54:58,360 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 17:54:58,360 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 17:54:58,360 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 17:54:58,361 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 17:54:58,361 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 17:54:58,361 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 17:54:58,362 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:54:58,362 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:54:58,362 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:54:58,362 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:54:58,363 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:54:58,363 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:54:58,363 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:54:58,363 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:54:58,363 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:54:58,363 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:54:58,363 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:54:58,363 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:54:58,363 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:54:58,364 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:54:58,364 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 17:54:58,364 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 17:54:58,364 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 17:54:58,365 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 17:54:58,365 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:54:58,365 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:54:58,365 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:54:58,365 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:54:58,365 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:54:58,365 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:54:58,365 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:54:58,365 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 17:54:58,366 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 17:54:58,366 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 17:54:58,366 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 17:54:58,366 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:54:58,366 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:54:58,366 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:54:58,366 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:54:58,634 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:54:58,636 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:54:59,596 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:54:59,614 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:54:59,615 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:54:59,617 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:54:59 BoogieIcfgContainer [2022-02-20 17:54:59,618 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:54:59,619 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:54:59,619 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:54:59,621 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:54:59,622 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:54:57" (1/3) ... [2022-02-20 17:54:59,622 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@55138351 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:54:59, skipping insertion in model container [2022-02-20 17:54:59,622 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:54:58" (2/3) ... [2022-02-20 17:54:59,623 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@55138351 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:54:59, skipping insertion in model container [2022-02-20 17:54:59,623 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:54:59" (3/3) ... [2022-02-20 17:54:59,625 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec11_productSimulator.cil.c [2022-02-20 17:54:59,629 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:54:59,629 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:54:59,674 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:54:59,681 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:54:59,681 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:54:59,717 INFO L276 IsEmpty]: Start isEmpty. Operand has 600 states, 446 states have (on average 1.515695067264574) internal successors, (676), 466 states have internal predecessors, (676), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:54:59,734 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 157 [2022-02-20 17:54:59,735 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:54:59,735 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:54:59,736 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:54:59,740 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:54:59,741 INFO L85 PathProgramCache]: Analyzing trace with hash -2015100890, now seen corresponding path program 1 times [2022-02-20 17:54:59,750 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:54:59,750 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1514796967] [2022-02-20 17:54:59,751 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:54:59,752 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:54:59,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,099 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:55:00,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,118 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,119 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,119 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1721#return; {603#true} is VALID [2022-02-20 17:55:00,120 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:55:00,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,132 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,133 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1723#return; {603#true} is VALID [2022-02-20 17:55:00,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:55:00,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,140 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1725#return; {603#true} is VALID [2022-02-20 17:55:00,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:00,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,154 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,154 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,154 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1727#return; {603#true} is VALID [2022-02-20 17:55:00,155 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:55:00,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,163 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,164 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1729#return; {603#true} is VALID [2022-02-20 17:55:00,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:55:00,168 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,171 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,173 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1731#return; {603#true} is VALID [2022-02-20 17:55:00,173 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:55:00,176 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,189 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,189 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1733#return; {603#true} is VALID [2022-02-20 17:55:00,189 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:00,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,198 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,199 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1735#return; {603#true} is VALID [2022-02-20 17:55:00,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:55:00,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,218 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:00,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,224 INFO L290 TraceCheckUtils]: 0: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,224 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,224 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,225 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 17:55:00,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {603#true} is VALID [2022-02-20 17:55:00,226 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~bob___0, ~bob___0); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,227 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,227 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,227 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 17:55:00,227 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,227 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1741#return; {603#true} is VALID [2022-02-20 17:55:00,228 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:55:00,230 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,242 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:00,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,249 INFO L290 TraceCheckUtils]: 0: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,250 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1669#return; {603#true} is VALID [2022-02-20 17:55:00,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {603#true} is VALID [2022-02-20 17:55:00,251 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~rjh___0, ~rjh___0); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,252 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,252 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,252 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1669#return; {603#true} is VALID [2022-02-20 17:55:00,252 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,255 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1747#return; {603#true} is VALID [2022-02-20 17:55:00,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:55:00,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:00,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,267 INFO L290 TraceCheckUtils]: 0: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,267 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1615#return; {603#true} is VALID [2022-02-20 17:55:00,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {603#true} is VALID [2022-02-20 17:55:00,269 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~chuck___0, ~chuck___0); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,271 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,271 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,271 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1615#return; {603#true} is VALID [2022-02-20 17:55:00,271 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,272 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1753#return; {603#true} is VALID [2022-02-20 17:55:00,276 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:55:00,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,280 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,280 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,280 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1637#return; {604#false} is VALID [2022-02-20 17:55:00,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:55:00,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {696#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,289 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1639#return; {604#false} is VALID [2022-02-20 17:55:00,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:55:00,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,293 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,293 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1649#return; {604#false} is VALID [2022-02-20 17:55:00,293 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:55:00,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,297 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~handle := #in~handle;havoc ~retValue_acc~19; {603#true} is VALID [2022-02-20 17:55:00,298 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {603#true} is VALID [2022-02-20 17:55:00,298 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,298 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1651#return; {604#false} is VALID [2022-02-20 17:55:00,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 17:55:00,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,304 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {603#true} is VALID [2022-02-20 17:55:00,304 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume { :end_inline_deliver } true; {603#true} is VALID [2022-02-20 17:55:00,305 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,305 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1707#return; {604#false} is VALID [2022-02-20 17:55:00,306 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 17:55:00,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,313 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:55:00,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:00,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {603#true} is VALID [2022-02-20 17:55:00,318 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,318 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 17:55:00,318 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {603#true} is VALID [2022-02-20 17:55:00,319 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 17:55:00,319 INFO L272 TraceCheckUtils]: 2: Hoare triple {603#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {603#true} is VALID [2022-02-20 17:55:00,319 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {603#true} is VALID [2022-02-20 17:55:00,320 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,320 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 17:55:00,320 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {603#true} is VALID [2022-02-20 17:55:00,320 INFO L290 TraceCheckUtils]: 7: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,321 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {603#true} {604#false} #1709#return; {604#false} is VALID [2022-02-20 17:55:00,324 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {603#true} is VALID [2022-02-20 17:55:00,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {603#true} is VALID [2022-02-20 17:55:00,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {603#true} is VALID [2022-02-20 17:55:00,325 INFO L272 TraceCheckUtils]: 3: Hoare triple {603#true} call select_features_#t~ret5#1 := select_one(); {603#true} is VALID [2022-02-20 17:55:00,325 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,325 INFO L290 TraceCheckUtils]: 5: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,326 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {603#true} {603#true} #1721#return; {603#true} is VALID [2022-02-20 17:55:00,327 INFO L290 TraceCheckUtils]: 7: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {603#true} is VALID [2022-02-20 17:55:00,328 INFO L272 TraceCheckUtils]: 8: Hoare triple {603#true} call select_features_#t~ret6#1 := select_one(); {603#true} is VALID [2022-02-20 17:55:00,328 INFO L290 TraceCheckUtils]: 9: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,328 INFO L290 TraceCheckUtils]: 10: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,328 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {603#true} {603#true} #1723#return; {603#true} is VALID [2022-02-20 17:55:00,328 INFO L290 TraceCheckUtils]: 12: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {603#true} is VALID [2022-02-20 17:55:00,328 INFO L272 TraceCheckUtils]: 13: Hoare triple {603#true} call select_features_#t~ret7#1 := select_one(); {603#true} is VALID [2022-02-20 17:55:00,329 INFO L290 TraceCheckUtils]: 14: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,329 INFO L290 TraceCheckUtils]: 15: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,329 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {603#true} {603#true} #1725#return; {603#true} is VALID [2022-02-20 17:55:00,329 INFO L290 TraceCheckUtils]: 17: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {603#true} is VALID [2022-02-20 17:55:00,329 INFO L272 TraceCheckUtils]: 18: Hoare triple {603#true} call select_features_#t~ret8#1 := select_one(); {603#true} is VALID [2022-02-20 17:55:00,329 INFO L290 TraceCheckUtils]: 19: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,330 INFO L290 TraceCheckUtils]: 20: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,330 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {603#true} {603#true} #1727#return; {603#true} is VALID [2022-02-20 17:55:00,332 INFO L290 TraceCheckUtils]: 22: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {603#true} is VALID [2022-02-20 17:55:00,332 INFO L272 TraceCheckUtils]: 23: Hoare triple {603#true} call select_features_#t~ret9#1 := select_one(); {603#true} is VALID [2022-02-20 17:55:00,332 INFO L290 TraceCheckUtils]: 24: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,333 INFO L290 TraceCheckUtils]: 25: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,333 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {603#true} {603#true} #1729#return; {603#true} is VALID [2022-02-20 17:55:00,343 INFO L290 TraceCheckUtils]: 27: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {603#true} is VALID [2022-02-20 17:55:00,343 INFO L272 TraceCheckUtils]: 28: Hoare triple {603#true} call select_features_#t~ret10#1 := select_one(); {603#true} is VALID [2022-02-20 17:55:00,343 INFO L290 TraceCheckUtils]: 29: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,343 INFO L290 TraceCheckUtils]: 30: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {603#true} {603#true} #1731#return; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L290 TraceCheckUtils]: 32: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L272 TraceCheckUtils]: 33: Hoare triple {603#true} call select_features_#t~ret11#1 := select_one(); {603#true} is VALID [2022-02-20 17:55:00,344 INFO L290 TraceCheckUtils]: 34: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L290 TraceCheckUtils]: 35: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {603#true} {603#true} #1733#return; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L290 TraceCheckUtils]: 37: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L272 TraceCheckUtils]: 38: Hoare triple {603#true} call select_features_#t~ret12#1 := select_one(); {603#true} is VALID [2022-02-20 17:55:00,344 INFO L290 TraceCheckUtils]: 39: Hoare triple {603#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L290 TraceCheckUtils]: 40: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {603#true} {603#true} #1735#return; {603#true} is VALID [2022-02-20 17:55:00,344 INFO L290 TraceCheckUtils]: 42: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {603#true} is VALID [2022-02-20 17:55:00,345 INFO L290 TraceCheckUtils]: 43: Hoare triple {603#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {603#true} is VALID [2022-02-20 17:55:00,345 INFO L290 TraceCheckUtils]: 44: Hoare triple {603#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 17:55:00,345 INFO L290 TraceCheckUtils]: 45: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~0#1 := 0; {603#true} is VALID [2022-02-20 17:55:00,345 INFO L290 TraceCheckUtils]: 46: Hoare triple {603#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {603#true} is VALID [2022-02-20 17:55:00,345 INFO L290 TraceCheckUtils]: 47: Hoare triple {603#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {603#true} is VALID [2022-02-20 17:55:00,345 INFO L290 TraceCheckUtils]: 48: Hoare triple {603#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {603#true} is VALID [2022-02-20 17:55:00,345 INFO L290 TraceCheckUtils]: 49: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 17:55:00,354 INFO L272 TraceCheckUtils]: 50: Hoare triple {603#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,354 INFO L290 TraceCheckUtils]: 51: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {603#true} is VALID [2022-02-20 17:55:00,357 INFO L272 TraceCheckUtils]: 52: Hoare triple {603#true} call setClientId(~bob___0, ~bob___0); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,357 INFO L290 TraceCheckUtils]: 53: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,357 INFO L290 TraceCheckUtils]: 54: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,357 INFO L290 TraceCheckUtils]: 55: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,357 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 17:55:00,357 INFO L290 TraceCheckUtils]: 57: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,357 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {603#true} {603#true} #1741#return; {603#true} is VALID [2022-02-20 17:55:00,358 INFO L290 TraceCheckUtils]: 59: Hoare triple {603#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {603#true} is VALID [2022-02-20 17:55:00,358 INFO L290 TraceCheckUtils]: 60: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 17:55:00,359 INFO L272 TraceCheckUtils]: 61: Hoare triple {603#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,359 INFO L290 TraceCheckUtils]: 62: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {603#true} is VALID [2022-02-20 17:55:00,360 INFO L272 TraceCheckUtils]: 63: Hoare triple {603#true} call setClientId(~rjh___0, ~rjh___0); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,360 INFO L290 TraceCheckUtils]: 64: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,360 INFO L290 TraceCheckUtils]: 65: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,360 INFO L290 TraceCheckUtils]: 66: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,360 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {603#true} {603#true} #1669#return; {603#true} is VALID [2022-02-20 17:55:00,361 INFO L290 TraceCheckUtils]: 68: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,361 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {603#true} {603#true} #1747#return; {603#true} is VALID [2022-02-20 17:55:00,361 INFO L290 TraceCheckUtils]: 70: Hoare triple {603#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {603#true} is VALID [2022-02-20 17:55:00,361 INFO L290 TraceCheckUtils]: 71: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 17:55:00,362 INFO L272 TraceCheckUtils]: 72: Hoare triple {603#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,362 INFO L290 TraceCheckUtils]: 73: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {603#true} is VALID [2022-02-20 17:55:00,363 INFO L272 TraceCheckUtils]: 74: Hoare triple {603#true} call setClientId(~chuck___0, ~chuck___0); {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:00,363 INFO L290 TraceCheckUtils]: 75: Hoare triple {682#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,363 INFO L290 TraceCheckUtils]: 76: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,364 INFO L290 TraceCheckUtils]: 77: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,364 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {603#true} {603#true} #1615#return; {603#true} is VALID [2022-02-20 17:55:00,364 INFO L290 TraceCheckUtils]: 79: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,364 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {603#true} {603#true} #1753#return; {603#true} is VALID [2022-02-20 17:55:00,364 INFO L290 TraceCheckUtils]: 81: Hoare triple {603#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {603#true} is VALID [2022-02-20 17:55:00,364 INFO L290 TraceCheckUtils]: 82: Hoare triple {603#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {603#true} is VALID [2022-02-20 17:55:00,365 INFO L290 TraceCheckUtils]: 83: Hoare triple {603#true} assume false; {604#false} is VALID [2022-02-20 17:55:00,365 INFO L290 TraceCheckUtils]: 84: Hoare triple {604#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {604#false} is VALID [2022-02-20 17:55:00,365 INFO L272 TraceCheckUtils]: 85: Hoare triple {604#false} call sendEmail(~bob~0, ~rjh~0); {604#false} is VALID [2022-02-20 17:55:00,365 INFO L290 TraceCheckUtils]: 86: Hoare triple {604#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {604#false} is VALID [2022-02-20 17:55:00,366 INFO L272 TraceCheckUtils]: 87: Hoare triple {604#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:00,366 INFO L290 TraceCheckUtils]: 88: Hoare triple {695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,366 INFO L290 TraceCheckUtils]: 89: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,367 INFO L290 TraceCheckUtils]: 90: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,367 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {603#true} {604#false} #1637#return; {604#false} is VALID [2022-02-20 17:55:00,367 INFO L272 TraceCheckUtils]: 92: Hoare triple {604#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {696#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:00,371 INFO L290 TraceCheckUtils]: 93: Hoare triple {696#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,371 INFO L290 TraceCheckUtils]: 94: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,371 INFO L290 TraceCheckUtils]: 95: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,372 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {603#true} {604#false} #1639#return; {604#false} is VALID [2022-02-20 17:55:00,372 INFO L290 TraceCheckUtils]: 97: Hoare triple {604#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {604#false} is VALID [2022-02-20 17:55:00,372 INFO L290 TraceCheckUtils]: 98: Hoare triple {604#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {604#false} is VALID [2022-02-20 17:55:00,372 INFO L272 TraceCheckUtils]: 99: Hoare triple {604#false} call outgoing(~sender#1, ~email~0#1); {604#false} is VALID [2022-02-20 17:55:00,372 INFO L290 TraceCheckUtils]: 100: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:55:00,373 INFO L290 TraceCheckUtils]: 101: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {604#false} is VALID [2022-02-20 17:55:00,373 INFO L272 TraceCheckUtils]: 102: Hoare triple {604#false} call outgoing__before__Sign(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:55:00,373 INFO L290 TraceCheckUtils]: 103: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:55:00,373 INFO L290 TraceCheckUtils]: 104: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {604#false} is VALID [2022-02-20 17:55:00,373 INFO L272 TraceCheckUtils]: 105: Hoare triple {604#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:55:00,373 INFO L290 TraceCheckUtils]: 106: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:55:00,373 INFO L290 TraceCheckUtils]: 107: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {604#false} is VALID [2022-02-20 17:55:00,374 INFO L272 TraceCheckUtils]: 108: Hoare triple {604#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:55:00,374 INFO L290 TraceCheckUtils]: 109: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {604#false} is VALID [2022-02-20 17:55:00,374 INFO L290 TraceCheckUtils]: 110: Hoare triple {604#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {604#false} is VALID [2022-02-20 17:55:00,374 INFO L290 TraceCheckUtils]: 111: Hoare triple {604#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {604#false} is VALID [2022-02-20 17:55:00,374 INFO L272 TraceCheckUtils]: 112: Hoare triple {604#false} call setEmailFrom(~msg#1, ~tmp~2#1); {695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:00,375 INFO L290 TraceCheckUtils]: 113: Hoare triple {695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 17:55:00,377 INFO L290 TraceCheckUtils]: 114: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 17:55:00,377 INFO L290 TraceCheckUtils]: 115: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,378 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {603#true} {604#false} #1649#return; {604#false} is VALID [2022-02-20 17:55:00,378 INFO L290 TraceCheckUtils]: 117: Hoare triple {604#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {604#false} is VALID [2022-02-20 17:55:00,381 INFO L272 TraceCheckUtils]: 118: Hoare triple {604#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {603#true} is VALID [2022-02-20 17:55:00,382 INFO L290 TraceCheckUtils]: 119: Hoare triple {603#true} ~handle := #in~handle;havoc ~retValue_acc~19; {603#true} is VALID [2022-02-20 17:55:00,382 INFO L290 TraceCheckUtils]: 120: Hoare triple {603#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {603#true} is VALID [2022-02-20 17:55:00,382 INFO L290 TraceCheckUtils]: 121: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,382 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {603#true} {604#false} #1651#return; {604#false} is VALID [2022-02-20 17:55:00,382 INFO L290 TraceCheckUtils]: 123: Hoare triple {604#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {604#false} is VALID [2022-02-20 17:55:00,382 INFO L290 TraceCheckUtils]: 124: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {604#false} is VALID [2022-02-20 17:55:00,383 INFO L272 TraceCheckUtils]: 125: Hoare triple {604#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {604#false} is VALID [2022-02-20 17:55:00,383 INFO L290 TraceCheckUtils]: 126: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:55:00,383 INFO L290 TraceCheckUtils]: 127: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {604#false} is VALID [2022-02-20 17:55:00,384 INFO L272 TraceCheckUtils]: 128: Hoare triple {604#false} call incoming__before__Verify(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:55:00,384 INFO L290 TraceCheckUtils]: 129: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:55:00,385 INFO L290 TraceCheckUtils]: 130: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {604#false} is VALID [2022-02-20 17:55:00,385 INFO L272 TraceCheckUtils]: 131: Hoare triple {604#false} call incoming__before__Forward(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 17:55:00,385 INFO L290 TraceCheckUtils]: 132: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 17:55:00,385 INFO L290 TraceCheckUtils]: 133: Hoare triple {604#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {604#false} is VALID [2022-02-20 17:55:00,385 INFO L272 TraceCheckUtils]: 134: Hoare triple {604#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {603#true} is VALID [2022-02-20 17:55:00,385 INFO L290 TraceCheckUtils]: 135: Hoare triple {603#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {603#true} is VALID [2022-02-20 17:55:00,385 INFO L290 TraceCheckUtils]: 136: Hoare triple {603#true} assume { :end_inline_deliver } true; {603#true} is VALID [2022-02-20 17:55:00,386 INFO L290 TraceCheckUtils]: 137: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,386 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {603#true} {604#false} #1707#return; {604#false} is VALID [2022-02-20 17:55:00,386 INFO L290 TraceCheckUtils]: 139: Hoare triple {604#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {604#false} is VALID [2022-02-20 17:55:00,386 INFO L290 TraceCheckUtils]: 140: Hoare triple {604#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {604#false} is VALID [2022-02-20 17:55:00,386 INFO L290 TraceCheckUtils]: 141: Hoare triple {604#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {604#false} is VALID [2022-02-20 17:55:00,387 INFO L290 TraceCheckUtils]: 142: Hoare triple {604#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {604#false} is VALID [2022-02-20 17:55:00,387 INFO L272 TraceCheckUtils]: 143: Hoare triple {604#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {603#true} is VALID [2022-02-20 17:55:00,387 INFO L290 TraceCheckUtils]: 144: Hoare triple {603#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {603#true} is VALID [2022-02-20 17:55:00,387 INFO L290 TraceCheckUtils]: 145: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 17:55:00,387 INFO L272 TraceCheckUtils]: 146: Hoare triple {603#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {603#true} is VALID [2022-02-20 17:55:00,387 INFO L290 TraceCheckUtils]: 147: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {603#true} is VALID [2022-02-20 17:55:00,387 INFO L290 TraceCheckUtils]: 148: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,388 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 17:55:00,388 INFO L290 TraceCheckUtils]: 150: Hoare triple {603#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {603#true} is VALID [2022-02-20 17:55:00,392 INFO L290 TraceCheckUtils]: 151: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 17:55:00,392 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {603#true} {604#false} #1709#return; {604#false} is VALID [2022-02-20 17:55:00,392 INFO L290 TraceCheckUtils]: 153: Hoare triple {604#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {604#false} is VALID [2022-02-20 17:55:00,392 INFO L290 TraceCheckUtils]: 154: Hoare triple {604#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {604#false} is VALID [2022-02-20 17:55:00,392 INFO L290 TraceCheckUtils]: 155: Hoare triple {604#false} assume !false; {604#false} is VALID [2022-02-20 17:55:00,393 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:55:00,395 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:00,395 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1514796967] [2022-02-20 17:55:00,395 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1514796967] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:00,395 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:00,396 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 17:55:00,397 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [871036945] [2022-02-20 17:55:00,398 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:00,402 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.6) internal successors, (83), 2 states have internal predecessors, (83), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 156 [2022-02-20 17:55:00,405 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:00,408 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 16.6) internal successors, (83), 2 states have internal predecessors, (83), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:00,505 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 133 edges. 133 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:00,505 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:55:00,506 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:00,518 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:55:00,519 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 17:55:00,523 INFO L87 Difference]: Start difference. First operand has 600 states, 446 states have (on average 1.515695067264574) internal successors, (676), 466 states have internal predecessors, (676), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand has 5 states, 5 states have (on average 16.6) internal successors, (83), 2 states have internal predecessors, (83), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:04,669 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:04,669 INFO L93 Difference]: Finished difference Result 1063 states and 1612 transitions. [2022-02-20 17:55:04,670 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:55:04,670 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.6) internal successors, (83), 2 states have internal predecessors, (83), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 156 [2022-02-20 17:55:04,671 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:04,672 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.6) internal successors, (83), 2 states have internal predecessors, (83), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:04,707 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1612 transitions. [2022-02-20 17:55:04,707 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.6) internal successors, (83), 2 states have internal predecessors, (83), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:04,737 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1612 transitions. [2022-02-20 17:55:04,738 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1612 transitions. [2022-02-20 17:55:06,027 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1612 edges. 1612 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:06,115 INFO L225 Difference]: With dead ends: 1063 [2022-02-20 17:55:06,115 INFO L226 Difference]: Without dead ends: 725 [2022-02-20 17:55:06,120 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:06,124 INFO L933 BasicCegarLoop]: 893 mSDtfsCounter, 1357 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 459 mSolverCounterSat, 656 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1366 SdHoareTripleChecker+Valid, 1607 SdHoareTripleChecker+Invalid, 1115 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 656 IncrementalHoareTripleChecker+Valid, 459 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:06,125 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1366 Valid, 1607 Invalid, 1115 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [656 Valid, 459 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-02-20 17:55:06,139 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 725 states. [2022-02-20 17:55:06,203 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 725 to 593. [2022-02-20 17:55:06,203 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:06,206 INFO L82 GeneralOperation]: Start isEquivalent. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:06,209 INFO L74 IsIncluded]: Start isIncluded. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:06,212 INFO L87 Difference]: Start difference. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:06,247 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:06,247 INFO L93 Difference]: Finished difference Result 725 states and 1109 transitions. [2022-02-20 17:55:06,247 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1109 transitions. [2022-02-20 17:55:06,251 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:06,251 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:06,254 INFO L74 IsIncluded]: Start isIncluded. First operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 725 states. [2022-02-20 17:55:06,255 INFO L87 Difference]: Start difference. First operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 725 states. [2022-02-20 17:55:06,286 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:06,286 INFO L93 Difference]: Finished difference Result 725 states and 1109 transitions. [2022-02-20 17:55:06,286 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1109 transitions. [2022-02-20 17:55:06,289 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:06,289 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:06,289 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:06,289 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:06,291 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:06,316 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 882 transitions. [2022-02-20 17:55:06,317 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 882 transitions. Word has length 156 [2022-02-20 17:55:06,318 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:06,318 INFO L470 AbstractCegarLoop]: Abstraction has 593 states and 882 transitions. [2022-02-20 17:55:06,318 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 16.6) internal successors, (83), 2 states have internal predecessors, (83), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:06,318 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 882 transitions. [2022-02-20 17:55:06,322 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 158 [2022-02-20 17:55:06,322 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:06,322 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:06,322 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 17:55:06,323 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:06,323 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:06,323 INFO L85 PathProgramCache]: Analyzing trace with hash 1644639793, now seen corresponding path program 1 times [2022-02-20 17:55:06,323 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:06,323 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1062215706] [2022-02-20 17:55:06,324 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:06,324 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:06,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,410 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:55:06,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,415 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,415 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,415 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1721#return; {4473#true} is VALID [2022-02-20 17:55:06,415 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:55:06,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,420 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,420 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,420 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1723#return; {4473#true} is VALID [2022-02-20 17:55:06,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:55:06,422 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,425 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,425 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,426 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1725#return; {4473#true} is VALID [2022-02-20 17:55:06,426 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:06,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,434 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,435 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,435 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1727#return; {4473#true} is VALID [2022-02-20 17:55:06,435 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:55:06,437 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,439 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,439 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,439 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1729#return; {4473#true} is VALID [2022-02-20 17:55:06,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:55:06,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,443 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,444 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1731#return; {4473#true} is VALID [2022-02-20 17:55:06,444 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:55:06,446 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,448 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,448 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,449 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1733#return; {4473#true} is VALID [2022-02-20 17:55:06,449 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:06,450 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,453 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1735#return; {4473#true} is VALID [2022-02-20 17:55:06,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:55:06,460 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,463 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:06,463 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,466 INFO L290 TraceCheckUtils]: 0: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,466 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,466 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,467 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4473#true} {4473#true} #1719#return; {4473#true} is VALID [2022-02-20 17:55:06,467 INFO L290 TraceCheckUtils]: 0: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4473#true} is VALID [2022-02-20 17:55:06,468 INFO L272 TraceCheckUtils]: 1: Hoare triple {4473#true} call setClientId(~bob___0, ~bob___0); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,468 INFO L290 TraceCheckUtils]: 2: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,468 INFO L290 TraceCheckUtils]: 3: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,468 INFO L290 TraceCheckUtils]: 4: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,468 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4473#true} {4473#true} #1719#return; {4473#true} is VALID [2022-02-20 17:55:06,468 INFO L290 TraceCheckUtils]: 6: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,469 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4473#true} {4474#false} #1741#return; {4474#false} is VALID [2022-02-20 17:55:06,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:55:06,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:06,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,476 INFO L290 TraceCheckUtils]: 0: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,476 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,476 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4473#true} {4473#true} #1669#return; {4473#true} is VALID [2022-02-20 17:55:06,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4473#true} is VALID [2022-02-20 17:55:06,477 INFO L272 TraceCheckUtils]: 1: Hoare triple {4473#true} call setClientId(~rjh___0, ~rjh___0); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,477 INFO L290 TraceCheckUtils]: 2: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,477 INFO L290 TraceCheckUtils]: 3: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,478 INFO L290 TraceCheckUtils]: 4: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,478 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4473#true} {4473#true} #1669#return; {4473#true} is VALID [2022-02-20 17:55:06,478 INFO L290 TraceCheckUtils]: 6: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,478 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4473#true} {4474#false} #1747#return; {4474#false} is VALID [2022-02-20 17:55:06,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:55:06,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,482 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:06,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,486 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,486 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4473#true} {4473#true} #1615#return; {4473#true} is VALID [2022-02-20 17:55:06,486 INFO L290 TraceCheckUtils]: 0: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4473#true} is VALID [2022-02-20 17:55:06,486 INFO L272 TraceCheckUtils]: 1: Hoare triple {4473#true} call setClientId(~chuck___0, ~chuck___0); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,487 INFO L290 TraceCheckUtils]: 2: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,487 INFO L290 TraceCheckUtils]: 3: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,487 INFO L290 TraceCheckUtils]: 4: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,487 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4473#true} {4473#true} #1615#return; {4473#true} is VALID [2022-02-20 17:55:06,487 INFO L290 TraceCheckUtils]: 6: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,487 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4473#true} {4474#false} #1753#return; {4474#false} is VALID [2022-02-20 17:55:06,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:55:06,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,501 INFO L290 TraceCheckUtils]: 0: Hoare triple {4568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,501 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,501 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,502 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4473#true} {4474#false} #1637#return; {4474#false} is VALID [2022-02-20 17:55:06,507 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:55:06,508 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {4569#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,516 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4473#true} {4474#false} #1639#return; {4474#false} is VALID [2022-02-20 17:55:06,516 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:55:06,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,523 INFO L290 TraceCheckUtils]: 0: Hoare triple {4568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,523 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,523 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,523 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4473#true} {4474#false} #1649#return; {4474#false} is VALID [2022-02-20 17:55:06,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:55:06,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,527 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4473#true} is VALID [2022-02-20 17:55:06,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {4473#true} is VALID [2022-02-20 17:55:06,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,532 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4473#true} {4474#false} #1651#return; {4474#false} is VALID [2022-02-20 17:55:06,532 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 17:55:06,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,537 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {4473#true} is VALID [2022-02-20 17:55:06,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume { :end_inline_deliver } true; {4473#true} is VALID [2022-02-20 17:55:06,538 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,538 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4473#true} {4474#false} #1707#return; {4474#false} is VALID [2022-02-20 17:55:06,538 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 17:55:06,541 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:55:06,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:06,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {4473#true} is VALID [2022-02-20 17:55:06,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,547 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4473#true} {4473#true} #1797#return; {4473#true} is VALID [2022-02-20 17:55:06,547 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {4473#true} is VALID [2022-02-20 17:55:06,547 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4473#true} is VALID [2022-02-20 17:55:06,547 INFO L272 TraceCheckUtils]: 2: Hoare triple {4473#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {4473#true} is VALID [2022-02-20 17:55:06,547 INFO L290 TraceCheckUtils]: 3: Hoare triple {4473#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {4473#true} is VALID [2022-02-20 17:55:06,547 INFO L290 TraceCheckUtils]: 4: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,547 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4473#true} {4473#true} #1797#return; {4473#true} is VALID [2022-02-20 17:55:06,547 INFO L290 TraceCheckUtils]: 6: Hoare triple {4473#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {4473#true} is VALID [2022-02-20 17:55:06,548 INFO L290 TraceCheckUtils]: 7: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,548 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {4473#true} {4474#false} #1709#return; {4474#false} is VALID [2022-02-20 17:55:06,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {4473#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {4473#true} is VALID [2022-02-20 17:55:06,549 INFO L290 TraceCheckUtils]: 1: Hoare triple {4473#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4473#true} is VALID [2022-02-20 17:55:06,549 INFO L290 TraceCheckUtils]: 2: Hoare triple {4473#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {4473#true} is VALID [2022-02-20 17:55:06,549 INFO L272 TraceCheckUtils]: 3: Hoare triple {4473#true} call select_features_#t~ret5#1 := select_one(); {4473#true} is VALID [2022-02-20 17:55:06,549 INFO L290 TraceCheckUtils]: 4: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,549 INFO L290 TraceCheckUtils]: 5: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,549 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4473#true} {4473#true} #1721#return; {4473#true} is VALID [2022-02-20 17:55:06,549 INFO L290 TraceCheckUtils]: 7: Hoare triple {4473#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {4473#true} is VALID [2022-02-20 17:55:06,549 INFO L272 TraceCheckUtils]: 8: Hoare triple {4473#true} call select_features_#t~ret6#1 := select_one(); {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L290 TraceCheckUtils]: 9: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L290 TraceCheckUtils]: 10: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4473#true} {4473#true} #1723#return; {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L290 TraceCheckUtils]: 12: Hoare triple {4473#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L272 TraceCheckUtils]: 13: Hoare triple {4473#true} call select_features_#t~ret7#1 := select_one(); {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L290 TraceCheckUtils]: 14: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L290 TraceCheckUtils]: 15: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4473#true} {4473#true} #1725#return; {4473#true} is VALID [2022-02-20 17:55:06,550 INFO L290 TraceCheckUtils]: 17: Hoare triple {4473#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {4473#true} is VALID [2022-02-20 17:55:06,551 INFO L272 TraceCheckUtils]: 18: Hoare triple {4473#true} call select_features_#t~ret8#1 := select_one(); {4473#true} is VALID [2022-02-20 17:55:06,551 INFO L290 TraceCheckUtils]: 19: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,551 INFO L290 TraceCheckUtils]: 20: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,551 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4473#true} {4473#true} #1727#return; {4473#true} is VALID [2022-02-20 17:55:06,551 INFO L290 TraceCheckUtils]: 22: Hoare triple {4473#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {4473#true} is VALID [2022-02-20 17:55:06,551 INFO L272 TraceCheckUtils]: 23: Hoare triple {4473#true} call select_features_#t~ret9#1 := select_one(); {4473#true} is VALID [2022-02-20 17:55:06,551 INFO L290 TraceCheckUtils]: 24: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,551 INFO L290 TraceCheckUtils]: 25: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,552 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4473#true} {4473#true} #1729#return; {4473#true} is VALID [2022-02-20 17:55:06,552 INFO L290 TraceCheckUtils]: 27: Hoare triple {4473#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {4473#true} is VALID [2022-02-20 17:55:06,552 INFO L272 TraceCheckUtils]: 28: Hoare triple {4473#true} call select_features_#t~ret10#1 := select_one(); {4473#true} is VALID [2022-02-20 17:55:06,552 INFO L290 TraceCheckUtils]: 29: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,553 INFO L290 TraceCheckUtils]: 30: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,553 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4473#true} {4473#true} #1731#return; {4473#true} is VALID [2022-02-20 17:55:06,553 INFO L290 TraceCheckUtils]: 32: Hoare triple {4473#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {4473#true} is VALID [2022-02-20 17:55:06,554 INFO L272 TraceCheckUtils]: 33: Hoare triple {4473#true} call select_features_#t~ret11#1 := select_one(); {4473#true} is VALID [2022-02-20 17:55:06,554 INFO L290 TraceCheckUtils]: 34: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,554 INFO L290 TraceCheckUtils]: 35: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4473#true} {4473#true} #1733#return; {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L290 TraceCheckUtils]: 37: Hoare triple {4473#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L272 TraceCheckUtils]: 38: Hoare triple {4473#true} call select_features_#t~ret12#1 := select_one(); {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L290 TraceCheckUtils]: 39: Hoare triple {4473#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L290 TraceCheckUtils]: 40: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4473#true} {4473#true} #1735#return; {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L290 TraceCheckUtils]: 42: Hoare triple {4473#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L290 TraceCheckUtils]: 43: Hoare triple {4473#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {4473#true} is VALID [2022-02-20 17:55:06,555 INFO L290 TraceCheckUtils]: 44: Hoare triple {4473#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4473#true} is VALID [2022-02-20 17:55:06,556 INFO L290 TraceCheckUtils]: 45: Hoare triple {4473#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~0#1 := 0; {4499#(= |ULTIMATE.start_valid_product_~tmp~0#1| 0)} is VALID [2022-02-20 17:55:06,557 INFO L290 TraceCheckUtils]: 46: Hoare triple {4499#(= |ULTIMATE.start_valid_product_~tmp~0#1| 0)} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {4500#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 17:55:06,557 INFO L290 TraceCheckUtils]: 47: Hoare triple {4500#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {4501#(= |ULTIMATE.start_main_~tmp~14#1| 0)} is VALID [2022-02-20 17:55:06,557 INFO L290 TraceCheckUtils]: 48: Hoare triple {4501#(= |ULTIMATE.start_main_~tmp~14#1| 0)} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4474#false} is VALID [2022-02-20 17:55:06,558 INFO L290 TraceCheckUtils]: 49: Hoare triple {4474#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4474#false} is VALID [2022-02-20 17:55:06,558 INFO L272 TraceCheckUtils]: 50: Hoare triple {4474#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,558 INFO L290 TraceCheckUtils]: 51: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4473#true} is VALID [2022-02-20 17:55:06,558 INFO L272 TraceCheckUtils]: 52: Hoare triple {4473#true} call setClientId(~bob___0, ~bob___0); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,558 INFO L290 TraceCheckUtils]: 53: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,559 INFO L290 TraceCheckUtils]: 54: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,559 INFO L290 TraceCheckUtils]: 55: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,559 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4473#true} {4473#true} #1719#return; {4473#true} is VALID [2022-02-20 17:55:06,559 INFO L290 TraceCheckUtils]: 57: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,559 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4473#true} {4474#false} #1741#return; {4474#false} is VALID [2022-02-20 17:55:06,559 INFO L290 TraceCheckUtils]: 59: Hoare triple {4474#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4474#false} is VALID [2022-02-20 17:55:06,559 INFO L290 TraceCheckUtils]: 60: Hoare triple {4474#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4474#false} is VALID [2022-02-20 17:55:06,559 INFO L272 TraceCheckUtils]: 61: Hoare triple {4474#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,559 INFO L290 TraceCheckUtils]: 62: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4473#true} is VALID [2022-02-20 17:55:06,560 INFO L272 TraceCheckUtils]: 63: Hoare triple {4473#true} call setClientId(~rjh___0, ~rjh___0); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,560 INFO L290 TraceCheckUtils]: 64: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,560 INFO L290 TraceCheckUtils]: 65: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,560 INFO L290 TraceCheckUtils]: 66: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,560 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4473#true} {4473#true} #1669#return; {4473#true} is VALID [2022-02-20 17:55:06,561 INFO L290 TraceCheckUtils]: 68: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,561 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4473#true} {4474#false} #1747#return; {4474#false} is VALID [2022-02-20 17:55:06,561 INFO L290 TraceCheckUtils]: 70: Hoare triple {4474#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4474#false} is VALID [2022-02-20 17:55:06,561 INFO L290 TraceCheckUtils]: 71: Hoare triple {4474#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4474#false} is VALID [2022-02-20 17:55:06,561 INFO L272 TraceCheckUtils]: 72: Hoare triple {4474#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,561 INFO L290 TraceCheckUtils]: 73: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4473#true} is VALID [2022-02-20 17:55:06,562 INFO L272 TraceCheckUtils]: 74: Hoare triple {4473#true} call setClientId(~chuck___0, ~chuck___0); {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:06,562 INFO L290 TraceCheckUtils]: 75: Hoare triple {4555#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,562 INFO L290 TraceCheckUtils]: 76: Hoare triple {4473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,562 INFO L290 TraceCheckUtils]: 77: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,562 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4473#true} {4473#true} #1615#return; {4473#true} is VALID [2022-02-20 17:55:06,562 INFO L290 TraceCheckUtils]: 79: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,562 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4473#true} {4474#false} #1753#return; {4474#false} is VALID [2022-02-20 17:55:06,562 INFO L290 TraceCheckUtils]: 81: Hoare triple {4474#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {4474#false} is VALID [2022-02-20 17:55:06,563 INFO L290 TraceCheckUtils]: 82: Hoare triple {4474#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4474#false} is VALID [2022-02-20 17:55:06,563 INFO L290 TraceCheckUtils]: 83: Hoare triple {4474#false} assume !false; {4474#false} is VALID [2022-02-20 17:55:06,563 INFO L290 TraceCheckUtils]: 84: Hoare triple {4474#false} assume !(test_~splverifierCounter~0#1 < 4); {4474#false} is VALID [2022-02-20 17:55:06,563 INFO L290 TraceCheckUtils]: 85: Hoare triple {4474#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {4474#false} is VALID [2022-02-20 17:55:06,563 INFO L272 TraceCheckUtils]: 86: Hoare triple {4474#false} call sendEmail(~bob~0, ~rjh~0); {4474#false} is VALID [2022-02-20 17:55:06,563 INFO L290 TraceCheckUtils]: 87: Hoare triple {4474#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4474#false} is VALID [2022-02-20 17:55:06,563 INFO L272 TraceCheckUtils]: 88: Hoare triple {4474#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:06,563 INFO L290 TraceCheckUtils]: 89: Hoare triple {4568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,563 INFO L290 TraceCheckUtils]: 90: Hoare triple {4473#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,564 INFO L290 TraceCheckUtils]: 91: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,564 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4473#true} {4474#false} #1637#return; {4474#false} is VALID [2022-02-20 17:55:06,564 INFO L272 TraceCheckUtils]: 93: Hoare triple {4474#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4569#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:06,564 INFO L290 TraceCheckUtils]: 94: Hoare triple {4569#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,564 INFO L290 TraceCheckUtils]: 95: Hoare triple {4473#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,564 INFO L290 TraceCheckUtils]: 96: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,564 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4473#true} {4474#false} #1639#return; {4474#false} is VALID [2022-02-20 17:55:06,564 INFO L290 TraceCheckUtils]: 98: Hoare triple {4474#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {4474#false} is VALID [2022-02-20 17:55:06,564 INFO L290 TraceCheckUtils]: 99: Hoare triple {4474#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L272 TraceCheckUtils]: 100: Hoare triple {4474#false} call outgoing(~sender#1, ~email~0#1); {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L290 TraceCheckUtils]: 101: Hoare triple {4474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L290 TraceCheckUtils]: 102: Hoare triple {4474#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L272 TraceCheckUtils]: 103: Hoare triple {4474#false} call outgoing__before__Sign(~client#1, ~msg#1); {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L290 TraceCheckUtils]: 104: Hoare triple {4474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L290 TraceCheckUtils]: 105: Hoare triple {4474#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L272 TraceCheckUtils]: 106: Hoare triple {4474#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L290 TraceCheckUtils]: 107: Hoare triple {4474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4474#false} is VALID [2022-02-20 17:55:06,565 INFO L290 TraceCheckUtils]: 108: Hoare triple {4474#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4474#false} is VALID [2022-02-20 17:55:06,566 INFO L272 TraceCheckUtils]: 109: Hoare triple {4474#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4474#false} is VALID [2022-02-20 17:55:06,566 INFO L290 TraceCheckUtils]: 110: Hoare triple {4474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {4474#false} is VALID [2022-02-20 17:55:06,566 INFO L290 TraceCheckUtils]: 111: Hoare triple {4474#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {4474#false} is VALID [2022-02-20 17:55:06,566 INFO L290 TraceCheckUtils]: 112: Hoare triple {4474#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {4474#false} is VALID [2022-02-20 17:55:06,566 INFO L272 TraceCheckUtils]: 113: Hoare triple {4474#false} call setEmailFrom(~msg#1, ~tmp~2#1); {4568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:06,566 INFO L290 TraceCheckUtils]: 114: Hoare triple {4568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4473#true} is VALID [2022-02-20 17:55:06,566 INFO L290 TraceCheckUtils]: 115: Hoare triple {4473#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4473#true} is VALID [2022-02-20 17:55:06,566 INFO L290 TraceCheckUtils]: 116: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,567 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4473#true} {4474#false} #1649#return; {4474#false} is VALID [2022-02-20 17:55:06,567 INFO L290 TraceCheckUtils]: 118: Hoare triple {4474#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {4474#false} is VALID [2022-02-20 17:55:06,567 INFO L272 TraceCheckUtils]: 119: Hoare triple {4474#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {4473#true} is VALID [2022-02-20 17:55:06,567 INFO L290 TraceCheckUtils]: 120: Hoare triple {4473#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4473#true} is VALID [2022-02-20 17:55:06,567 INFO L290 TraceCheckUtils]: 121: Hoare triple {4473#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {4473#true} is VALID [2022-02-20 17:55:06,567 INFO L290 TraceCheckUtils]: 122: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,567 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {4473#true} {4474#false} #1651#return; {4474#false} is VALID [2022-02-20 17:55:06,567 INFO L290 TraceCheckUtils]: 124: Hoare triple {4474#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L290 TraceCheckUtils]: 125: Hoare triple {4474#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L272 TraceCheckUtils]: 126: Hoare triple {4474#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L290 TraceCheckUtils]: 127: Hoare triple {4474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L290 TraceCheckUtils]: 128: Hoare triple {4474#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L272 TraceCheckUtils]: 129: Hoare triple {4474#false} call incoming__before__Verify(~client#1, ~msg#1); {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L290 TraceCheckUtils]: 130: Hoare triple {4474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L290 TraceCheckUtils]: 131: Hoare triple {4474#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L272 TraceCheckUtils]: 132: Hoare triple {4474#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {4474#false} is VALID [2022-02-20 17:55:06,568 INFO L290 TraceCheckUtils]: 133: Hoare triple {4474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4474#false} is VALID [2022-02-20 17:55:06,569 INFO L290 TraceCheckUtils]: 134: Hoare triple {4474#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {4474#false} is VALID [2022-02-20 17:55:06,569 INFO L272 TraceCheckUtils]: 135: Hoare triple {4474#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {4473#true} is VALID [2022-02-20 17:55:06,569 INFO L290 TraceCheckUtils]: 136: Hoare triple {4473#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {4473#true} is VALID [2022-02-20 17:55:06,569 INFO L290 TraceCheckUtils]: 137: Hoare triple {4473#true} assume { :end_inline_deliver } true; {4473#true} is VALID [2022-02-20 17:55:06,569 INFO L290 TraceCheckUtils]: 138: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,569 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {4473#true} {4474#false} #1707#return; {4474#false} is VALID [2022-02-20 17:55:06,569 INFO L290 TraceCheckUtils]: 140: Hoare triple {4474#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {4474#false} is VALID [2022-02-20 17:55:06,569 INFO L290 TraceCheckUtils]: 141: Hoare triple {4474#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {4474#false} is VALID [2022-02-20 17:55:06,570 INFO L290 TraceCheckUtils]: 142: Hoare triple {4474#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {4474#false} is VALID [2022-02-20 17:55:06,570 INFO L290 TraceCheckUtils]: 143: Hoare triple {4474#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {4474#false} is VALID [2022-02-20 17:55:06,570 INFO L272 TraceCheckUtils]: 144: Hoare triple {4474#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {4473#true} is VALID [2022-02-20 17:55:06,570 INFO L290 TraceCheckUtils]: 145: Hoare triple {4473#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {4473#true} is VALID [2022-02-20 17:55:06,570 INFO L290 TraceCheckUtils]: 146: Hoare triple {4473#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4473#true} is VALID [2022-02-20 17:55:06,570 INFO L272 TraceCheckUtils]: 147: Hoare triple {4473#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {4473#true} is VALID [2022-02-20 17:55:06,570 INFO L290 TraceCheckUtils]: 148: Hoare triple {4473#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {4473#true} is VALID [2022-02-20 17:55:06,570 INFO L290 TraceCheckUtils]: 149: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,570 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {4473#true} {4473#true} #1797#return; {4473#true} is VALID [2022-02-20 17:55:06,571 INFO L290 TraceCheckUtils]: 151: Hoare triple {4473#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {4473#true} is VALID [2022-02-20 17:55:06,571 INFO L290 TraceCheckUtils]: 152: Hoare triple {4473#true} assume true; {4473#true} is VALID [2022-02-20 17:55:06,571 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {4473#true} {4474#false} #1709#return; {4474#false} is VALID [2022-02-20 17:55:06,571 INFO L290 TraceCheckUtils]: 154: Hoare triple {4474#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {4474#false} is VALID [2022-02-20 17:55:06,571 INFO L290 TraceCheckUtils]: 155: Hoare triple {4474#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {4474#false} is VALID [2022-02-20 17:55:06,571 INFO L290 TraceCheckUtils]: 156: Hoare triple {4474#false} assume !false; {4474#false} is VALID [2022-02-20 17:55:06,572 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:55:06,572 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:06,572 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1062215706] [2022-02-20 17:55:06,572 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1062215706] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:06,572 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:06,572 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:55:06,572 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1013747267] [2022-02-20 17:55:06,573 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:06,574 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.5) internal successors, (84), 5 states have internal predecessors, (84), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 157 [2022-02-20 17:55:06,575 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:06,575 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 10.5) internal successors, (84), 5 states have internal predecessors, (84), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:06,646 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 134 edges. 134 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:06,646 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:55:06,646 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:06,647 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:55:06,647 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:55:06,647 INFO L87 Difference]: Start difference. First operand 593 states and 882 transitions. Second operand has 8 states, 8 states have (on average 10.5) internal successors, (84), 5 states have internal predecessors, (84), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:14,290 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:14,291 INFO L93 Difference]: Finished difference Result 1282 states and 1935 transitions. [2022-02-20 17:55:14,291 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 17:55:14,291 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.5) internal successors, (84), 5 states have internal predecessors, (84), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 157 [2022-02-20 17:55:14,291 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:14,291 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 10.5) internal successors, (84), 5 states have internal predecessors, (84), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:14,315 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1935 transitions. [2022-02-20 17:55:14,315 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 10.5) internal successors, (84), 5 states have internal predecessors, (84), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:14,338 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1935 transitions. [2022-02-20 17:55:14,338 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1935 transitions. [2022-02-20 17:55:15,748 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1935 edges. 1935 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:15,792 INFO L225 Difference]: With dead ends: 1282 [2022-02-20 17:55:15,792 INFO L226 Difference]: Without dead ends: 725 [2022-02-20 17:55:15,794 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:55:15,794 INFO L933 BasicCegarLoop]: 880 mSDtfsCounter, 1364 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2767 mSolverCounterSat, 647 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1369 SdHoareTripleChecker+Valid, 2354 SdHoareTripleChecker+Invalid, 3414 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 647 IncrementalHoareTripleChecker+Valid, 2767 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.5s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:15,795 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1369 Valid, 2354 Invalid, 3414 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [647 Valid, 2767 Invalid, 0 Unknown, 0 Unchecked, 3.5s Time] [2022-02-20 17:55:15,796 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 725 states. [2022-02-20 17:55:15,814 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 725 to 593. [2022-02-20 17:55:15,814 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:15,816 INFO L82 GeneralOperation]: Start isEquivalent. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:15,817 INFO L74 IsIncluded]: Start isIncluded. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:15,818 INFO L87 Difference]: Start difference. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:15,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:15,849 INFO L93 Difference]: Finished difference Result 725 states and 1102 transitions. [2022-02-20 17:55:15,849 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1102 transitions. [2022-02-20 17:55:15,852 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:15,852 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:15,853 INFO L74 IsIncluded]: Start isIncluded. First operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 725 states. [2022-02-20 17:55:15,855 INFO L87 Difference]: Start difference. First operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 725 states. [2022-02-20 17:55:15,878 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:15,878 INFO L93 Difference]: Finished difference Result 725 states and 1102 transitions. [2022-02-20 17:55:15,878 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1102 transitions. [2022-02-20 17:55:15,881 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:15,881 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:15,881 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:15,881 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:15,882 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:15,904 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 875 transitions. [2022-02-20 17:55:15,905 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 875 transitions. Word has length 157 [2022-02-20 17:55:15,905 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:15,906 INFO L470 AbstractCegarLoop]: Abstraction has 593 states and 875 transitions. [2022-02-20 17:55:15,906 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 10.5) internal successors, (84), 5 states have internal predecessors, (84), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:15,906 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 875 transitions. [2022-02-20 17:55:15,909 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 163 [2022-02-20 17:55:15,909 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:15,909 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:15,910 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 17:55:15,910 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:15,910 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:15,910 INFO L85 PathProgramCache]: Analyzing trace with hash -1683806924, now seen corresponding path program 1 times [2022-02-20 17:55:15,910 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:15,910 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1525239651] [2022-02-20 17:55:15,911 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:15,911 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:15,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:55:15,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:15,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:15,982 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1721#return; {8641#true} is VALID [2022-02-20 17:55:15,982 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:55:15,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:15,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:15,988 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1723#return; {8641#true} is VALID [2022-02-20 17:55:15,988 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:55:15,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,992 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:15,993 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:15,993 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1725#return; {8641#true} is VALID [2022-02-20 17:55:15,993 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:15,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:15,998 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:15,998 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1727#return; {8641#true} is VALID [2022-02-20 17:55:15,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:55:16,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,003 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,003 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,004 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1729#return; {8641#true} is VALID [2022-02-20 17:55:16,004 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:55:16,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,008 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,008 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,008 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1731#return; {8641#true} is VALID [2022-02-20 17:55:16,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:55:16,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,017 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1733#return; {8641#true} is VALID [2022-02-20 17:55:16,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:16,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,021 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1735#return; {8641#true} is VALID [2022-02-20 17:55:16,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:55:16,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:16,031 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,033 INFO L290 TraceCheckUtils]: 0: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,033 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,033 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,033 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8641#true} {8641#true} #1719#return; {8641#true} is VALID [2022-02-20 17:55:16,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8641#true} is VALID [2022-02-20 17:55:16,034 INFO L272 TraceCheckUtils]: 1: Hoare triple {8641#true} call setClientId(~bob___0, ~bob___0); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,034 INFO L290 TraceCheckUtils]: 3: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,034 INFO L290 TraceCheckUtils]: 4: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,034 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8641#true} {8641#true} #1719#return; {8641#true} is VALID [2022-02-20 17:55:16,035 INFO L290 TraceCheckUtils]: 6: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,035 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8641#true} {8641#true} #1741#return; {8641#true} is VALID [2022-02-20 17:55:16,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:55:16,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,056 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:16,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8732#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:16,071 INFO L290 TraceCheckUtils]: 1: Hoare triple {8732#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:16,071 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#(= |setClientId_#in~handle| 1)} assume true; {8733#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:16,072 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#(= |setClientId_#in~handle| 1)} {8726#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:16,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8726#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:55:16,073 INFO L272 TraceCheckUtils]: 1: Hoare triple {8726#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8732#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:16,073 INFO L290 TraceCheckUtils]: 3: Hoare triple {8732#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:16,073 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#(= |setClientId_#in~handle| 1)} assume true; {8733#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:16,074 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8733#(= |setClientId_#in~handle| 1)} {8726#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:16,074 INFO L290 TraceCheckUtils]: 6: Hoare triple {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:16,074 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {8675#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {8642#false} is VALID [2022-02-20 17:55:16,075 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:55:16,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:16,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,083 INFO L290 TraceCheckUtils]: 0: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,083 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,083 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,083 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8641#true} {8641#true} #1615#return; {8641#true} is VALID [2022-02-20 17:55:16,083 INFO L290 TraceCheckUtils]: 0: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8641#true} is VALID [2022-02-20 17:55:16,084 INFO L272 TraceCheckUtils]: 1: Hoare triple {8641#true} call setClientId(~chuck___0, ~chuck___0); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,084 INFO L290 TraceCheckUtils]: 2: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,084 INFO L290 TraceCheckUtils]: 3: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,084 INFO L290 TraceCheckUtils]: 4: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,084 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8641#true} {8641#true} #1615#return; {8641#true} is VALID [2022-02-20 17:55:16,085 INFO L290 TraceCheckUtils]: 6: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,085 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8641#true} {8642#false} #1753#return; {8642#false} is VALID [2022-02-20 17:55:16,090 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:55:16,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,093 INFO L290 TraceCheckUtils]: 0: Hoare triple {8738#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,094 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8641#true} {8642#false} #1637#return; {8642#false} is VALID [2022-02-20 17:55:16,099 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:55:16,101 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {8739#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,106 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,106 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,107 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8641#true} {8642#false} #1639#return; {8642#false} is VALID [2022-02-20 17:55:16,107 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:55:16,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {8738#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,109 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,110 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8641#true} {8642#false} #1649#return; {8642#false} is VALID [2022-02-20 17:55:16,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:55:16,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} ~handle := #in~handle;havoc ~retValue_acc~19; {8641#true} is VALID [2022-02-20 17:55:16,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {8641#true} is VALID [2022-02-20 17:55:16,113 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,113 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8641#true} {8642#false} #1651#return; {8642#false} is VALID [2022-02-20 17:55:16,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 140 [2022-02-20 17:55:16,116 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {8641#true} is VALID [2022-02-20 17:55:16,118 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume { :end_inline_deliver } true; {8641#true} is VALID [2022-02-20 17:55:16,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,118 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8641#true} {8642#false} #1707#return; {8642#false} is VALID [2022-02-20 17:55:16,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 17:55:16,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,122 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:55:16,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,124 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {8641#true} is VALID [2022-02-20 17:55:16,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,125 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8641#true} {8641#true} #1797#return; {8641#true} is VALID [2022-02-20 17:55:16,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {8641#true} is VALID [2022-02-20 17:55:16,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8641#true} is VALID [2022-02-20 17:55:16,126 INFO L272 TraceCheckUtils]: 2: Hoare triple {8641#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {8641#true} is VALID [2022-02-20 17:55:16,126 INFO L290 TraceCheckUtils]: 3: Hoare triple {8641#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {8641#true} is VALID [2022-02-20 17:55:16,126 INFO L290 TraceCheckUtils]: 4: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,126 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8641#true} {8641#true} #1797#return; {8641#true} is VALID [2022-02-20 17:55:16,126 INFO L290 TraceCheckUtils]: 6: Hoare triple {8641#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {8641#true} is VALID [2022-02-20 17:55:16,126 INFO L290 TraceCheckUtils]: 7: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,126 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {8641#true} {8642#false} #1709#return; {8642#false} is VALID [2022-02-20 17:55:16,126 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8641#true} is VALID [2022-02-20 17:55:16,126 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L272 TraceCheckUtils]: 3: Hoare triple {8641#true} call select_features_#t~ret5#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L290 TraceCheckUtils]: 4: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L290 TraceCheckUtils]: 5: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8641#true} {8641#true} #1721#return; {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L290 TraceCheckUtils]: 7: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L272 TraceCheckUtils]: 8: Hoare triple {8641#true} call select_features_#t~ret6#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L290 TraceCheckUtils]: 9: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,127 INFO L290 TraceCheckUtils]: 10: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8641#true} {8641#true} #1723#return; {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L290 TraceCheckUtils]: 12: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L272 TraceCheckUtils]: 13: Hoare triple {8641#true} call select_features_#t~ret7#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L290 TraceCheckUtils]: 14: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L290 TraceCheckUtils]: 15: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8641#true} {8641#true} #1725#return; {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L290 TraceCheckUtils]: 17: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L272 TraceCheckUtils]: 18: Hoare triple {8641#true} call select_features_#t~ret8#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,128 INFO L290 TraceCheckUtils]: 19: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L290 TraceCheckUtils]: 20: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8641#true} {8641#true} #1727#return; {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L290 TraceCheckUtils]: 22: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L272 TraceCheckUtils]: 23: Hoare triple {8641#true} call select_features_#t~ret9#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L290 TraceCheckUtils]: 24: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L290 TraceCheckUtils]: 25: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8641#true} {8641#true} #1729#return; {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L290 TraceCheckUtils]: 27: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L272 TraceCheckUtils]: 28: Hoare triple {8641#true} call select_features_#t~ret10#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,129 INFO L290 TraceCheckUtils]: 29: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L290 TraceCheckUtils]: 30: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8641#true} {8641#true} #1731#return; {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L290 TraceCheckUtils]: 32: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L272 TraceCheckUtils]: 33: Hoare triple {8641#true} call select_features_#t~ret11#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L290 TraceCheckUtils]: 34: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L290 TraceCheckUtils]: 35: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8641#true} {8641#true} #1733#return; {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L290 TraceCheckUtils]: 37: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {8641#true} is VALID [2022-02-20 17:55:16,130 INFO L272 TraceCheckUtils]: 38: Hoare triple {8641#true} call select_features_#t~ret12#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L290 TraceCheckUtils]: 39: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L290 TraceCheckUtils]: 40: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8641#true} {8641#true} #1735#return; {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L290 TraceCheckUtils]: 42: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L290 TraceCheckUtils]: 43: Hoare triple {8641#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L290 TraceCheckUtils]: 44: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L290 TraceCheckUtils]: 45: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L290 TraceCheckUtils]: 46: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8641#true} is VALID [2022-02-20 17:55:16,131 INFO L290 TraceCheckUtils]: 47: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8641#true} is VALID [2022-02-20 17:55:16,132 INFO L290 TraceCheckUtils]: 48: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8641#true} is VALID [2022-02-20 17:55:16,132 INFO L290 TraceCheckUtils]: 49: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8641#true} is VALID [2022-02-20 17:55:16,132 INFO L290 TraceCheckUtils]: 50: Hoare triple {8641#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {8641#true} is VALID [2022-02-20 17:55:16,132 INFO L290 TraceCheckUtils]: 51: Hoare triple {8641#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {8641#true} is VALID [2022-02-20 17:55:16,132 INFO L290 TraceCheckUtils]: 52: Hoare triple {8641#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {8641#true} is VALID [2022-02-20 17:55:16,132 INFO L290 TraceCheckUtils]: 53: Hoare triple {8641#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8641#true} is VALID [2022-02-20 17:55:16,132 INFO L290 TraceCheckUtils]: 54: Hoare triple {8641#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8641#true} is VALID [2022-02-20 17:55:16,133 INFO L272 TraceCheckUtils]: 55: Hoare triple {8641#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,133 INFO L290 TraceCheckUtils]: 56: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8641#true} is VALID [2022-02-20 17:55:16,133 INFO L272 TraceCheckUtils]: 57: Hoare triple {8641#true} call setClientId(~bob___0, ~bob___0); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,134 INFO L290 TraceCheckUtils]: 58: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,134 INFO L290 TraceCheckUtils]: 59: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,135 INFO L290 TraceCheckUtils]: 60: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,135 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8641#true} {8641#true} #1719#return; {8641#true} is VALID [2022-02-20 17:55:16,135 INFO L290 TraceCheckUtils]: 62: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,135 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8641#true} {8641#true} #1741#return; {8641#true} is VALID [2022-02-20 17:55:16,135 INFO L290 TraceCheckUtils]: 64: Hoare triple {8641#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8675#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:16,135 INFO L290 TraceCheckUtils]: 65: Hoare triple {8675#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8675#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:16,136 INFO L272 TraceCheckUtils]: 66: Hoare triple {8675#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,136 INFO L290 TraceCheckUtils]: 67: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8726#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:55:16,137 INFO L272 TraceCheckUtils]: 68: Hoare triple {8726#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,137 INFO L290 TraceCheckUtils]: 69: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8732#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:16,137 INFO L290 TraceCheckUtils]: 70: Hoare triple {8732#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:16,138 INFO L290 TraceCheckUtils]: 71: Hoare triple {8733#(= |setClientId_#in~handle| 1)} assume true; {8733#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:16,138 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8733#(= |setClientId_#in~handle| 1)} {8726#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:16,138 INFO L290 TraceCheckUtils]: 73: Hoare triple {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:16,139 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8731#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {8675#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {8642#false} is VALID [2022-02-20 17:55:16,139 INFO L290 TraceCheckUtils]: 75: Hoare triple {8642#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8642#false} is VALID [2022-02-20 17:55:16,139 INFO L290 TraceCheckUtils]: 76: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8642#false} is VALID [2022-02-20 17:55:16,139 INFO L272 TraceCheckUtils]: 77: Hoare triple {8642#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,139 INFO L290 TraceCheckUtils]: 78: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8641#true} is VALID [2022-02-20 17:55:16,140 INFO L272 TraceCheckUtils]: 79: Hoare triple {8641#true} call setClientId(~chuck___0, ~chuck___0); {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:16,140 INFO L290 TraceCheckUtils]: 80: Hoare triple {8721#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,140 INFO L290 TraceCheckUtils]: 81: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,140 INFO L290 TraceCheckUtils]: 82: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,140 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8641#true} {8641#true} #1615#return; {8641#true} is VALID [2022-02-20 17:55:16,140 INFO L290 TraceCheckUtils]: 84: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,140 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8641#true} {8642#false} #1753#return; {8642#false} is VALID [2022-02-20 17:55:16,140 INFO L290 TraceCheckUtils]: 86: Hoare triple {8642#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {8642#false} is VALID [2022-02-20 17:55:16,140 INFO L290 TraceCheckUtils]: 87: Hoare triple {8642#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8642#false} is VALID [2022-02-20 17:55:16,141 INFO L290 TraceCheckUtils]: 88: Hoare triple {8642#false} assume !false; {8642#false} is VALID [2022-02-20 17:55:16,141 INFO L290 TraceCheckUtils]: 89: Hoare triple {8642#false} assume !(test_~splverifierCounter~0#1 < 4); {8642#false} is VALID [2022-02-20 17:55:16,141 INFO L290 TraceCheckUtils]: 90: Hoare triple {8642#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {8642#false} is VALID [2022-02-20 17:55:16,141 INFO L272 TraceCheckUtils]: 91: Hoare triple {8642#false} call sendEmail(~bob~0, ~rjh~0); {8642#false} is VALID [2022-02-20 17:55:16,141 INFO L290 TraceCheckUtils]: 92: Hoare triple {8642#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8642#false} is VALID [2022-02-20 17:55:16,141 INFO L272 TraceCheckUtils]: 93: Hoare triple {8642#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8738#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:16,141 INFO L290 TraceCheckUtils]: 94: Hoare triple {8738#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,141 INFO L290 TraceCheckUtils]: 95: Hoare triple {8641#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,141 INFO L290 TraceCheckUtils]: 96: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,141 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8641#true} {8642#false} #1637#return; {8642#false} is VALID [2022-02-20 17:55:16,142 INFO L272 TraceCheckUtils]: 98: Hoare triple {8642#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8739#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:16,142 INFO L290 TraceCheckUtils]: 99: Hoare triple {8739#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,142 INFO L290 TraceCheckUtils]: 100: Hoare triple {8641#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,142 INFO L290 TraceCheckUtils]: 101: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,142 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8641#true} {8642#false} #1639#return; {8642#false} is VALID [2022-02-20 17:55:16,142 INFO L290 TraceCheckUtils]: 103: Hoare triple {8642#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {8642#false} is VALID [2022-02-20 17:55:16,142 INFO L290 TraceCheckUtils]: 104: Hoare triple {8642#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {8642#false} is VALID [2022-02-20 17:55:16,142 INFO L272 TraceCheckUtils]: 105: Hoare triple {8642#false} call outgoing(~sender#1, ~email~0#1); {8642#false} is VALID [2022-02-20 17:55:16,142 INFO L290 TraceCheckUtils]: 106: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L290 TraceCheckUtils]: 107: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L272 TraceCheckUtils]: 108: Hoare triple {8642#false} call outgoing__before__Sign(~client#1, ~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L290 TraceCheckUtils]: 109: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L290 TraceCheckUtils]: 110: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L272 TraceCheckUtils]: 111: Hoare triple {8642#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L290 TraceCheckUtils]: 112: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L290 TraceCheckUtils]: 113: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L272 TraceCheckUtils]: 114: Hoare triple {8642#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,143 INFO L290 TraceCheckUtils]: 115: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {8642#false} is VALID [2022-02-20 17:55:16,155 INFO L290 TraceCheckUtils]: 116: Hoare triple {8642#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {8642#false} is VALID [2022-02-20 17:55:16,164 INFO L290 TraceCheckUtils]: 117: Hoare triple {8642#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {8642#false} is VALID [2022-02-20 17:55:16,165 INFO L272 TraceCheckUtils]: 118: Hoare triple {8642#false} call setEmailFrom(~msg#1, ~tmp~2#1); {8738#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:16,165 INFO L290 TraceCheckUtils]: 119: Hoare triple {8738#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,165 INFO L290 TraceCheckUtils]: 120: Hoare triple {8641#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,165 INFO L290 TraceCheckUtils]: 121: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,165 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8641#true} {8642#false} #1649#return; {8642#false} is VALID [2022-02-20 17:55:16,165 INFO L290 TraceCheckUtils]: 123: Hoare triple {8642#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {8642#false} is VALID [2022-02-20 17:55:16,165 INFO L272 TraceCheckUtils]: 124: Hoare triple {8642#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {8641#true} is VALID [2022-02-20 17:55:16,165 INFO L290 TraceCheckUtils]: 125: Hoare triple {8641#true} ~handle := #in~handle;havoc ~retValue_acc~19; {8641#true} is VALID [2022-02-20 17:55:16,166 INFO L290 TraceCheckUtils]: 126: Hoare triple {8641#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {8641#true} is VALID [2022-02-20 17:55:16,166 INFO L290 TraceCheckUtils]: 127: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,166 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {8641#true} {8642#false} #1651#return; {8642#false} is VALID [2022-02-20 17:55:16,166 INFO L290 TraceCheckUtils]: 129: Hoare triple {8642#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,166 INFO L290 TraceCheckUtils]: 130: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {8642#false} is VALID [2022-02-20 17:55:16,166 INFO L272 TraceCheckUtils]: 131: Hoare triple {8642#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,166 INFO L290 TraceCheckUtils]: 132: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,166 INFO L290 TraceCheckUtils]: 133: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {8642#false} is VALID [2022-02-20 17:55:16,166 INFO L272 TraceCheckUtils]: 134: Hoare triple {8642#false} call incoming__before__Verify(~client#1, ~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,167 INFO L290 TraceCheckUtils]: 135: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,167 INFO L290 TraceCheckUtils]: 136: Hoare triple {8642#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {8642#false} is VALID [2022-02-20 17:55:16,167 INFO L272 TraceCheckUtils]: 137: Hoare triple {8642#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,167 INFO L290 TraceCheckUtils]: 138: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,167 INFO L290 TraceCheckUtils]: 139: Hoare triple {8642#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {8642#false} is VALID [2022-02-20 17:55:16,167 INFO L272 TraceCheckUtils]: 140: Hoare triple {8642#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {8641#true} is VALID [2022-02-20 17:55:16,167 INFO L290 TraceCheckUtils]: 141: Hoare triple {8641#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {8641#true} is VALID [2022-02-20 17:55:16,167 INFO L290 TraceCheckUtils]: 142: Hoare triple {8641#true} assume { :end_inline_deliver } true; {8641#true} is VALID [2022-02-20 17:55:16,167 INFO L290 TraceCheckUtils]: 143: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,168 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {8641#true} {8642#false} #1707#return; {8642#false} is VALID [2022-02-20 17:55:16,168 INFO L290 TraceCheckUtils]: 145: Hoare triple {8642#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {8642#false} is VALID [2022-02-20 17:55:16,168 INFO L290 TraceCheckUtils]: 146: Hoare triple {8642#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {8642#false} is VALID [2022-02-20 17:55:16,168 INFO L290 TraceCheckUtils]: 147: Hoare triple {8642#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {8642#false} is VALID [2022-02-20 17:55:16,168 INFO L290 TraceCheckUtils]: 148: Hoare triple {8642#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {8642#false} is VALID [2022-02-20 17:55:16,168 INFO L272 TraceCheckUtils]: 149: Hoare triple {8642#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {8641#true} is VALID [2022-02-20 17:55:16,168 INFO L290 TraceCheckUtils]: 150: Hoare triple {8641#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {8641#true} is VALID [2022-02-20 17:55:16,168 INFO L290 TraceCheckUtils]: 151: Hoare triple {8641#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8641#true} is VALID [2022-02-20 17:55:16,169 INFO L272 TraceCheckUtils]: 152: Hoare triple {8641#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {8641#true} is VALID [2022-02-20 17:55:16,169 INFO L290 TraceCheckUtils]: 153: Hoare triple {8641#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {8641#true} is VALID [2022-02-20 17:55:16,169 INFO L290 TraceCheckUtils]: 154: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,169 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {8641#true} {8641#true} #1797#return; {8641#true} is VALID [2022-02-20 17:55:16,169 INFO L290 TraceCheckUtils]: 156: Hoare triple {8641#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {8641#true} is VALID [2022-02-20 17:55:16,169 INFO L290 TraceCheckUtils]: 157: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,169 INFO L284 TraceCheckUtils]: 158: Hoare quadruple {8641#true} {8642#false} #1709#return; {8642#false} is VALID [2022-02-20 17:55:16,169 INFO L290 TraceCheckUtils]: 159: Hoare triple {8642#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {8642#false} is VALID [2022-02-20 17:55:16,169 INFO L290 TraceCheckUtils]: 160: Hoare triple {8642#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {8642#false} is VALID [2022-02-20 17:55:16,170 INFO L290 TraceCheckUtils]: 161: Hoare triple {8642#false} assume !false; {8642#false} is VALID [2022-02-20 17:55:16,170 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 94 trivial. 0 not checked. [2022-02-20 17:55:16,170 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:16,170 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1525239651] [2022-02-20 17:55:16,170 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1525239651] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:16,171 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [60952781] [2022-02-20 17:55:16,171 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:16,171 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:16,171 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:16,204 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:16,255 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:55:16,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,524 INFO L263 TraceCheckSpWp]: Trace formula consists of 1475 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:55:16,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,619 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:16,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {8641#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8641#true} is VALID [2022-02-20 17:55:16,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {8641#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8641#true} is VALID [2022-02-20 17:55:16,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {8641#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {8641#true} is VALID [2022-02-20 17:55:16,912 INFO L272 TraceCheckUtils]: 3: Hoare triple {8641#true} call select_features_#t~ret5#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,912 INFO L290 TraceCheckUtils]: 4: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,912 INFO L290 TraceCheckUtils]: 5: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,912 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8641#true} {8641#true} #1721#return; {8641#true} is VALID [2022-02-20 17:55:16,912 INFO L290 TraceCheckUtils]: 7: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {8641#true} is VALID [2022-02-20 17:55:16,912 INFO L272 TraceCheckUtils]: 8: Hoare triple {8641#true} call select_features_#t~ret6#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,912 INFO L290 TraceCheckUtils]: 9: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,912 INFO L290 TraceCheckUtils]: 10: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8641#true} {8641#true} #1723#return; {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L290 TraceCheckUtils]: 12: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L272 TraceCheckUtils]: 13: Hoare triple {8641#true} call select_features_#t~ret7#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L290 TraceCheckUtils]: 14: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L290 TraceCheckUtils]: 15: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8641#true} {8641#true} #1725#return; {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L290 TraceCheckUtils]: 17: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L272 TraceCheckUtils]: 18: Hoare triple {8641#true} call select_features_#t~ret8#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,913 INFO L290 TraceCheckUtils]: 19: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L290 TraceCheckUtils]: 20: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8641#true} {8641#true} #1727#return; {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L290 TraceCheckUtils]: 22: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L272 TraceCheckUtils]: 23: Hoare triple {8641#true} call select_features_#t~ret9#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L290 TraceCheckUtils]: 24: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L290 TraceCheckUtils]: 25: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8641#true} {8641#true} #1729#return; {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L290 TraceCheckUtils]: 27: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {8641#true} is VALID [2022-02-20 17:55:16,914 INFO L272 TraceCheckUtils]: 28: Hoare triple {8641#true} call select_features_#t~ret10#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L290 TraceCheckUtils]: 29: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L290 TraceCheckUtils]: 30: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8641#true} {8641#true} #1731#return; {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L290 TraceCheckUtils]: 32: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L272 TraceCheckUtils]: 33: Hoare triple {8641#true} call select_features_#t~ret11#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L290 TraceCheckUtils]: 34: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L290 TraceCheckUtils]: 35: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8641#true} {8641#true} #1733#return; {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L290 TraceCheckUtils]: 37: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {8641#true} is VALID [2022-02-20 17:55:16,915 INFO L272 TraceCheckUtils]: 38: Hoare triple {8641#true} call select_features_#t~ret12#1 := select_one(); {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L290 TraceCheckUtils]: 39: Hoare triple {8641#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L290 TraceCheckUtils]: 40: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8641#true} {8641#true} #1735#return; {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L290 TraceCheckUtils]: 42: Hoare triple {8641#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L290 TraceCheckUtils]: 43: Hoare triple {8641#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L290 TraceCheckUtils]: 44: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L290 TraceCheckUtils]: 45: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L290 TraceCheckUtils]: 46: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8641#true} is VALID [2022-02-20 17:55:16,916 INFO L290 TraceCheckUtils]: 47: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L290 TraceCheckUtils]: 48: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L290 TraceCheckUtils]: 49: Hoare triple {8641#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L290 TraceCheckUtils]: 50: Hoare triple {8641#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L290 TraceCheckUtils]: 51: Hoare triple {8641#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L290 TraceCheckUtils]: 52: Hoare triple {8641#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L290 TraceCheckUtils]: 53: Hoare triple {8641#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L290 TraceCheckUtils]: 54: Hoare triple {8641#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L272 TraceCheckUtils]: 55: Hoare triple {8641#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8641#true} is VALID [2022-02-20 17:55:16,917 INFO L290 TraceCheckUtils]: 56: Hoare triple {8641#true} ~bob___0 := #in~bob___0; {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L272 TraceCheckUtils]: 57: Hoare triple {8641#true} call setClientId(~bob___0, ~bob___0); {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L290 TraceCheckUtils]: 58: Hoare triple {8641#true} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L290 TraceCheckUtils]: 59: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L290 TraceCheckUtils]: 60: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8641#true} {8641#true} #1719#return; {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L290 TraceCheckUtils]: 62: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8641#true} {8641#true} #1741#return; {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L290 TraceCheckUtils]: 64: Hoare triple {8641#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8641#true} is VALID [2022-02-20 17:55:16,918 INFO L290 TraceCheckUtils]: 65: Hoare triple {8641#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L272 TraceCheckUtils]: 66: Hoare triple {8641#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L290 TraceCheckUtils]: 67: Hoare triple {8641#true} ~rjh___0 := #in~rjh___0; {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L272 TraceCheckUtils]: 68: Hoare triple {8641#true} call setClientId(~rjh___0, ~rjh___0); {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L290 TraceCheckUtils]: 69: Hoare triple {8641#true} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L290 TraceCheckUtils]: 70: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L290 TraceCheckUtils]: 71: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8641#true} {8641#true} #1669#return; {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L290 TraceCheckUtils]: 73: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8641#true} {8641#true} #1747#return; {8641#true} is VALID [2022-02-20 17:55:16,919 INFO L290 TraceCheckUtils]: 75: Hoare triple {8641#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L290 TraceCheckUtils]: 76: Hoare triple {8641#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L272 TraceCheckUtils]: 77: Hoare triple {8641#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L290 TraceCheckUtils]: 78: Hoare triple {8641#true} ~chuck___0 := #in~chuck___0; {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L272 TraceCheckUtils]: 79: Hoare triple {8641#true} call setClientId(~chuck___0, ~chuck___0); {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L290 TraceCheckUtils]: 80: Hoare triple {8641#true} ~handle := #in~handle;~value := #in~value; {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L290 TraceCheckUtils]: 81: Hoare triple {8641#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L290 TraceCheckUtils]: 82: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8641#true} {8641#true} #1615#return; {8641#true} is VALID [2022-02-20 17:55:16,920 INFO L290 TraceCheckUtils]: 84: Hoare triple {8641#true} assume true; {8641#true} is VALID [2022-02-20 17:55:16,921 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8641#true} {8641#true} #1753#return; {8641#true} is VALID [2022-02-20 17:55:16,921 INFO L290 TraceCheckUtils]: 86: Hoare triple {8641#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {8641#true} is VALID [2022-02-20 17:55:16,921 INFO L290 TraceCheckUtils]: 87: Hoare triple {8641#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9007#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:16,921 INFO L290 TraceCheckUtils]: 88: Hoare triple {9007#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {9007#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:16,922 INFO L290 TraceCheckUtils]: 89: Hoare triple {9007#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {8642#false} is VALID [2022-02-20 17:55:16,922 INFO L290 TraceCheckUtils]: 90: Hoare triple {8642#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {8642#false} is VALID [2022-02-20 17:55:16,922 INFO L272 TraceCheckUtils]: 91: Hoare triple {8642#false} call sendEmail(~bob~0, ~rjh~0); {8642#false} is VALID [2022-02-20 17:55:16,922 INFO L290 TraceCheckUtils]: 92: Hoare triple {8642#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8642#false} is VALID [2022-02-20 17:55:16,922 INFO L272 TraceCheckUtils]: 93: Hoare triple {8642#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8642#false} is VALID [2022-02-20 17:55:16,922 INFO L290 TraceCheckUtils]: 94: Hoare triple {8642#false} ~handle := #in~handle;~value := #in~value; {8642#false} is VALID [2022-02-20 17:55:16,922 INFO L290 TraceCheckUtils]: 95: Hoare triple {8642#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L290 TraceCheckUtils]: 96: Hoare triple {8642#false} assume true; {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8642#false} {8642#false} #1637#return; {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L272 TraceCheckUtils]: 98: Hoare triple {8642#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L290 TraceCheckUtils]: 99: Hoare triple {8642#false} ~handle := #in~handle;~value := #in~value; {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L290 TraceCheckUtils]: 100: Hoare triple {8642#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L290 TraceCheckUtils]: 101: Hoare triple {8642#false} assume true; {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8642#false} {8642#false} #1639#return; {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L290 TraceCheckUtils]: 103: Hoare triple {8642#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {8642#false} is VALID [2022-02-20 17:55:16,923 INFO L290 TraceCheckUtils]: 104: Hoare triple {8642#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L272 TraceCheckUtils]: 105: Hoare triple {8642#false} call outgoing(~sender#1, ~email~0#1); {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L290 TraceCheckUtils]: 106: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L290 TraceCheckUtils]: 107: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L272 TraceCheckUtils]: 108: Hoare triple {8642#false} call outgoing__before__Sign(~client#1, ~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L290 TraceCheckUtils]: 109: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L290 TraceCheckUtils]: 110: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L272 TraceCheckUtils]: 111: Hoare triple {8642#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L290 TraceCheckUtils]: 112: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,924 INFO L290 TraceCheckUtils]: 113: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L272 TraceCheckUtils]: 114: Hoare triple {8642#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L290 TraceCheckUtils]: 115: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L290 TraceCheckUtils]: 116: Hoare triple {8642#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L290 TraceCheckUtils]: 117: Hoare triple {8642#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L272 TraceCheckUtils]: 118: Hoare triple {8642#false} call setEmailFrom(~msg#1, ~tmp~2#1); {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L290 TraceCheckUtils]: 119: Hoare triple {8642#false} ~handle := #in~handle;~value := #in~value; {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L290 TraceCheckUtils]: 120: Hoare triple {8642#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L290 TraceCheckUtils]: 121: Hoare triple {8642#false} assume true; {8642#false} is VALID [2022-02-20 17:55:16,925 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8642#false} {8642#false} #1649#return; {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L290 TraceCheckUtils]: 123: Hoare triple {8642#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L272 TraceCheckUtils]: 124: Hoare triple {8642#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L290 TraceCheckUtils]: 125: Hoare triple {8642#false} ~handle := #in~handle;havoc ~retValue_acc~19; {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L290 TraceCheckUtils]: 126: Hoare triple {8642#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L290 TraceCheckUtils]: 127: Hoare triple {8642#false} assume true; {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {8642#false} {8642#false} #1651#return; {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L290 TraceCheckUtils]: 129: Hoare triple {8642#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L290 TraceCheckUtils]: 130: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L272 TraceCheckUtils]: 131: Hoare triple {8642#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,926 INFO L290 TraceCheckUtils]: 132: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L290 TraceCheckUtils]: 133: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L272 TraceCheckUtils]: 134: Hoare triple {8642#false} call incoming__before__Verify(~client#1, ~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L290 TraceCheckUtils]: 135: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L290 TraceCheckUtils]: 136: Hoare triple {8642#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L272 TraceCheckUtils]: 137: Hoare triple {8642#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L290 TraceCheckUtils]: 138: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L290 TraceCheckUtils]: 139: Hoare triple {8642#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L272 TraceCheckUtils]: 140: Hoare triple {8642#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,927 INFO L290 TraceCheckUtils]: 141: Hoare triple {8642#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L290 TraceCheckUtils]: 142: Hoare triple {8642#false} assume { :end_inline_deliver } true; {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L290 TraceCheckUtils]: 143: Hoare triple {8642#false} assume true; {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {8642#false} {8642#false} #1707#return; {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L290 TraceCheckUtils]: 145: Hoare triple {8642#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L290 TraceCheckUtils]: 146: Hoare triple {8642#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L290 TraceCheckUtils]: 147: Hoare triple {8642#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L290 TraceCheckUtils]: 148: Hoare triple {8642#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L272 TraceCheckUtils]: 149: Hoare triple {8642#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,928 INFO L290 TraceCheckUtils]: 150: Hoare triple {8642#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L290 TraceCheckUtils]: 151: Hoare triple {8642#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L272 TraceCheckUtils]: 152: Hoare triple {8642#false} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L290 TraceCheckUtils]: 153: Hoare triple {8642#false} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L290 TraceCheckUtils]: 154: Hoare triple {8642#false} assume true; {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {8642#false} {8642#false} #1797#return; {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L290 TraceCheckUtils]: 156: Hoare triple {8642#false} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L290 TraceCheckUtils]: 157: Hoare triple {8642#false} assume true; {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L284 TraceCheckUtils]: 158: Hoare quadruple {8642#false} {8642#false} #1709#return; {8642#false} is VALID [2022-02-20 17:55:16,929 INFO L290 TraceCheckUtils]: 159: Hoare triple {8642#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {8642#false} is VALID [2022-02-20 17:55:16,930 INFO L290 TraceCheckUtils]: 160: Hoare triple {8642#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {8642#false} is VALID [2022-02-20 17:55:16,930 INFO L290 TraceCheckUtils]: 161: Hoare triple {8642#false} assume !false; {8642#false} is VALID [2022-02-20 17:55:16,930 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:55:16,930 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:16,930 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [60952781] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:16,930 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:16,931 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [10] total 11 [2022-02-20 17:55:16,931 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [819594630] [2022-02-20 17:55:16,931 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:16,932 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 162 [2022-02-20 17:55:16,932 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:16,932 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:17,029 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 139 edges. 139 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:17,029 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:17,029 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:17,030 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:17,030 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:55:17,030 INFO L87 Difference]: Start difference. First operand 593 states and 875 transitions. Second operand has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:17,698 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:17,698 INFO L93 Difference]: Finished difference Result 921 states and 1333 transitions. [2022-02-20 17:55:17,698 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:17,698 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 162 [2022-02-20 17:55:17,699 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:17,699 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:17,712 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1333 transitions. [2022-02-20 17:55:17,712 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:17,736 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1333 transitions. [2022-02-20 17:55:17,736 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1333 transitions. [2022-02-20 17:55:18,528 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1333 edges. 1333 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:18,546 INFO L225 Difference]: With dead ends: 921 [2022-02-20 17:55:18,546 INFO L226 Difference]: Without dead ends: 596 [2022-02-20 17:55:18,547 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 208 GetRequests, 199 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:55:18,548 INFO L933 BasicCegarLoop]: 873 mSDtfsCounter, 1 mSDsluCounter, 871 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1744 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:18,548 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1744 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:18,549 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 596 states. [2022-02-20 17:55:18,563 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 596 to 595. [2022-02-20 17:55:18,564 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:18,565 INFO L82 GeneralOperation]: Start isEquivalent. First operand 596 states. Second operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:18,566 INFO L74 IsIncluded]: Start isIncluded. First operand 596 states. Second operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:18,567 INFO L87 Difference]: Start difference. First operand 596 states. Second operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:18,583 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:18,584 INFO L93 Difference]: Finished difference Result 596 states and 878 transitions. [2022-02-20 17:55:18,584 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 878 transitions. [2022-02-20 17:55:18,585 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:18,585 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:18,587 INFO L74 IsIncluded]: Start isIncluded. First operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 596 states. [2022-02-20 17:55:18,588 INFO L87 Difference]: Start difference. First operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 596 states. [2022-02-20 17:55:18,604 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:18,604 INFO L93 Difference]: Finished difference Result 596 states and 878 transitions. [2022-02-20 17:55:18,604 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 878 transitions. [2022-02-20 17:55:18,606 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:18,606 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:18,606 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:18,606 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:18,608 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 595 states, 442 states have (on average 1.493212669683258) internal successors, (660), 461 states have internal predecessors, (660), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:55:18,627 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 595 states to 595 states and 877 transitions. [2022-02-20 17:55:18,628 INFO L78 Accepts]: Start accepts. Automaton has 595 states and 877 transitions. Word has length 162 [2022-02-20 17:55:18,628 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:18,628 INFO L470 AbstractCegarLoop]: Abstraction has 595 states and 877 transitions. [2022-02-20 17:55:18,628 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 29.666666666666668) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:55:18,628 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 877 transitions. [2022-02-20 17:55:18,630 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 170 [2022-02-20 17:55:18,630 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:18,631 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:18,652 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:18,847 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:18,847 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:18,848 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:18,848 INFO L85 PathProgramCache]: Analyzing trace with hash -1892392765, now seen corresponding path program 1 times [2022-02-20 17:55:18,848 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:18,848 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [920706736] [2022-02-20 17:55:18,848 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:18,848 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:18,898 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,928 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:55:18,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,933 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:18,933 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,933 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1721#return; {12527#true} is VALID [2022-02-20 17:55:18,934 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:55:18,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:18,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,946 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1723#return; {12527#true} is VALID [2022-02-20 17:55:18,947 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:55:18,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,950 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:18,950 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,950 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1725#return; {12527#true} is VALID [2022-02-20 17:55:18,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:18,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:18,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,954 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1727#return; {12527#true} is VALID [2022-02-20 17:55:18,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:55:18,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:18,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,958 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1729#return; {12527#true} is VALID [2022-02-20 17:55:18,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:55:18,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:18,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,963 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1731#return; {12527#true} is VALID [2022-02-20 17:55:18,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:55:18,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:18,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,967 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1733#return; {12527#true} is VALID [2022-02-20 17:55:18,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:18,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:18,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,971 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1735#return; {12527#true} is VALID [2022-02-20 17:55:18,974 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:55:18,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,978 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:18,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:18,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:18,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,982 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12527#true} {12527#true} #1719#return; {12527#true} is VALID [2022-02-20 17:55:18,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12527#true} is VALID [2022-02-20 17:55:18,983 INFO L272 TraceCheckUtils]: 1: Hoare triple {12527#true} call setClientId(~bob___0, ~bob___0); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:18,983 INFO L290 TraceCheckUtils]: 2: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:18,983 INFO L290 TraceCheckUtils]: 3: Hoare triple {12527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:18,983 INFO L290 TraceCheckUtils]: 4: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,983 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12527#true} {12527#true} #1719#return; {12527#true} is VALID [2022-02-20 17:55:18,983 INFO L290 TraceCheckUtils]: 6: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:18,983 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12527#true} {12527#true} #1741#return; {12527#true} is VALID [2022-02-20 17:55:18,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:55:18,985 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:19,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,013 INFO L290 TraceCheckUtils]: 0: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12618#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:19,013 INFO L290 TraceCheckUtils]: 1: Hoare triple {12618#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12619#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,013 INFO L290 TraceCheckUtils]: 2: Hoare triple {12619#(= |setClientId_#in~handle| 1)} assume true; {12619#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,014 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12619#(= |setClientId_#in~handle| 1)} {12612#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:19,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12612#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:55:19,015 INFO L272 TraceCheckUtils]: 1: Hoare triple {12612#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12618#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:19,015 INFO L290 TraceCheckUtils]: 3: Hoare triple {12618#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12619#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,016 INFO L290 TraceCheckUtils]: 4: Hoare triple {12619#(= |setClientId_#in~handle| 1)} assume true; {12619#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,016 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12619#(= |setClientId_#in~handle| 1)} {12612#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:19,016 INFO L290 TraceCheckUtils]: 6: Hoare triple {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:19,017 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {12561#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {12528#false} is VALID [2022-02-20 17:55:19,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:55:19,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,021 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:19,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,024 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,024 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12527#true} {12527#true} #1615#return; {12527#true} is VALID [2022-02-20 17:55:19,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12527#true} is VALID [2022-02-20 17:55:19,025 INFO L272 TraceCheckUtils]: 1: Hoare triple {12527#true} call setClientId(~chuck___0, ~chuck___0); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,025 INFO L290 TraceCheckUtils]: 3: Hoare triple {12527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,025 INFO L290 TraceCheckUtils]: 4: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,026 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12527#true} {12527#true} #1615#return; {12527#true} is VALID [2022-02-20 17:55:19,026 INFO L290 TraceCheckUtils]: 6: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,026 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12527#true} {12528#false} #1753#return; {12528#false} is VALID [2022-02-20 17:55:19,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:55:19,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {12624#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,036 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,036 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12527#true} {12528#false} #1637#return; {12528#false} is VALID [2022-02-20 17:55:19,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:55:19,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {12625#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,045 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12527#true} {12528#false} #1639#return; {12528#false} is VALID [2022-02-20 17:55:19,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:55:19,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {12624#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,048 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,048 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12527#true} {12528#false} #1649#return; {12528#false} is VALID [2022-02-20 17:55:19,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:55:19,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} ~handle := #in~handle;havoc ~retValue_acc~19; {12527#true} is VALID [2022-02-20 17:55:19,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {12527#true} is VALID [2022-02-20 17:55:19,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,051 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12527#true} {12528#false} #1651#return; {12528#false} is VALID [2022-02-20 17:55:19,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-02-20 17:55:19,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {12527#true} is VALID [2022-02-20 17:55:19,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume { :end_inline_deliver } true; {12527#true} is VALID [2022-02-20 17:55:19,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,058 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12527#true} {12528#false} #1707#return; {12528#false} is VALID [2022-02-20 17:55:19,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 17:55:19,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:55:19,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,067 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {12527#true} is VALID [2022-02-20 17:55:19,067 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,067 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12527#true} {12527#true} #1797#return; {12527#true} is VALID [2022-02-20 17:55:19,067 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {12527#true} is VALID [2022-02-20 17:55:19,067 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12527#true} is VALID [2022-02-20 17:55:19,067 INFO L272 TraceCheckUtils]: 2: Hoare triple {12527#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {12527#true} is VALID [2022-02-20 17:55:19,067 INFO L290 TraceCheckUtils]: 3: Hoare triple {12527#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {12527#true} is VALID [2022-02-20 17:55:19,068 INFO L290 TraceCheckUtils]: 4: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,068 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12527#true} {12527#true} #1797#return; {12527#true} is VALID [2022-02-20 17:55:19,068 INFO L290 TraceCheckUtils]: 6: Hoare triple {12527#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {12527#true} is VALID [2022-02-20 17:55:19,068 INFO L290 TraceCheckUtils]: 7: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,068 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {12527#true} {12528#false} #1709#return; {12528#false} is VALID [2022-02-20 17:55:19,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {12527#true} is VALID [2022-02-20 17:55:19,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {12527#true} is VALID [2022-02-20 17:55:19,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L272 TraceCheckUtils]: 3: Hoare triple {12527#true} call select_features_#t~ret5#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L290 TraceCheckUtils]: 4: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L290 TraceCheckUtils]: 5: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12527#true} {12527#true} #1721#return; {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L290 TraceCheckUtils]: 7: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L272 TraceCheckUtils]: 8: Hoare triple {12527#true} call select_features_#t~ret6#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L290 TraceCheckUtils]: 9: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L290 TraceCheckUtils]: 10: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,069 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {12527#true} {12527#true} #1723#return; {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L290 TraceCheckUtils]: 12: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L272 TraceCheckUtils]: 13: Hoare triple {12527#true} call select_features_#t~ret7#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L290 TraceCheckUtils]: 14: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L290 TraceCheckUtils]: 15: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12527#true} {12527#true} #1725#return; {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L290 TraceCheckUtils]: 17: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L272 TraceCheckUtils]: 18: Hoare triple {12527#true} call select_features_#t~ret8#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L290 TraceCheckUtils]: 19: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L290 TraceCheckUtils]: 20: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,070 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12527#true} {12527#true} #1727#return; {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L290 TraceCheckUtils]: 22: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L272 TraceCheckUtils]: 23: Hoare triple {12527#true} call select_features_#t~ret9#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L290 TraceCheckUtils]: 24: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L290 TraceCheckUtils]: 25: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {12527#true} {12527#true} #1729#return; {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L290 TraceCheckUtils]: 27: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L272 TraceCheckUtils]: 28: Hoare triple {12527#true} call select_features_#t~ret10#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L290 TraceCheckUtils]: 29: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,071 INFO L290 TraceCheckUtils]: 30: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {12527#true} {12527#true} #1731#return; {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L290 TraceCheckUtils]: 32: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L272 TraceCheckUtils]: 33: Hoare triple {12527#true} call select_features_#t~ret11#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L290 TraceCheckUtils]: 34: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L290 TraceCheckUtils]: 35: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12527#true} {12527#true} #1733#return; {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L290 TraceCheckUtils]: 37: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L272 TraceCheckUtils]: 38: Hoare triple {12527#true} call select_features_#t~ret12#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,072 INFO L290 TraceCheckUtils]: 39: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 40: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12527#true} {12527#true} #1735#return; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 42: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 43: Hoare triple {12527#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 44: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 45: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 46: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 47: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 48: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {12527#true} is VALID [2022-02-20 17:55:19,073 INFO L290 TraceCheckUtils]: 49: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12527#true} is VALID [2022-02-20 17:55:19,074 INFO L290 TraceCheckUtils]: 50: Hoare triple {12527#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {12527#true} is VALID [2022-02-20 17:55:19,074 INFO L290 TraceCheckUtils]: 51: Hoare triple {12527#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12527#true} is VALID [2022-02-20 17:55:19,074 INFO L290 TraceCheckUtils]: 52: Hoare triple {12527#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {12527#true} is VALID [2022-02-20 17:55:19,074 INFO L290 TraceCheckUtils]: 53: Hoare triple {12527#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {12527#true} is VALID [2022-02-20 17:55:19,074 INFO L290 TraceCheckUtils]: 54: Hoare triple {12527#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12527#true} is VALID [2022-02-20 17:55:19,075 INFO L272 TraceCheckUtils]: 55: Hoare triple {12527#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,075 INFO L290 TraceCheckUtils]: 56: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12527#true} is VALID [2022-02-20 17:55:19,075 INFO L272 TraceCheckUtils]: 57: Hoare triple {12527#true} call setClientId(~bob___0, ~bob___0); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,075 INFO L290 TraceCheckUtils]: 58: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,075 INFO L290 TraceCheckUtils]: 59: Hoare triple {12527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,076 INFO L290 TraceCheckUtils]: 60: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,076 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {12527#true} {12527#true} #1719#return; {12527#true} is VALID [2022-02-20 17:55:19,076 INFO L290 TraceCheckUtils]: 62: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,076 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12527#true} {12527#true} #1741#return; {12527#true} is VALID [2022-02-20 17:55:19,076 INFO L290 TraceCheckUtils]: 64: Hoare triple {12527#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {12561#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:19,076 INFO L290 TraceCheckUtils]: 65: Hoare triple {12561#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12561#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:19,077 INFO L272 TraceCheckUtils]: 66: Hoare triple {12561#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,077 INFO L290 TraceCheckUtils]: 67: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12612#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:55:19,078 INFO L272 TraceCheckUtils]: 68: Hoare triple {12612#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,078 INFO L290 TraceCheckUtils]: 69: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12618#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:19,078 INFO L290 TraceCheckUtils]: 70: Hoare triple {12618#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12619#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,079 INFO L290 TraceCheckUtils]: 71: Hoare triple {12619#(= |setClientId_#in~handle| 1)} assume true; {12619#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,079 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {12619#(= |setClientId_#in~handle| 1)} {12612#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1669#return; {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:19,079 INFO L290 TraceCheckUtils]: 73: Hoare triple {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:19,080 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12617#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {12561#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} #1747#return; {12528#false} is VALID [2022-02-20 17:55:19,080 INFO L290 TraceCheckUtils]: 75: Hoare triple {12528#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {12528#false} is VALID [2022-02-20 17:55:19,080 INFO L290 TraceCheckUtils]: 76: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12528#false} is VALID [2022-02-20 17:55:19,080 INFO L272 TraceCheckUtils]: 77: Hoare triple {12528#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,080 INFO L290 TraceCheckUtils]: 78: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12527#true} is VALID [2022-02-20 17:55:19,081 INFO L272 TraceCheckUtils]: 79: Hoare triple {12527#true} call setClientId(~chuck___0, ~chuck___0); {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,081 INFO L290 TraceCheckUtils]: 80: Hoare triple {12607#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,081 INFO L290 TraceCheckUtils]: 81: Hoare triple {12527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,081 INFO L290 TraceCheckUtils]: 82: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,081 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {12527#true} {12527#true} #1615#return; {12527#true} is VALID [2022-02-20 17:55:19,081 INFO L290 TraceCheckUtils]: 84: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,081 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12527#true} {12528#false} #1753#return; {12528#false} is VALID [2022-02-20 17:55:19,081 INFO L290 TraceCheckUtils]: 86: Hoare triple {12528#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {12528#false} is VALID [2022-02-20 17:55:19,081 INFO L290 TraceCheckUtils]: 87: Hoare triple {12528#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 88: Hoare triple {12528#false} assume !false; {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 89: Hoare triple {12528#false} assume test_~splverifierCounter~0#1 < 4; {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 90: Hoare triple {12528#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 91: Hoare triple {12528#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet110#1 && test_#t~nondet110#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet110#1;havoc test_#t~nondet110#1; {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 92: Hoare triple {12528#false} assume 0 != test_~tmp___9~0#1; {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 93: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 94: Hoare triple {12528#false} test_~op1~0#1 := 1; {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 95: Hoare triple {12528#false} assume !false; {12528#false} is VALID [2022-02-20 17:55:19,082 INFO L290 TraceCheckUtils]: 96: Hoare triple {12528#false} assume !(test_~splverifierCounter~0#1 < 4); {12528#false} is VALID [2022-02-20 17:55:19,083 INFO L290 TraceCheckUtils]: 97: Hoare triple {12528#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {12528#false} is VALID [2022-02-20 17:55:19,083 INFO L272 TraceCheckUtils]: 98: Hoare triple {12528#false} call sendEmail(~bob~0, ~rjh~0); {12528#false} is VALID [2022-02-20 17:55:19,083 INFO L290 TraceCheckUtils]: 99: Hoare triple {12528#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12528#false} is VALID [2022-02-20 17:55:19,083 INFO L272 TraceCheckUtils]: 100: Hoare triple {12528#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12624#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:19,083 INFO L290 TraceCheckUtils]: 101: Hoare triple {12624#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,083 INFO L290 TraceCheckUtils]: 102: Hoare triple {12527#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,083 INFO L290 TraceCheckUtils]: 103: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,083 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {12527#true} {12528#false} #1637#return; {12528#false} is VALID [2022-02-20 17:55:19,084 INFO L272 TraceCheckUtils]: 105: Hoare triple {12528#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12625#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:19,084 INFO L290 TraceCheckUtils]: 106: Hoare triple {12625#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,084 INFO L290 TraceCheckUtils]: 107: Hoare triple {12527#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,084 INFO L290 TraceCheckUtils]: 108: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,084 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {12527#true} {12528#false} #1639#return; {12528#false} is VALID [2022-02-20 17:55:19,084 INFO L290 TraceCheckUtils]: 110: Hoare triple {12528#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {12528#false} is VALID [2022-02-20 17:55:19,084 INFO L290 TraceCheckUtils]: 111: Hoare triple {12528#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {12528#false} is VALID [2022-02-20 17:55:19,084 INFO L272 TraceCheckUtils]: 112: Hoare triple {12528#false} call outgoing(~sender#1, ~email~0#1); {12528#false} is VALID [2022-02-20 17:55:19,084 INFO L290 TraceCheckUtils]: 113: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,084 INFO L290 TraceCheckUtils]: 114: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L272 TraceCheckUtils]: 115: Hoare triple {12528#false} call outgoing__before__Sign(~client#1, ~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L290 TraceCheckUtils]: 116: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L290 TraceCheckUtils]: 117: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L272 TraceCheckUtils]: 118: Hoare triple {12528#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L290 TraceCheckUtils]: 119: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L290 TraceCheckUtils]: 120: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L272 TraceCheckUtils]: 121: Hoare triple {12528#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L290 TraceCheckUtils]: 122: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {12528#false} is VALID [2022-02-20 17:55:19,085 INFO L290 TraceCheckUtils]: 123: Hoare triple {12528#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {12528#false} is VALID [2022-02-20 17:55:19,086 INFO L290 TraceCheckUtils]: 124: Hoare triple {12528#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {12528#false} is VALID [2022-02-20 17:55:19,086 INFO L272 TraceCheckUtils]: 125: Hoare triple {12528#false} call setEmailFrom(~msg#1, ~tmp~2#1); {12624#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:19,086 INFO L290 TraceCheckUtils]: 126: Hoare triple {12624#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,086 INFO L290 TraceCheckUtils]: 127: Hoare triple {12527#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,086 INFO L290 TraceCheckUtils]: 128: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,086 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {12527#true} {12528#false} #1649#return; {12528#false} is VALID [2022-02-20 17:55:19,086 INFO L290 TraceCheckUtils]: 130: Hoare triple {12528#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {12528#false} is VALID [2022-02-20 17:55:19,086 INFO L272 TraceCheckUtils]: 131: Hoare triple {12528#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {12527#true} is VALID [2022-02-20 17:55:19,086 INFO L290 TraceCheckUtils]: 132: Hoare triple {12527#true} ~handle := #in~handle;havoc ~retValue_acc~19; {12527#true} is VALID [2022-02-20 17:55:19,087 INFO L290 TraceCheckUtils]: 133: Hoare triple {12527#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {12527#true} is VALID [2022-02-20 17:55:19,087 INFO L290 TraceCheckUtils]: 134: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,087 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {12527#true} {12528#false} #1651#return; {12528#false} is VALID [2022-02-20 17:55:19,087 INFO L290 TraceCheckUtils]: 136: Hoare triple {12528#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,087 INFO L290 TraceCheckUtils]: 137: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {12528#false} is VALID [2022-02-20 17:55:19,087 INFO L272 TraceCheckUtils]: 138: Hoare triple {12528#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,087 INFO L290 TraceCheckUtils]: 139: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,087 INFO L290 TraceCheckUtils]: 140: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {12528#false} is VALID [2022-02-20 17:55:19,087 INFO L272 TraceCheckUtils]: 141: Hoare triple {12528#false} call incoming__before__Verify(~client#1, ~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,087 INFO L290 TraceCheckUtils]: 142: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,088 INFO L290 TraceCheckUtils]: 143: Hoare triple {12528#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {12528#false} is VALID [2022-02-20 17:55:19,088 INFO L272 TraceCheckUtils]: 144: Hoare triple {12528#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,088 INFO L290 TraceCheckUtils]: 145: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,088 INFO L290 TraceCheckUtils]: 146: Hoare triple {12528#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {12528#false} is VALID [2022-02-20 17:55:19,088 INFO L272 TraceCheckUtils]: 147: Hoare triple {12528#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {12527#true} is VALID [2022-02-20 17:55:19,088 INFO L290 TraceCheckUtils]: 148: Hoare triple {12527#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {12527#true} is VALID [2022-02-20 17:55:19,088 INFO L290 TraceCheckUtils]: 149: Hoare triple {12527#true} assume { :end_inline_deliver } true; {12527#true} is VALID [2022-02-20 17:55:19,088 INFO L290 TraceCheckUtils]: 150: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,088 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {12527#true} {12528#false} #1707#return; {12528#false} is VALID [2022-02-20 17:55:19,089 INFO L290 TraceCheckUtils]: 152: Hoare triple {12528#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {12528#false} is VALID [2022-02-20 17:55:19,089 INFO L290 TraceCheckUtils]: 153: Hoare triple {12528#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {12528#false} is VALID [2022-02-20 17:55:19,089 INFO L290 TraceCheckUtils]: 154: Hoare triple {12528#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {12528#false} is VALID [2022-02-20 17:55:19,089 INFO L290 TraceCheckUtils]: 155: Hoare triple {12528#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {12528#false} is VALID [2022-02-20 17:55:19,089 INFO L272 TraceCheckUtils]: 156: Hoare triple {12528#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {12527#true} is VALID [2022-02-20 17:55:19,089 INFO L290 TraceCheckUtils]: 157: Hoare triple {12527#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {12527#true} is VALID [2022-02-20 17:55:19,089 INFO L290 TraceCheckUtils]: 158: Hoare triple {12527#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12527#true} is VALID [2022-02-20 17:55:19,089 INFO L272 TraceCheckUtils]: 159: Hoare triple {12527#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {12527#true} is VALID [2022-02-20 17:55:19,089 INFO L290 TraceCheckUtils]: 160: Hoare triple {12527#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {12527#true} is VALID [2022-02-20 17:55:19,090 INFO L290 TraceCheckUtils]: 161: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,090 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {12527#true} {12527#true} #1797#return; {12527#true} is VALID [2022-02-20 17:55:19,090 INFO L290 TraceCheckUtils]: 163: Hoare triple {12527#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {12527#true} is VALID [2022-02-20 17:55:19,090 INFO L290 TraceCheckUtils]: 164: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,090 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {12527#true} {12528#false} #1709#return; {12528#false} is VALID [2022-02-20 17:55:19,090 INFO L290 TraceCheckUtils]: 166: Hoare triple {12528#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {12528#false} is VALID [2022-02-20 17:55:19,090 INFO L290 TraceCheckUtils]: 167: Hoare triple {12528#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {12528#false} is VALID [2022-02-20 17:55:19,090 INFO L290 TraceCheckUtils]: 168: Hoare triple {12528#false} assume !false; {12528#false} is VALID [2022-02-20 17:55:19,091 INFO L134 CoverageAnalysis]: Checked inductivity of 102 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 96 trivial. 0 not checked. [2022-02-20 17:55:19,091 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:19,091 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [920706736] [2022-02-20 17:55:19,091 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [920706736] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:19,091 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1685451397] [2022-02-20 17:55:19,091 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:19,092 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:19,092 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:19,093 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:19,096 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:55:19,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,389 INFO L263 TraceCheckSpWp]: Trace formula consists of 1490 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:55:19,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,446 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {12527#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {12527#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {12527#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L272 TraceCheckUtils]: 3: Hoare triple {12527#true} call select_features_#t~ret5#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 4: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 5: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12527#true} {12527#true} #1721#return; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 7: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L272 TraceCheckUtils]: 8: Hoare triple {12527#true} call select_features_#t~ret6#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 9: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 10: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {12527#true} {12527#true} #1723#return; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 12: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L272 TraceCheckUtils]: 13: Hoare triple {12527#true} call select_features_#t~ret7#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,847 INFO L290 TraceCheckUtils]: 14: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 15: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12527#true} {12527#true} #1725#return; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 17: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L272 TraceCheckUtils]: 18: Hoare triple {12527#true} call select_features_#t~ret8#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 19: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 20: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12527#true} {12527#true} #1727#return; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 22: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L272 TraceCheckUtils]: 23: Hoare triple {12527#true} call select_features_#t~ret9#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 24: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 25: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {12527#true} {12527#true} #1729#return; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 27: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L272 TraceCheckUtils]: 28: Hoare triple {12527#true} call select_features_#t~ret10#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 29: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 30: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {12527#true} {12527#true} #1731#return; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 32: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L272 TraceCheckUtils]: 33: Hoare triple {12527#true} call select_features_#t~ret11#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 34: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,848 INFO L290 TraceCheckUtils]: 35: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12527#true} {12527#true} #1733#return; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 37: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L272 TraceCheckUtils]: 38: Hoare triple {12527#true} call select_features_#t~ret12#1 := select_one(); {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 39: Hoare triple {12527#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 40: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12527#true} {12527#true} #1735#return; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 42: Hoare triple {12527#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 43: Hoare triple {12527#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 44: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 45: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 46: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 47: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 48: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 49: Hoare triple {12527#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 50: Hoare triple {12527#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 51: Hoare triple {12527#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 52: Hoare triple {12527#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 53: Hoare triple {12527#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {12527#true} is VALID [2022-02-20 17:55:19,849 INFO L290 TraceCheckUtils]: 54: Hoare triple {12527#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12527#true} is VALID [2022-02-20 17:55:19,850 INFO L272 TraceCheckUtils]: 55: Hoare triple {12527#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {12527#true} is VALID [2022-02-20 17:55:19,850 INFO L290 TraceCheckUtils]: 56: Hoare triple {12527#true} ~bob___0 := #in~bob___0; {12527#true} is VALID [2022-02-20 17:55:19,850 INFO L272 TraceCheckUtils]: 57: Hoare triple {12527#true} call setClientId(~bob___0, ~bob___0); {12527#true} is VALID [2022-02-20 17:55:19,850 INFO L290 TraceCheckUtils]: 58: Hoare triple {12527#true} ~handle := #in~handle;~value := #in~value; {12527#true} is VALID [2022-02-20 17:55:19,858 INFO L290 TraceCheckUtils]: 59: Hoare triple {12527#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12527#true} is VALID [2022-02-20 17:55:19,858 INFO L290 TraceCheckUtils]: 60: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,858 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {12527#true} {12527#true} #1719#return; {12527#true} is VALID [2022-02-20 17:55:19,858 INFO L290 TraceCheckUtils]: 62: Hoare triple {12527#true} assume true; {12527#true} is VALID [2022-02-20 17:55:19,859 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12527#true} {12527#true} #1741#return; {12527#true} is VALID [2022-02-20 17:55:19,868 INFO L290 TraceCheckUtils]: 64: Hoare triple {12527#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {12824#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:19,869 INFO L290 TraceCheckUtils]: 65: Hoare triple {12824#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12824#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:19,869 INFO L272 TraceCheckUtils]: 66: Hoare triple {12824#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {12527#true} is VALID [2022-02-20 17:55:19,869 INFO L290 TraceCheckUtils]: 67: Hoare triple {12527#true} ~rjh___0 := #in~rjh___0; {12834#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 17:55:19,869 INFO L272 TraceCheckUtils]: 68: Hoare triple {12834#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {12527#true} is VALID [2022-02-20 17:55:19,870 INFO L290 TraceCheckUtils]: 69: Hoare triple {12527#true} ~handle := #in~handle;~value := #in~value; {12841#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:55:19,870 INFO L290 TraceCheckUtils]: 70: Hoare triple {12841#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12845#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,871 INFO L290 TraceCheckUtils]: 71: Hoare triple {12845#(<= |setClientId_#in~handle| 1)} assume true; {12845#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,872 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {12845#(<= |setClientId_#in~handle| 1)} {12834#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1669#return; {12852#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:19,872 INFO L290 TraceCheckUtils]: 73: Hoare triple {12852#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {12852#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:55:19,872 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12852#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {12824#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1747#return; {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L290 TraceCheckUtils]: 75: Hoare triple {12528#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L290 TraceCheckUtils]: 76: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L272 TraceCheckUtils]: 77: Hoare triple {12528#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L290 TraceCheckUtils]: 78: Hoare triple {12528#false} ~chuck___0 := #in~chuck___0; {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L272 TraceCheckUtils]: 79: Hoare triple {12528#false} call setClientId(~chuck___0, ~chuck___0); {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L290 TraceCheckUtils]: 80: Hoare triple {12528#false} ~handle := #in~handle;~value := #in~value; {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L290 TraceCheckUtils]: 81: Hoare triple {12528#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L290 TraceCheckUtils]: 82: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,873 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {12528#false} {12528#false} #1615#return; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L290 TraceCheckUtils]: 84: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12528#false} {12528#false} #1753#return; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L290 TraceCheckUtils]: 86: Hoare triple {12528#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L290 TraceCheckUtils]: 87: Hoare triple {12528#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L290 TraceCheckUtils]: 88: Hoare triple {12528#false} assume !false; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L290 TraceCheckUtils]: 89: Hoare triple {12528#false} assume test_~splverifierCounter~0#1 < 4; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L290 TraceCheckUtils]: 90: Hoare triple {12528#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L290 TraceCheckUtils]: 91: Hoare triple {12528#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet110#1 && test_#t~nondet110#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet110#1;havoc test_#t~nondet110#1; {12528#false} is VALID [2022-02-20 17:55:19,874 INFO L290 TraceCheckUtils]: 92: Hoare triple {12528#false} assume 0 != test_~tmp___9~0#1; {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L290 TraceCheckUtils]: 93: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L290 TraceCheckUtils]: 94: Hoare triple {12528#false} test_~op1~0#1 := 1; {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L290 TraceCheckUtils]: 95: Hoare triple {12528#false} assume !false; {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L290 TraceCheckUtils]: 96: Hoare triple {12528#false} assume !(test_~splverifierCounter~0#1 < 4); {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L290 TraceCheckUtils]: 97: Hoare triple {12528#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L272 TraceCheckUtils]: 98: Hoare triple {12528#false} call sendEmail(~bob~0, ~rjh~0); {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L290 TraceCheckUtils]: 99: Hoare triple {12528#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L272 TraceCheckUtils]: 100: Hoare triple {12528#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L290 TraceCheckUtils]: 101: Hoare triple {12528#false} ~handle := #in~handle;~value := #in~value; {12528#false} is VALID [2022-02-20 17:55:19,875 INFO L290 TraceCheckUtils]: 102: Hoare triple {12528#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L290 TraceCheckUtils]: 103: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {12528#false} {12528#false} #1637#return; {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L272 TraceCheckUtils]: 105: Hoare triple {12528#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L290 TraceCheckUtils]: 106: Hoare triple {12528#false} ~handle := #in~handle;~value := #in~value; {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L290 TraceCheckUtils]: 107: Hoare triple {12528#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L290 TraceCheckUtils]: 108: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {12528#false} {12528#false} #1639#return; {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L290 TraceCheckUtils]: 110: Hoare triple {12528#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {12528#false} is VALID [2022-02-20 17:55:19,876 INFO L290 TraceCheckUtils]: 111: Hoare triple {12528#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L272 TraceCheckUtils]: 112: Hoare triple {12528#false} call outgoing(~sender#1, ~email~0#1); {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L290 TraceCheckUtils]: 113: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L290 TraceCheckUtils]: 114: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L272 TraceCheckUtils]: 115: Hoare triple {12528#false} call outgoing__before__Sign(~client#1, ~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L290 TraceCheckUtils]: 116: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L290 TraceCheckUtils]: 117: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L272 TraceCheckUtils]: 118: Hoare triple {12528#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L290 TraceCheckUtils]: 119: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,877 INFO L290 TraceCheckUtils]: 120: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L272 TraceCheckUtils]: 121: Hoare triple {12528#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L290 TraceCheckUtils]: 122: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L290 TraceCheckUtils]: 123: Hoare triple {12528#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L290 TraceCheckUtils]: 124: Hoare triple {12528#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L272 TraceCheckUtils]: 125: Hoare triple {12528#false} call setEmailFrom(~msg#1, ~tmp~2#1); {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L290 TraceCheckUtils]: 126: Hoare triple {12528#false} ~handle := #in~handle;~value := #in~value; {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L290 TraceCheckUtils]: 127: Hoare triple {12528#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L290 TraceCheckUtils]: 128: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,878 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {12528#false} {12528#false} #1649#return; {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L290 TraceCheckUtils]: 130: Hoare triple {12528#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L272 TraceCheckUtils]: 131: Hoare triple {12528#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L290 TraceCheckUtils]: 132: Hoare triple {12528#false} ~handle := #in~handle;havoc ~retValue_acc~19; {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L290 TraceCheckUtils]: 133: Hoare triple {12528#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L290 TraceCheckUtils]: 134: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {12528#false} {12528#false} #1651#return; {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L290 TraceCheckUtils]: 136: Hoare triple {12528#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L290 TraceCheckUtils]: 137: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {12528#false} is VALID [2022-02-20 17:55:19,879 INFO L272 TraceCheckUtils]: 138: Hoare triple {12528#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L290 TraceCheckUtils]: 139: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L290 TraceCheckUtils]: 140: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L272 TraceCheckUtils]: 141: Hoare triple {12528#false} call incoming__before__Verify(~client#1, ~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L290 TraceCheckUtils]: 142: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L290 TraceCheckUtils]: 143: Hoare triple {12528#false} assume 0 != ~__SELECTED_FEATURE_Forward~0;assume { :begin_inline_incoming__role__Forward } true;incoming__role__Forward_#in~client#1, incoming__role__Forward_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Forward_#t~ret26#1, incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1, incoming__role__Forward_~fwreceiver~0#1, incoming__role__Forward_~tmp~6#1;incoming__role__Forward_~client#1 := incoming__role__Forward_#in~client#1;incoming__role__Forward_~msg#1 := incoming__role__Forward_#in~msg#1;havoc incoming__role__Forward_~fwreceiver~0#1;havoc incoming__role__Forward_~tmp~6#1; {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L272 TraceCheckUtils]: 144: Hoare triple {12528#false} call incoming__before__Forward(incoming__role__Forward_~client#1, incoming__role__Forward_~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L290 TraceCheckUtils]: 145: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L290 TraceCheckUtils]: 146: Hoare triple {12528#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {12528#false} is VALID [2022-02-20 17:55:19,880 INFO L272 TraceCheckUtils]: 147: Hoare triple {12528#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L290 TraceCheckUtils]: 148: Hoare triple {12528#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L290 TraceCheckUtils]: 149: Hoare triple {12528#false} assume { :end_inline_deliver } true; {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L290 TraceCheckUtils]: 150: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {12528#false} {12528#false} #1707#return; {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L290 TraceCheckUtils]: 152: Hoare triple {12528#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L290 TraceCheckUtils]: 153: Hoare triple {12528#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L290 TraceCheckUtils]: 154: Hoare triple {12528#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L290 TraceCheckUtils]: 155: Hoare triple {12528#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {12528#false} is VALID [2022-02-20 17:55:19,881 INFO L272 TraceCheckUtils]: 156: Hoare triple {12528#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L290 TraceCheckUtils]: 157: Hoare triple {12528#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L290 TraceCheckUtils]: 158: Hoare triple {12528#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L272 TraceCheckUtils]: 159: Hoare triple {12528#false} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L290 TraceCheckUtils]: 160: Hoare triple {12528#false} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L290 TraceCheckUtils]: 161: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {12528#false} {12528#false} #1797#return; {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L290 TraceCheckUtils]: 163: Hoare triple {12528#false} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L290 TraceCheckUtils]: 164: Hoare triple {12528#false} assume true; {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {12528#false} {12528#false} #1709#return; {12528#false} is VALID [2022-02-20 17:55:19,882 INFO L290 TraceCheckUtils]: 166: Hoare triple {12528#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {12528#false} is VALID [2022-02-20 17:55:19,883 INFO L290 TraceCheckUtils]: 167: Hoare triple {12528#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {12528#false} is VALID [2022-02-20 17:55:19,883 INFO L290 TraceCheckUtils]: 168: Hoare triple {12528#false} assume !false; {12528#false} is VALID [2022-02-20 17:55:19,883 INFO L134 CoverageAnalysis]: Checked inductivity of 102 backedges. 11 proven. 0 refuted. 0 times theorem prover too weak. 91 trivial. 0 not checked. [2022-02-20 17:55:19,883 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:19,883 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1685451397] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:19,883 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:19,884 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [10] total 15 [2022-02-20 17:55:19,884 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1542024267] [2022-02-20 17:55:19,884 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:19,884 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 6 states have (on average 16.833333333333332) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 2 states have call predecessors, (29), 4 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 169 [2022-02-20 17:55:19,885 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:19,885 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 6 states have (on average 16.833333333333332) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 2 states have call predecessors, (29), 4 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:19,979 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 151 edges. 151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:19,981 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 17:55:19,981 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:19,981 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 17:55:19,981 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=32, Invalid=178, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:55:19,982 INFO L87 Difference]: Start difference. First operand 595 states and 877 transitions. Second operand has 7 states, 6 states have (on average 16.833333333333332) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 2 states have call predecessors, (29), 4 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:22,039 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:22,039 INFO L93 Difference]: Finished difference Result 1136 states and 1682 transitions. [2022-02-20 17:55:22,039 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:55:22,040 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 6 states have (on average 16.833333333333332) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 2 states have call predecessors, (29), 4 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 169 [2022-02-20 17:55:22,041 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:22,041 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 6 states have (on average 16.833333333333332) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 2 states have call predecessors, (29), 4 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:22,058 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1678 transitions. [2022-02-20 17:55:22,059 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 6 states have (on average 16.833333333333332) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 2 states have call predecessors, (29), 4 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:22,074 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1678 transitions. [2022-02-20 17:55:22,075 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1678 transitions. [2022-02-20 17:55:23,105 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1678 edges. 1678 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:23,123 INFO L225 Difference]: With dead ends: 1136 [2022-02-20 17:55:23,123 INFO L226 Difference]: Without dead ends: 599 [2022-02-20 17:55:23,125 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 217 GetRequests, 202 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 11 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=232, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:55:23,125 INFO L933 BasicCegarLoop]: 863 mSDtfsCounter, 196 mSDsluCounter, 4090 mSDsCounter, 0 mSdLazyCounter, 73 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 223 SdHoareTripleChecker+Valid, 4953 SdHoareTripleChecker+Invalid, 73 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 73 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:23,125 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [223 Valid, 4953 Invalid, 73 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 73 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 17:55:23,126 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 599 states. [2022-02-20 17:55:23,177 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 599 to 599. [2022-02-20 17:55:23,177 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:23,178 INFO L82 GeneralOperation]: Start isEquivalent. First operand 599 states. Second operand has 599 states, 444 states have (on average 1.490990990990991) internal successors, (662), 464 states have internal predecessors, (662), 109 states have call successors, (109), 43 states have call predecessors, (109), 45 states have return successors, (112), 108 states have call predecessors, (112), 108 states have call successors, (112) [2022-02-20 17:55:23,179 INFO L74 IsIncluded]: Start isIncluded. First operand 599 states. Second operand has 599 states, 444 states have (on average 1.490990990990991) internal successors, (662), 464 states have internal predecessors, (662), 109 states have call successors, (109), 43 states have call predecessors, (109), 45 states have return successors, (112), 108 states have call predecessors, (112), 108 states have call successors, (112) [2022-02-20 17:55:23,180 INFO L87 Difference]: Start difference. First operand 599 states. Second operand has 599 states, 444 states have (on average 1.490990990990991) internal successors, (662), 464 states have internal predecessors, (662), 109 states have call successors, (109), 43 states have call predecessors, (109), 45 states have return successors, (112), 108 states have call predecessors, (112), 108 states have call successors, (112) [2022-02-20 17:55:23,195 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:23,195 INFO L93 Difference]: Finished difference Result 599 states and 883 transitions. [2022-02-20 17:55:23,196 INFO L276 IsEmpty]: Start isEmpty. Operand 599 states and 883 transitions. [2022-02-20 17:55:23,197 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:23,197 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:23,198 INFO L74 IsIncluded]: Start isIncluded. First operand has 599 states, 444 states have (on average 1.490990990990991) internal successors, (662), 464 states have internal predecessors, (662), 109 states have call successors, (109), 43 states have call predecessors, (109), 45 states have return successors, (112), 108 states have call predecessors, (112), 108 states have call successors, (112) Second operand 599 states. [2022-02-20 17:55:23,200 INFO L87 Difference]: Start difference. First operand has 599 states, 444 states have (on average 1.490990990990991) internal successors, (662), 464 states have internal predecessors, (662), 109 states have call successors, (109), 43 states have call predecessors, (109), 45 states have return successors, (112), 108 states have call predecessors, (112), 108 states have call successors, (112) Second operand 599 states. [2022-02-20 17:55:23,215 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:23,215 INFO L93 Difference]: Finished difference Result 599 states and 883 transitions. [2022-02-20 17:55:23,215 INFO L276 IsEmpty]: Start isEmpty. Operand 599 states and 883 transitions. [2022-02-20 17:55:23,216 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:23,217 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:23,217 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:23,217 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:23,218 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 599 states, 444 states have (on average 1.490990990990991) internal successors, (662), 464 states have internal predecessors, (662), 109 states have call successors, (109), 43 states have call predecessors, (109), 45 states have return successors, (112), 108 states have call predecessors, (112), 108 states have call successors, (112) [2022-02-20 17:55:23,237 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 599 states to 599 states and 883 transitions. [2022-02-20 17:55:23,238 INFO L78 Accepts]: Start accepts. Automaton has 599 states and 883 transitions. Word has length 169 [2022-02-20 17:55:23,238 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:23,238 INFO L470 AbstractCegarLoop]: Abstraction has 599 states and 883 transitions. [2022-02-20 17:55:23,239 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 6 states have (on average 16.833333333333332) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 2 states have call predecessors, (29), 4 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:23,239 INFO L276 IsEmpty]: Start isEmpty. Operand 599 states and 883 transitions. [2022-02-20 17:55:23,241 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 171 [2022-02-20 17:55:23,241 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:23,241 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:23,262 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:23,455 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable3 [2022-02-20 17:55:23,456 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:23,456 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:23,456 INFO L85 PathProgramCache]: Analyzing trace with hash 95242608, now seen corresponding path program 1 times [2022-02-20 17:55:23,456 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:23,456 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1662936543] [2022-02-20 17:55:23,456 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:23,456 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:23,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:55:23,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,528 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,528 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,528 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1721#return; {16733#true} is VALID [2022-02-20 17:55:23,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:55:23,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,532 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,532 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1723#return; {16733#true} is VALID [2022-02-20 17:55:23,532 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:55:23,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,537 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,537 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1725#return; {16733#true} is VALID [2022-02-20 17:55:23,537 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:23,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,540 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,541 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,541 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1727#return; {16733#true} is VALID [2022-02-20 17:55:23,541 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:55:23,542 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,544 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,544 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,544 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1729#return; {16733#true} is VALID [2022-02-20 17:55:23,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:55:23,546 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,548 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1731#return; {16733#true} is VALID [2022-02-20 17:55:23,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:55:23,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,552 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,552 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1733#return; {16733#true} is VALID [2022-02-20 17:55:23,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:23,554 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,556 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,556 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,556 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1735#return; {16733#true} is VALID [2022-02-20 17:55:23,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:55:23,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,564 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:23,565 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,567 INFO L290 TraceCheckUtils]: 0: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,567 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,567 INFO L290 TraceCheckUtils]: 2: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,567 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16733#true} {16733#true} #1719#return; {16733#true} is VALID [2022-02-20 17:55:23,567 INFO L290 TraceCheckUtils]: 0: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {16733#true} is VALID [2022-02-20 17:55:23,568 INFO L272 TraceCheckUtils]: 1: Hoare triple {16733#true} call setClientId(~bob___0, ~bob___0); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,568 INFO L290 TraceCheckUtils]: 2: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,568 INFO L290 TraceCheckUtils]: 3: Hoare triple {16733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,568 INFO L290 TraceCheckUtils]: 4: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,568 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {16733#true} {16733#true} #1719#return; {16733#true} is VALID [2022-02-20 17:55:23,568 INFO L290 TraceCheckUtils]: 6: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,568 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {16733#true} {16733#true} #1741#return; {16733#true} is VALID [2022-02-20 17:55:23,568 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:55:23,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,572 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:23,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,576 INFO L290 TraceCheckUtils]: 0: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,576 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume !(1 == ~handle); {16733#true} is VALID [2022-02-20 17:55:23,576 INFO L290 TraceCheckUtils]: 2: Hoare triple {16733#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,576 INFO L290 TraceCheckUtils]: 3: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,576 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16733#true} {16733#true} #1669#return; {16733#true} is VALID [2022-02-20 17:55:23,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {16733#true} is VALID [2022-02-20 17:55:23,577 INFO L272 TraceCheckUtils]: 1: Hoare triple {16733#true} call setClientId(~rjh___0, ~rjh___0); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,577 INFO L290 TraceCheckUtils]: 2: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,577 INFO L290 TraceCheckUtils]: 3: Hoare triple {16733#true} assume !(1 == ~handle); {16733#true} is VALID [2022-02-20 17:55:23,578 INFO L290 TraceCheckUtils]: 4: Hoare triple {16733#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,578 INFO L290 TraceCheckUtils]: 5: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,578 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {16733#true} {16733#true} #1669#return; {16733#true} is VALID [2022-02-20 17:55:23,578 INFO L290 TraceCheckUtils]: 7: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,578 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {16733#true} {16733#true} #1747#return; {16733#true} is VALID [2022-02-20 17:55:23,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:55:23,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:23,593 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16830#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {16830#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16831#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:23,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {16831#(= |setClientId_#in~handle| 1)} assume true; {16831#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:23,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16831#(= |setClientId_#in~handle| 1)} {16824#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:55:23,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {16824#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:23,606 INFO L272 TraceCheckUtils]: 1: Hoare triple {16824#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,606 INFO L290 TraceCheckUtils]: 2: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16830#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,607 INFO L290 TraceCheckUtils]: 3: Hoare triple {16830#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16831#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:23,607 INFO L290 TraceCheckUtils]: 4: Hoare triple {16831#(= |setClientId_#in~handle| 1)} assume true; {16831#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:23,607 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {16831#(= |setClientId_#in~handle| 1)} {16824#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:55:23,608 INFO L290 TraceCheckUtils]: 6: Hoare triple {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:55:23,608 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {16776#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #1753#return; {16734#false} is VALID [2022-02-20 17:55:23,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:55:23,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {16832#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,616 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16733#true} {16734#false} #1637#return; {16734#false} is VALID [2022-02-20 17:55:23,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:55:23,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {16833#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,626 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16733#true} {16734#false} #1639#return; {16734#false} is VALID [2022-02-20 17:55:23,626 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 17:55:23,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,628 INFO L290 TraceCheckUtils]: 0: Hoare triple {16832#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,628 INFO L290 TraceCheckUtils]: 2: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,628 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16733#true} {16734#false} #1649#return; {16734#false} is VALID [2022-02-20 17:55:23,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 17:55:23,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} ~handle := #in~handle;havoc ~retValue_acc~19; {16733#true} is VALID [2022-02-20 17:55:23,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {16733#true} is VALID [2022-02-20 17:55:23,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,630 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16733#true} {16734#false} #1651#return; {16734#false} is VALID [2022-02-20 17:55:23,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 148 [2022-02-20 17:55:23,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,633 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {16733#true} is VALID [2022-02-20 17:55:23,634 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume { :end_inline_deliver } true; {16733#true} is VALID [2022-02-20 17:55:23,634 INFO L290 TraceCheckUtils]: 2: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,634 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16733#true} {16734#false} #1707#return; {16734#false} is VALID [2022-02-20 17:55:23,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 17:55:23,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,636 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:55:23,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,638 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {16733#true} is VALID [2022-02-20 17:55:23,638 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,638 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16733#true} {16733#true} #1797#return; {16733#true} is VALID [2022-02-20 17:55:23,638 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {16733#true} is VALID [2022-02-20 17:55:23,638 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {16733#true} is VALID [2022-02-20 17:55:23,638 INFO L272 TraceCheckUtils]: 2: Hoare triple {16733#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {16733#true} is VALID [2022-02-20 17:55:23,639 INFO L290 TraceCheckUtils]: 3: Hoare triple {16733#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {16733#true} is VALID [2022-02-20 17:55:23,639 INFO L290 TraceCheckUtils]: 4: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,639 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {16733#true} {16733#true} #1797#return; {16733#true} is VALID [2022-02-20 17:55:23,639 INFO L290 TraceCheckUtils]: 6: Hoare triple {16733#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {16733#true} is VALID [2022-02-20 17:55:23,639 INFO L290 TraceCheckUtils]: 7: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,639 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {16733#true} {16734#false} #1709#return; {16734#false} is VALID [2022-02-20 17:55:23,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {16733#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {16733#true} is VALID [2022-02-20 17:55:23,639 INFO L290 TraceCheckUtils]: 1: Hoare triple {16733#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {16733#true} is VALID [2022-02-20 17:55:23,639 INFO L290 TraceCheckUtils]: 2: Hoare triple {16733#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L272 TraceCheckUtils]: 3: Hoare triple {16733#true} call select_features_#t~ret5#1 := select_one(); {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L290 TraceCheckUtils]: 4: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L290 TraceCheckUtils]: 5: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {16733#true} {16733#true} #1721#return; {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L290 TraceCheckUtils]: 7: Hoare triple {16733#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L272 TraceCheckUtils]: 8: Hoare triple {16733#true} call select_features_#t~ret6#1 := select_one(); {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L290 TraceCheckUtils]: 9: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L290 TraceCheckUtils]: 10: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,640 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {16733#true} {16733#true} #1723#return; {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L290 TraceCheckUtils]: 12: Hoare triple {16733#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L272 TraceCheckUtils]: 13: Hoare triple {16733#true} call select_features_#t~ret7#1 := select_one(); {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L290 TraceCheckUtils]: 14: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L290 TraceCheckUtils]: 15: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16733#true} {16733#true} #1725#return; {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L290 TraceCheckUtils]: 17: Hoare triple {16733#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L272 TraceCheckUtils]: 18: Hoare triple {16733#true} call select_features_#t~ret8#1 := select_one(); {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L290 TraceCheckUtils]: 19: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L290 TraceCheckUtils]: 20: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,641 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {16733#true} {16733#true} #1727#return; {16733#true} is VALID [2022-02-20 17:55:23,642 INFO L290 TraceCheckUtils]: 22: Hoare triple {16733#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {16733#true} is VALID [2022-02-20 17:55:23,642 INFO L272 TraceCheckUtils]: 23: Hoare triple {16733#true} call select_features_#t~ret9#1 := select_one(); {16733#true} is VALID [2022-02-20 17:55:23,642 INFO L290 TraceCheckUtils]: 24: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,642 INFO L290 TraceCheckUtils]: 25: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,642 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {16733#true} {16733#true} #1729#return; {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L290 TraceCheckUtils]: 27: Hoare triple {16733#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L272 TraceCheckUtils]: 28: Hoare triple {16733#true} call select_features_#t~ret10#1 := select_one(); {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L290 TraceCheckUtils]: 29: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L290 TraceCheckUtils]: 30: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {16733#true} {16733#true} #1731#return; {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L290 TraceCheckUtils]: 32: Hoare triple {16733#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L272 TraceCheckUtils]: 33: Hoare triple {16733#true} call select_features_#t~ret11#1 := select_one(); {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L290 TraceCheckUtils]: 34: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,643 INFO L290 TraceCheckUtils]: 35: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {16733#true} {16733#true} #1733#return; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L290 TraceCheckUtils]: 37: Hoare triple {16733#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L272 TraceCheckUtils]: 38: Hoare triple {16733#true} call select_features_#t~ret12#1 := select_one(); {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L290 TraceCheckUtils]: 39: Hoare triple {16733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L290 TraceCheckUtils]: 40: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {16733#true} {16733#true} #1735#return; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L290 TraceCheckUtils]: 42: Hoare triple {16733#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L290 TraceCheckUtils]: 43: Hoare triple {16733#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L290 TraceCheckUtils]: 44: Hoare triple {16733#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {16733#true} is VALID [2022-02-20 17:55:23,644 INFO L290 TraceCheckUtils]: 45: Hoare triple {16733#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 46: Hoare triple {16733#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 47: Hoare triple {16733#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 48: Hoare triple {16733#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 49: Hoare triple {16733#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 50: Hoare triple {16733#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 51: Hoare triple {16733#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 52: Hoare triple {16733#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 53: Hoare triple {16733#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {16733#true} is VALID [2022-02-20 17:55:23,645 INFO L290 TraceCheckUtils]: 54: Hoare triple {16733#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {16733#true} is VALID [2022-02-20 17:55:23,646 INFO L272 TraceCheckUtils]: 55: Hoare triple {16733#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,646 INFO L290 TraceCheckUtils]: 56: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {16733#true} is VALID [2022-02-20 17:55:23,647 INFO L272 TraceCheckUtils]: 57: Hoare triple {16733#true} call setClientId(~bob___0, ~bob___0); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,647 INFO L290 TraceCheckUtils]: 58: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,647 INFO L290 TraceCheckUtils]: 59: Hoare triple {16733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,647 INFO L290 TraceCheckUtils]: 60: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,647 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {16733#true} {16733#true} #1719#return; {16733#true} is VALID [2022-02-20 17:55:23,647 INFO L290 TraceCheckUtils]: 62: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,647 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {16733#true} {16733#true} #1741#return; {16733#true} is VALID [2022-02-20 17:55:23,647 INFO L290 TraceCheckUtils]: 64: Hoare triple {16733#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {16733#true} is VALID [2022-02-20 17:55:23,647 INFO L290 TraceCheckUtils]: 65: Hoare triple {16733#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {16733#true} is VALID [2022-02-20 17:55:23,648 INFO L272 TraceCheckUtils]: 66: Hoare triple {16733#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,648 INFO L290 TraceCheckUtils]: 67: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {16733#true} is VALID [2022-02-20 17:55:23,649 INFO L272 TraceCheckUtils]: 68: Hoare triple {16733#true} call setClientId(~rjh___0, ~rjh___0); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,649 INFO L290 TraceCheckUtils]: 69: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,649 INFO L290 TraceCheckUtils]: 70: Hoare triple {16733#true} assume !(1 == ~handle); {16733#true} is VALID [2022-02-20 17:55:23,649 INFO L290 TraceCheckUtils]: 71: Hoare triple {16733#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,649 INFO L290 TraceCheckUtils]: 72: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,649 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {16733#true} {16733#true} #1669#return; {16733#true} is VALID [2022-02-20 17:55:23,649 INFO L290 TraceCheckUtils]: 74: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,649 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {16733#true} {16733#true} #1747#return; {16733#true} is VALID [2022-02-20 17:55:23,650 INFO L290 TraceCheckUtils]: 76: Hoare triple {16733#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {16776#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:55:23,650 INFO L290 TraceCheckUtils]: 77: Hoare triple {16776#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {16776#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:55:23,650 INFO L272 TraceCheckUtils]: 78: Hoare triple {16776#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,651 INFO L290 TraceCheckUtils]: 79: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {16824#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:23,651 INFO L272 TraceCheckUtils]: 80: Hoare triple {16824#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,651 INFO L290 TraceCheckUtils]: 81: Hoare triple {16814#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16830#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,652 INFO L290 TraceCheckUtils]: 82: Hoare triple {16830#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16831#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:23,652 INFO L290 TraceCheckUtils]: 83: Hoare triple {16831#(= |setClientId_#in~handle| 1)} assume true; {16831#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:23,652 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {16831#(= |setClientId_#in~handle| 1)} {16824#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:55:23,653 INFO L290 TraceCheckUtils]: 85: Hoare triple {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:55:23,653 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {16829#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {16776#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #1753#return; {16734#false} is VALID [2022-02-20 17:55:23,653 INFO L290 TraceCheckUtils]: 87: Hoare triple {16734#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {16734#false} is VALID [2022-02-20 17:55:23,653 INFO L290 TraceCheckUtils]: 88: Hoare triple {16734#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16734#false} is VALID [2022-02-20 17:55:23,653 INFO L290 TraceCheckUtils]: 89: Hoare triple {16734#false} assume !false; {16734#false} is VALID [2022-02-20 17:55:23,653 INFO L290 TraceCheckUtils]: 90: Hoare triple {16734#false} assume test_~splverifierCounter~0#1 < 4; {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 91: Hoare triple {16734#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 92: Hoare triple {16734#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet110#1 && test_#t~nondet110#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet110#1;havoc test_#t~nondet110#1; {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 93: Hoare triple {16734#false} assume 0 != test_~tmp___9~0#1; {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 94: Hoare triple {16734#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 95: Hoare triple {16734#false} test_~op1~0#1 := 1; {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 96: Hoare triple {16734#false} assume !false; {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 97: Hoare triple {16734#false} assume !(test_~splverifierCounter~0#1 < 4); {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 98: Hoare triple {16734#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L272 TraceCheckUtils]: 99: Hoare triple {16734#false} call sendEmail(~bob~0, ~rjh~0); {16734#false} is VALID [2022-02-20 17:55:23,654 INFO L290 TraceCheckUtils]: 100: Hoare triple {16734#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16734#false} is VALID [2022-02-20 17:55:23,655 INFO L272 TraceCheckUtils]: 101: Hoare triple {16734#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16832#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:23,655 INFO L290 TraceCheckUtils]: 102: Hoare triple {16832#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,655 INFO L290 TraceCheckUtils]: 103: Hoare triple {16733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,655 INFO L290 TraceCheckUtils]: 104: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,655 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {16733#true} {16734#false} #1637#return; {16734#false} is VALID [2022-02-20 17:55:23,655 INFO L272 TraceCheckUtils]: 106: Hoare triple {16734#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16833#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:23,655 INFO L290 TraceCheckUtils]: 107: Hoare triple {16833#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,655 INFO L290 TraceCheckUtils]: 108: Hoare triple {16733#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,655 INFO L290 TraceCheckUtils]: 109: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,656 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {16733#true} {16734#false} #1639#return; {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L290 TraceCheckUtils]: 111: Hoare triple {16734#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L290 TraceCheckUtils]: 112: Hoare triple {16734#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L272 TraceCheckUtils]: 113: Hoare triple {16734#false} call outgoing(~sender#1, ~email~0#1); {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L290 TraceCheckUtils]: 114: Hoare triple {16734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L290 TraceCheckUtils]: 115: Hoare triple {16734#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L272 TraceCheckUtils]: 116: Hoare triple {16734#false} call outgoing__before__Sign(~client#1, ~msg#1); {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L290 TraceCheckUtils]: 117: Hoare triple {16734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L290 TraceCheckUtils]: 118: Hoare triple {16734#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {16734#false} is VALID [2022-02-20 17:55:23,656 INFO L272 TraceCheckUtils]: 119: Hoare triple {16734#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {16734#false} is VALID [2022-02-20 17:55:23,657 INFO L290 TraceCheckUtils]: 120: Hoare triple {16734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {16734#false} is VALID [2022-02-20 17:55:23,657 INFO L290 TraceCheckUtils]: 121: Hoare triple {16734#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {16734#false} is VALID [2022-02-20 17:55:23,657 INFO L272 TraceCheckUtils]: 122: Hoare triple {16734#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {16734#false} is VALID [2022-02-20 17:55:23,657 INFO L290 TraceCheckUtils]: 123: Hoare triple {16734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {16734#false} is VALID [2022-02-20 17:55:23,657 INFO L290 TraceCheckUtils]: 124: Hoare triple {16734#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {16734#false} is VALID [2022-02-20 17:55:23,657 INFO L290 TraceCheckUtils]: 125: Hoare triple {16734#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {16734#false} is VALID [2022-02-20 17:55:23,657 INFO L272 TraceCheckUtils]: 126: Hoare triple {16734#false} call setEmailFrom(~msg#1, ~tmp~2#1); {16832#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:23,657 INFO L290 TraceCheckUtils]: 127: Hoare triple {16832#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16733#true} is VALID [2022-02-20 17:55:23,657 INFO L290 TraceCheckUtils]: 128: Hoare triple {16733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16733#true} is VALID [2022-02-20 17:55:23,657 INFO L290 TraceCheckUtils]: 129: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,658 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {16733#true} {16734#false} #1649#return; {16734#false} is VALID [2022-02-20 17:55:23,658 INFO L290 TraceCheckUtils]: 131: Hoare triple {16734#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {16734#false} is VALID [2022-02-20 17:55:23,658 INFO L272 TraceCheckUtils]: 132: Hoare triple {16734#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {16733#true} is VALID [2022-02-20 17:55:23,658 INFO L290 TraceCheckUtils]: 133: Hoare triple {16733#true} ~handle := #in~handle;havoc ~retValue_acc~19; {16733#true} is VALID [2022-02-20 17:55:23,658 INFO L290 TraceCheckUtils]: 134: Hoare triple {16733#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {16733#true} is VALID [2022-02-20 17:55:23,658 INFO L290 TraceCheckUtils]: 135: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,658 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {16733#true} {16734#false} #1651#return; {16734#false} is VALID [2022-02-20 17:55:23,658 INFO L290 TraceCheckUtils]: 137: Hoare triple {16734#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {16734#false} is VALID [2022-02-20 17:55:23,658 INFO L290 TraceCheckUtils]: 138: Hoare triple {16734#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {16734#false} is VALID [2022-02-20 17:55:23,658 INFO L272 TraceCheckUtils]: 139: Hoare triple {16734#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L290 TraceCheckUtils]: 140: Hoare triple {16734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L290 TraceCheckUtils]: 141: Hoare triple {16734#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L272 TraceCheckUtils]: 142: Hoare triple {16734#false} call incoming__before__Verify(~client#1, ~msg#1); {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L290 TraceCheckUtils]: 143: Hoare triple {16734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L290 TraceCheckUtils]: 144: Hoare triple {16734#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L272 TraceCheckUtils]: 145: Hoare triple {16734#false} call incoming__before__Forward(~client#1, ~msg#1); {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L290 TraceCheckUtils]: 146: Hoare triple {16734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L290 TraceCheckUtils]: 147: Hoare triple {16734#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {16734#false} is VALID [2022-02-20 17:55:23,659 INFO L272 TraceCheckUtils]: 148: Hoare triple {16734#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {16733#true} is VALID [2022-02-20 17:55:23,660 INFO L290 TraceCheckUtils]: 149: Hoare triple {16733#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {16733#true} is VALID [2022-02-20 17:55:23,660 INFO L290 TraceCheckUtils]: 150: Hoare triple {16733#true} assume { :end_inline_deliver } true; {16733#true} is VALID [2022-02-20 17:55:23,660 INFO L290 TraceCheckUtils]: 151: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,660 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {16733#true} {16734#false} #1707#return; {16734#false} is VALID [2022-02-20 17:55:23,660 INFO L290 TraceCheckUtils]: 153: Hoare triple {16734#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {16734#false} is VALID [2022-02-20 17:55:23,660 INFO L290 TraceCheckUtils]: 154: Hoare triple {16734#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {16734#false} is VALID [2022-02-20 17:55:23,660 INFO L290 TraceCheckUtils]: 155: Hoare triple {16734#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {16734#false} is VALID [2022-02-20 17:55:23,660 INFO L290 TraceCheckUtils]: 156: Hoare triple {16734#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {16734#false} is VALID [2022-02-20 17:55:23,660 INFO L272 TraceCheckUtils]: 157: Hoare triple {16734#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L290 TraceCheckUtils]: 158: Hoare triple {16733#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L290 TraceCheckUtils]: 159: Hoare triple {16733#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L272 TraceCheckUtils]: 160: Hoare triple {16733#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L290 TraceCheckUtils]: 161: Hoare triple {16733#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L290 TraceCheckUtils]: 162: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {16733#true} {16733#true} #1797#return; {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L290 TraceCheckUtils]: 164: Hoare triple {16733#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L290 TraceCheckUtils]: 165: Hoare triple {16733#true} assume true; {16733#true} is VALID [2022-02-20 17:55:23,661 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {16733#true} {16734#false} #1709#return; {16734#false} is VALID [2022-02-20 17:55:23,661 INFO L290 TraceCheckUtils]: 167: Hoare triple {16734#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {16734#false} is VALID [2022-02-20 17:55:23,662 INFO L290 TraceCheckUtils]: 168: Hoare triple {16734#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {16734#false} is VALID [2022-02-20 17:55:23,662 INFO L290 TraceCheckUtils]: 169: Hoare triple {16734#false} assume !false; {16734#false} is VALID [2022-02-20 17:55:23,662 INFO L134 CoverageAnalysis]: Checked inductivity of 102 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 96 trivial. 0 not checked. [2022-02-20 17:55:23,662 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:23,662 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1662936543] [2022-02-20 17:55:23,662 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1662936543] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:23,663 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:23,663 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-02-20 17:55:23,663 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [543357096] [2022-02-20 17:55:23,663 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:23,663 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 9 states have (on average 11.11111111111111) internal successors, (100), 7 states have internal predecessors, (100), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 170 [2022-02-20 17:55:23,664 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:23,664 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 9 states have (on average 11.11111111111111) internal successors, (100), 7 states have internal predecessors, (100), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:23,745 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 150 edges. 150 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:23,745 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 17:55:23,746 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:23,746 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 17:55:23,746 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:23,747 INFO L87 Difference]: Start difference. First operand 599 states and 883 transitions. Second operand has 10 states, 9 states have (on average 11.11111111111111) internal successors, (100), 7 states have internal predecessors, (100), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:33,915 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:33,916 INFO L93 Difference]: Finished difference Result 1254 states and 1889 transitions. [2022-02-20 17:55:33,916 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:55:33,916 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 9 states have (on average 11.11111111111111) internal successors, (100), 7 states have internal predecessors, (100), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 170 [2022-02-20 17:55:33,917 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:33,917 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 9 states have (on average 11.11111111111111) internal successors, (100), 7 states have internal predecessors, (100), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:33,937 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1883 transitions. [2022-02-20 17:55:33,938 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 9 states have (on average 11.11111111111111) internal successors, (100), 7 states have internal predecessors, (100), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:33,958 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1883 transitions. [2022-02-20 17:55:33,959 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1883 transitions. [2022-02-20 17:55:35,370 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1883 edges. 1883 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:35,397 INFO L225 Difference]: With dead ends: 1254 [2022-02-20 17:55:35,397 INFO L226 Difference]: Without dead ends: 733 [2022-02-20 17:55:35,399 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 62 GetRequests, 44 SyntacticMatches, 0 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=87, Invalid=293, Unknown=0, NotChecked=0, Total=380 [2022-02-20 17:55:35,399 INFO L933 BasicCegarLoop]: 858 mSDtfsCounter, 1550 mSDsluCounter, 1782 mSDsCounter, 0 mSdLazyCounter, 4166 mSolverCounterSat, 656 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1579 SdHoareTripleChecker+Valid, 2640 SdHoareTripleChecker+Invalid, 4822 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 656 IncrementalHoareTripleChecker+Valid, 4166 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:35,400 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1579 Valid, 2640 Invalid, 4822 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [656 Valid, 4166 Invalid, 0 Unknown, 0 Unchecked, 4.8s Time] [2022-02-20 17:55:35,401 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 733 states. [2022-02-20 17:55:35,441 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 733 to 601. [2022-02-20 17:55:35,441 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:35,443 INFO L82 GeneralOperation]: Start isEquivalent. First operand 733 states. Second operand has 601 states, 445 states have (on average 1.489887640449438) internal successors, (663), 465 states have internal predecessors, (663), 109 states have call successors, (109), 43 states have call predecessors, (109), 46 states have return successors, (113), 109 states have call predecessors, (113), 108 states have call successors, (113) [2022-02-20 17:55:35,444 INFO L74 IsIncluded]: Start isIncluded. First operand 733 states. Second operand has 601 states, 445 states have (on average 1.489887640449438) internal successors, (663), 465 states have internal predecessors, (663), 109 states have call successors, (109), 43 states have call predecessors, (109), 46 states have return successors, (113), 109 states have call predecessors, (113), 108 states have call successors, (113) [2022-02-20 17:55:35,445 INFO L87 Difference]: Start difference. First operand 733 states. Second operand has 601 states, 445 states have (on average 1.489887640449438) internal successors, (663), 465 states have internal predecessors, (663), 109 states have call successors, (109), 43 states have call predecessors, (109), 46 states have return successors, (113), 109 states have call predecessors, (113), 108 states have call successors, (113) [2022-02-20 17:55:35,467 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:35,467 INFO L93 Difference]: Finished difference Result 733 states and 1112 transitions. [2022-02-20 17:55:35,467 INFO L276 IsEmpty]: Start isEmpty. Operand 733 states and 1112 transitions. [2022-02-20 17:55:35,470 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:35,470 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:35,472 INFO L74 IsIncluded]: Start isIncluded. First operand has 601 states, 445 states have (on average 1.489887640449438) internal successors, (663), 465 states have internal predecessors, (663), 109 states have call successors, (109), 43 states have call predecessors, (109), 46 states have return successors, (113), 109 states have call predecessors, (113), 108 states have call successors, (113) Second operand 733 states. [2022-02-20 17:55:35,473 INFO L87 Difference]: Start difference. First operand has 601 states, 445 states have (on average 1.489887640449438) internal successors, (663), 465 states have internal predecessors, (663), 109 states have call successors, (109), 43 states have call predecessors, (109), 46 states have return successors, (113), 109 states have call predecessors, (113), 108 states have call successors, (113) Second operand 733 states. [2022-02-20 17:55:35,495 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:35,496 INFO L93 Difference]: Finished difference Result 733 states and 1112 transitions. [2022-02-20 17:55:35,496 INFO L276 IsEmpty]: Start isEmpty. Operand 733 states and 1112 transitions. [2022-02-20 17:55:35,498 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:35,498 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:35,498 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:35,498 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:35,500 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 601 states, 445 states have (on average 1.489887640449438) internal successors, (663), 465 states have internal predecessors, (663), 109 states have call successors, (109), 43 states have call predecessors, (109), 46 states have return successors, (113), 109 states have call predecessors, (113), 108 states have call successors, (113) [2022-02-20 17:55:35,520 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 601 states to 601 states and 885 transitions. [2022-02-20 17:55:35,520 INFO L78 Accepts]: Start accepts. Automaton has 601 states and 885 transitions. Word has length 170 [2022-02-20 17:55:35,520 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:35,520 INFO L470 AbstractCegarLoop]: Abstraction has 601 states and 885 transitions. [2022-02-20 17:55:35,521 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 9 states have (on average 11.11111111111111) internal successors, (100), 7 states have internal predecessors, (100), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:35,521 INFO L276 IsEmpty]: Start isEmpty. Operand 601 states and 885 transitions. [2022-02-20 17:55:35,523 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-02-20 17:55:35,523 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:35,523 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:35,523 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 17:55:35,523 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:35,524 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:35,524 INFO L85 PathProgramCache]: Analyzing trace with hash -615292350, now seen corresponding path program 2 times [2022-02-20 17:55:35,524 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:35,524 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1569974647] [2022-02-20 17:55:35,524 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:35,524 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:35,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,587 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:55:35,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,592 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,592 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,592 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1721#return; {20891#true} is VALID [2022-02-20 17:55:35,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:55:35,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,595 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,596 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1723#return; {20891#true} is VALID [2022-02-20 17:55:35,596 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:55:35,597 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,599 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,599 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1725#return; {20891#true} is VALID [2022-02-20 17:55:35,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:35,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,603 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1727#return; {20891#true} is VALID [2022-02-20 17:55:35,603 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:55:35,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,606 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,607 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1729#return; {20891#true} is VALID [2022-02-20 17:55:35,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:55:35,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,610 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,610 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,610 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1731#return; {20891#true} is VALID [2022-02-20 17:55:35,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:55:35,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,615 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1733#return; {20891#true} is VALID [2022-02-20 17:55:35,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:35,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,619 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,619 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,619 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1735#return; {20891#true} is VALID [2022-02-20 17:55:35,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:55:35,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,629 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:35,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,632 INFO L290 TraceCheckUtils]: 0: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,632 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,632 INFO L290 TraceCheckUtils]: 2: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,632 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20891#true} {20891#true} #1719#return; {20891#true} is VALID [2022-02-20 17:55:35,632 INFO L290 TraceCheckUtils]: 0: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {20891#true} is VALID [2022-02-20 17:55:35,633 INFO L272 TraceCheckUtils]: 1: Hoare triple {20891#true} call setClientId(~bob___0, ~bob___0); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,633 INFO L290 TraceCheckUtils]: 2: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,633 INFO L290 TraceCheckUtils]: 3: Hoare triple {20891#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,633 INFO L290 TraceCheckUtils]: 4: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,633 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20891#true} {20891#true} #1719#return; {20891#true} is VALID [2022-02-20 17:55:35,633 INFO L290 TraceCheckUtils]: 6: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,633 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {20891#true} {20891#true} #1741#return; {20891#true} is VALID [2022-02-20 17:55:35,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:55:35,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,638 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:35,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume !(1 == ~handle); {20891#true} is VALID [2022-02-20 17:55:35,640 INFO L290 TraceCheckUtils]: 2: Hoare triple {20891#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,640 INFO L290 TraceCheckUtils]: 3: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,640 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20891#true} {20891#true} #1669#return; {20891#true} is VALID [2022-02-20 17:55:35,641 INFO L290 TraceCheckUtils]: 0: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {20891#true} is VALID [2022-02-20 17:55:35,641 INFO L272 TraceCheckUtils]: 1: Hoare triple {20891#true} call setClientId(~rjh___0, ~rjh___0); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,641 INFO L290 TraceCheckUtils]: 2: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,641 INFO L290 TraceCheckUtils]: 3: Hoare triple {20891#true} assume !(1 == ~handle); {20891#true} is VALID [2022-02-20 17:55:35,641 INFO L290 TraceCheckUtils]: 4: Hoare triple {20891#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,642 INFO L290 TraceCheckUtils]: 5: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,642 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {20891#true} {20891#true} #1669#return; {20891#true} is VALID [2022-02-20 17:55:35,642 INFO L290 TraceCheckUtils]: 7: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,642 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {20891#true} {20891#true} #1747#return; {20891#true} is VALID [2022-02-20 17:55:35,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:55:35,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:35,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,670 INFO L290 TraceCheckUtils]: 0: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20990#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,670 INFO L290 TraceCheckUtils]: 1: Hoare triple {20990#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20990#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,671 INFO L290 TraceCheckUtils]: 2: Hoare triple {20990#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20991#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,671 INFO L290 TraceCheckUtils]: 3: Hoare triple {20991#(= 2 |setClientId_#in~handle|)} assume true; {20991#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,671 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20991#(= 2 |setClientId_#in~handle|)} {20983#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:35,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {20983#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:35,672 INFO L272 TraceCheckUtils]: 1: Hoare triple {20983#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,673 INFO L290 TraceCheckUtils]: 2: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20990#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,673 INFO L290 TraceCheckUtils]: 3: Hoare triple {20990#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20990#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,673 INFO L290 TraceCheckUtils]: 4: Hoare triple {20990#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20991#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,673 INFO L290 TraceCheckUtils]: 5: Hoare triple {20991#(= 2 |setClientId_#in~handle|)} assume true; {20991#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,674 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {20991#(= 2 |setClientId_#in~handle|)} {20983#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:35,674 INFO L290 TraceCheckUtils]: 7: Hoare triple {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} assume true; {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:35,675 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} {20934#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #1753#return; {20892#false} is VALID [2022-02-20 17:55:35,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:55:35,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {20992#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,684 INFO L290 TraceCheckUtils]: 2: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,684 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20891#true} {20892#false} #1637#return; {20892#false} is VALID [2022-02-20 17:55:35,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 17:55:35,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {20993#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,693 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,693 INFO L290 TraceCheckUtils]: 2: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,693 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20891#true} {20892#false} #1639#return; {20892#false} is VALID [2022-02-20 17:55:35,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:55:35,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,696 INFO L290 TraceCheckUtils]: 0: Hoare triple {20992#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,696 INFO L290 TraceCheckUtils]: 2: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,696 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20891#true} {20892#false} #1649#return; {20892#false} is VALID [2022-02-20 17:55:35,696 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 17:55:35,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} ~handle := #in~handle;havoc ~retValue_acc~19; {20891#true} is VALID [2022-02-20 17:55:35,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {20891#true} is VALID [2022-02-20 17:55:35,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,702 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20891#true} {20892#false} #1651#return; {20892#false} is VALID [2022-02-20 17:55:35,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 17:55:35,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,706 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {20891#true} is VALID [2022-02-20 17:55:35,706 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume { :end_inline_deliver } true; {20891#true} is VALID [2022-02-20 17:55:35,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20891#true} {20892#false} #1707#return; {20892#false} is VALID [2022-02-20 17:55:35,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 158 [2022-02-20 17:55:35,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,711 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:55:35,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:35,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {20891#true} is VALID [2022-02-20 17:55:35,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,713 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20891#true} {20891#true} #1797#return; {20891#true} is VALID [2022-02-20 17:55:35,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {20891#true} is VALID [2022-02-20 17:55:35,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {20891#true} is VALID [2022-02-20 17:55:35,713 INFO L272 TraceCheckUtils]: 2: Hoare triple {20891#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {20891#true} is VALID [2022-02-20 17:55:35,713 INFO L290 TraceCheckUtils]: 3: Hoare triple {20891#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {20891#true} is VALID [2022-02-20 17:55:35,714 INFO L290 TraceCheckUtils]: 4: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,714 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20891#true} {20891#true} #1797#return; {20891#true} is VALID [2022-02-20 17:55:35,714 INFO L290 TraceCheckUtils]: 6: Hoare triple {20891#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {20891#true} is VALID [2022-02-20 17:55:35,714 INFO L290 TraceCheckUtils]: 7: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,714 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {20891#true} {20892#false} #1709#return; {20892#false} is VALID [2022-02-20 17:55:35,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {20891#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {20891#true} is VALID [2022-02-20 17:55:35,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {20891#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {20891#true} is VALID [2022-02-20 17:55:35,714 INFO L290 TraceCheckUtils]: 2: Hoare triple {20891#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {20891#true} is VALID [2022-02-20 17:55:35,714 INFO L272 TraceCheckUtils]: 3: Hoare triple {20891#true} call select_features_#t~ret5#1 := select_one(); {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L290 TraceCheckUtils]: 4: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L290 TraceCheckUtils]: 5: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {20891#true} {20891#true} #1721#return; {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L290 TraceCheckUtils]: 7: Hoare triple {20891#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L272 TraceCheckUtils]: 8: Hoare triple {20891#true} call select_features_#t~ret6#1 := select_one(); {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L290 TraceCheckUtils]: 9: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L290 TraceCheckUtils]: 10: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {20891#true} {20891#true} #1723#return; {20891#true} is VALID [2022-02-20 17:55:35,715 INFO L290 TraceCheckUtils]: 12: Hoare triple {20891#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L272 TraceCheckUtils]: 13: Hoare triple {20891#true} call select_features_#t~ret7#1 := select_one(); {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L290 TraceCheckUtils]: 14: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L290 TraceCheckUtils]: 15: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {20891#true} {20891#true} #1725#return; {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L290 TraceCheckUtils]: 17: Hoare triple {20891#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L272 TraceCheckUtils]: 18: Hoare triple {20891#true} call select_features_#t~ret8#1 := select_one(); {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L290 TraceCheckUtils]: 19: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L290 TraceCheckUtils]: 20: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {20891#true} {20891#true} #1727#return; {20891#true} is VALID [2022-02-20 17:55:35,716 INFO L290 TraceCheckUtils]: 22: Hoare triple {20891#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L272 TraceCheckUtils]: 23: Hoare triple {20891#true} call select_features_#t~ret9#1 := select_one(); {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L290 TraceCheckUtils]: 24: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L290 TraceCheckUtils]: 25: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {20891#true} {20891#true} #1729#return; {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L290 TraceCheckUtils]: 27: Hoare triple {20891#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L272 TraceCheckUtils]: 28: Hoare triple {20891#true} call select_features_#t~ret10#1 := select_one(); {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L290 TraceCheckUtils]: 29: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L290 TraceCheckUtils]: 30: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {20891#true} {20891#true} #1731#return; {20891#true} is VALID [2022-02-20 17:55:35,717 INFO L290 TraceCheckUtils]: 32: Hoare triple {20891#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L272 TraceCheckUtils]: 33: Hoare triple {20891#true} call select_features_#t~ret11#1 := select_one(); {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L290 TraceCheckUtils]: 34: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L290 TraceCheckUtils]: 35: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {20891#true} {20891#true} #1733#return; {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L290 TraceCheckUtils]: 37: Hoare triple {20891#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L272 TraceCheckUtils]: 38: Hoare triple {20891#true} call select_features_#t~ret12#1 := select_one(); {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L290 TraceCheckUtils]: 39: Hoare triple {20891#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L290 TraceCheckUtils]: 40: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {20891#true} {20891#true} #1735#return; {20891#true} is VALID [2022-02-20 17:55:35,718 INFO L290 TraceCheckUtils]: 42: Hoare triple {20891#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 43: Hoare triple {20891#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 44: Hoare triple {20891#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 45: Hoare triple {20891#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 46: Hoare triple {20891#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 47: Hoare triple {20891#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 48: Hoare triple {20891#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 49: Hoare triple {20891#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 50: Hoare triple {20891#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {20891#true} is VALID [2022-02-20 17:55:35,719 INFO L290 TraceCheckUtils]: 51: Hoare triple {20891#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {20891#true} is VALID [2022-02-20 17:55:35,720 INFO L290 TraceCheckUtils]: 52: Hoare triple {20891#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {20891#true} is VALID [2022-02-20 17:55:35,720 INFO L290 TraceCheckUtils]: 53: Hoare triple {20891#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {20891#true} is VALID [2022-02-20 17:55:35,720 INFO L290 TraceCheckUtils]: 54: Hoare triple {20891#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {20891#true} is VALID [2022-02-20 17:55:35,720 INFO L272 TraceCheckUtils]: 55: Hoare triple {20891#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,720 INFO L290 TraceCheckUtils]: 56: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {20891#true} is VALID [2022-02-20 17:55:35,721 INFO L272 TraceCheckUtils]: 57: Hoare triple {20891#true} call setClientId(~bob___0, ~bob___0); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,721 INFO L290 TraceCheckUtils]: 58: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,721 INFO L290 TraceCheckUtils]: 59: Hoare triple {20891#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,721 INFO L290 TraceCheckUtils]: 60: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,721 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {20891#true} {20891#true} #1719#return; {20891#true} is VALID [2022-02-20 17:55:35,721 INFO L290 TraceCheckUtils]: 62: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,722 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {20891#true} {20891#true} #1741#return; {20891#true} is VALID [2022-02-20 17:55:35,722 INFO L290 TraceCheckUtils]: 64: Hoare triple {20891#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {20891#true} is VALID [2022-02-20 17:55:35,722 INFO L290 TraceCheckUtils]: 65: Hoare triple {20891#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {20891#true} is VALID [2022-02-20 17:55:35,722 INFO L272 TraceCheckUtils]: 66: Hoare triple {20891#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,722 INFO L290 TraceCheckUtils]: 67: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {20891#true} is VALID [2022-02-20 17:55:35,723 INFO L272 TraceCheckUtils]: 68: Hoare triple {20891#true} call setClientId(~rjh___0, ~rjh___0); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,723 INFO L290 TraceCheckUtils]: 69: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,723 INFO L290 TraceCheckUtils]: 70: Hoare triple {20891#true} assume !(1 == ~handle); {20891#true} is VALID [2022-02-20 17:55:35,723 INFO L290 TraceCheckUtils]: 71: Hoare triple {20891#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,723 INFO L290 TraceCheckUtils]: 72: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,723 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {20891#true} {20891#true} #1669#return; {20891#true} is VALID [2022-02-20 17:55:35,723 INFO L290 TraceCheckUtils]: 74: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,724 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {20891#true} {20891#true} #1747#return; {20891#true} is VALID [2022-02-20 17:55:35,724 INFO L290 TraceCheckUtils]: 76: Hoare triple {20891#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {20934#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:55:35,724 INFO L290 TraceCheckUtils]: 77: Hoare triple {20934#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {20934#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:55:35,725 INFO L272 TraceCheckUtils]: 78: Hoare triple {20934#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,725 INFO L290 TraceCheckUtils]: 79: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {20983#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:35,725 INFO L272 TraceCheckUtils]: 80: Hoare triple {20983#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:35,726 INFO L290 TraceCheckUtils]: 81: Hoare triple {20973#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20990#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,726 INFO L290 TraceCheckUtils]: 82: Hoare triple {20990#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20990#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,726 INFO L290 TraceCheckUtils]: 83: Hoare triple {20990#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20991#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,726 INFO L290 TraceCheckUtils]: 84: Hoare triple {20991#(= 2 |setClientId_#in~handle|)} assume true; {20991#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:35,727 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {20991#(= 2 |setClientId_#in~handle|)} {20983#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1615#return; {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:35,727 INFO L290 TraceCheckUtils]: 86: Hoare triple {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} assume true; {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:55:35,728 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {20989#(= 2 |setup_chuck__before__Keys_#in~chuck___0|)} {20934#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} #1753#return; {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 88: Hoare triple {20892#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 89: Hoare triple {20892#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 90: Hoare triple {20892#false} assume !false; {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 91: Hoare triple {20892#false} assume test_~splverifierCounter~0#1 < 4; {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 92: Hoare triple {20892#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 93: Hoare triple {20892#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet110#1 && test_#t~nondet110#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet110#1;havoc test_#t~nondet110#1; {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 94: Hoare triple {20892#false} assume 0 != test_~tmp___9~0#1; {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 95: Hoare triple {20892#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {20892#false} is VALID [2022-02-20 17:55:35,728 INFO L290 TraceCheckUtils]: 96: Hoare triple {20892#false} test_~op1~0#1 := 1; {20892#false} is VALID [2022-02-20 17:55:35,729 INFO L290 TraceCheckUtils]: 97: Hoare triple {20892#false} assume !false; {20892#false} is VALID [2022-02-20 17:55:35,729 INFO L290 TraceCheckUtils]: 98: Hoare triple {20892#false} assume !(test_~splverifierCounter~0#1 < 4); {20892#false} is VALID [2022-02-20 17:55:35,729 INFO L290 TraceCheckUtils]: 99: Hoare triple {20892#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {20892#false} is VALID [2022-02-20 17:55:35,729 INFO L272 TraceCheckUtils]: 100: Hoare triple {20892#false} call sendEmail(~bob~0, ~rjh~0); {20892#false} is VALID [2022-02-20 17:55:35,729 INFO L290 TraceCheckUtils]: 101: Hoare triple {20892#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {20892#false} is VALID [2022-02-20 17:55:35,729 INFO L272 TraceCheckUtils]: 102: Hoare triple {20892#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20992#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:35,729 INFO L290 TraceCheckUtils]: 103: Hoare triple {20992#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,729 INFO L290 TraceCheckUtils]: 104: Hoare triple {20891#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,729 INFO L290 TraceCheckUtils]: 105: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,730 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {20891#true} {20892#false} #1637#return; {20892#false} is VALID [2022-02-20 17:55:35,730 INFO L272 TraceCheckUtils]: 107: Hoare triple {20892#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {20993#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:35,730 INFO L290 TraceCheckUtils]: 108: Hoare triple {20993#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,730 INFO L290 TraceCheckUtils]: 109: Hoare triple {20891#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,730 INFO L290 TraceCheckUtils]: 110: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,730 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {20891#true} {20892#false} #1639#return; {20892#false} is VALID [2022-02-20 17:55:35,730 INFO L290 TraceCheckUtils]: 112: Hoare triple {20892#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {20892#false} is VALID [2022-02-20 17:55:35,730 INFO L290 TraceCheckUtils]: 113: Hoare triple {20892#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {20892#false} is VALID [2022-02-20 17:55:35,730 INFO L272 TraceCheckUtils]: 114: Hoare triple {20892#false} call outgoing(~sender#1, ~email~0#1); {20892#false} is VALID [2022-02-20 17:55:35,730 INFO L290 TraceCheckUtils]: 115: Hoare triple {20892#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L290 TraceCheckUtils]: 116: Hoare triple {20892#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L272 TraceCheckUtils]: 117: Hoare triple {20892#false} call outgoing__before__Sign(~client#1, ~msg#1); {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L290 TraceCheckUtils]: 118: Hoare triple {20892#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L290 TraceCheckUtils]: 119: Hoare triple {20892#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L272 TraceCheckUtils]: 120: Hoare triple {20892#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L290 TraceCheckUtils]: 121: Hoare triple {20892#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L290 TraceCheckUtils]: 122: Hoare triple {20892#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L272 TraceCheckUtils]: 123: Hoare triple {20892#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {20892#false} is VALID [2022-02-20 17:55:35,731 INFO L290 TraceCheckUtils]: 124: Hoare triple {20892#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {20892#false} is VALID [2022-02-20 17:55:35,732 INFO L290 TraceCheckUtils]: 125: Hoare triple {20892#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {20892#false} is VALID [2022-02-20 17:55:35,732 INFO L290 TraceCheckUtils]: 126: Hoare triple {20892#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {20892#false} is VALID [2022-02-20 17:55:35,732 INFO L272 TraceCheckUtils]: 127: Hoare triple {20892#false} call setEmailFrom(~msg#1, ~tmp~2#1); {20992#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:35,732 INFO L290 TraceCheckUtils]: 128: Hoare triple {20992#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20891#true} is VALID [2022-02-20 17:55:35,732 INFO L290 TraceCheckUtils]: 129: Hoare triple {20891#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20891#true} is VALID [2022-02-20 17:55:35,732 INFO L290 TraceCheckUtils]: 130: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,732 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {20891#true} {20892#false} #1649#return; {20892#false} is VALID [2022-02-20 17:55:35,732 INFO L290 TraceCheckUtils]: 132: Hoare triple {20892#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {20892#false} is VALID [2022-02-20 17:55:35,732 INFO L272 TraceCheckUtils]: 133: Hoare triple {20892#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {20891#true} is VALID [2022-02-20 17:55:35,732 INFO L290 TraceCheckUtils]: 134: Hoare triple {20891#true} ~handle := #in~handle;havoc ~retValue_acc~19; {20891#true} is VALID [2022-02-20 17:55:35,733 INFO L290 TraceCheckUtils]: 135: Hoare triple {20891#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {20891#true} is VALID [2022-02-20 17:55:35,733 INFO L290 TraceCheckUtils]: 136: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,733 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {20891#true} {20892#false} #1651#return; {20892#false} is VALID [2022-02-20 17:55:35,733 INFO L290 TraceCheckUtils]: 138: Hoare triple {20892#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {20892#false} is VALID [2022-02-20 17:55:35,733 INFO L290 TraceCheckUtils]: 139: Hoare triple {20892#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {20892#false} is VALID [2022-02-20 17:55:35,733 INFO L272 TraceCheckUtils]: 140: Hoare triple {20892#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {20892#false} is VALID [2022-02-20 17:55:35,733 INFO L290 TraceCheckUtils]: 141: Hoare triple {20892#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20892#false} is VALID [2022-02-20 17:55:35,733 INFO L290 TraceCheckUtils]: 142: Hoare triple {20892#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {20892#false} is VALID [2022-02-20 17:55:35,733 INFO L272 TraceCheckUtils]: 143: Hoare triple {20892#false} call incoming__before__Verify(~client#1, ~msg#1); {20892#false} is VALID [2022-02-20 17:55:35,733 INFO L290 TraceCheckUtils]: 144: Hoare triple {20892#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20892#false} is VALID [2022-02-20 17:55:35,734 INFO L290 TraceCheckUtils]: 145: Hoare triple {20892#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {20892#false} is VALID [2022-02-20 17:55:35,734 INFO L272 TraceCheckUtils]: 146: Hoare triple {20892#false} call incoming__before__Forward(~client#1, ~msg#1); {20892#false} is VALID [2022-02-20 17:55:35,734 INFO L290 TraceCheckUtils]: 147: Hoare triple {20892#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20892#false} is VALID [2022-02-20 17:55:35,734 INFO L290 TraceCheckUtils]: 148: Hoare triple {20892#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {20892#false} is VALID [2022-02-20 17:55:35,734 INFO L272 TraceCheckUtils]: 149: Hoare triple {20892#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {20891#true} is VALID [2022-02-20 17:55:35,734 INFO L290 TraceCheckUtils]: 150: Hoare triple {20891#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {20891#true} is VALID [2022-02-20 17:55:35,734 INFO L290 TraceCheckUtils]: 151: Hoare triple {20891#true} assume { :end_inline_deliver } true; {20891#true} is VALID [2022-02-20 17:55:35,734 INFO L290 TraceCheckUtils]: 152: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,734 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {20891#true} {20892#false} #1707#return; {20892#false} is VALID [2022-02-20 17:55:35,735 INFO L290 TraceCheckUtils]: 154: Hoare triple {20892#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {20892#false} is VALID [2022-02-20 17:55:35,735 INFO L290 TraceCheckUtils]: 155: Hoare triple {20892#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {20892#false} is VALID [2022-02-20 17:55:35,735 INFO L290 TraceCheckUtils]: 156: Hoare triple {20892#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {20892#false} is VALID [2022-02-20 17:55:35,735 INFO L290 TraceCheckUtils]: 157: Hoare triple {20892#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {20892#false} is VALID [2022-02-20 17:55:35,735 INFO L272 TraceCheckUtils]: 158: Hoare triple {20892#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {20891#true} is VALID [2022-02-20 17:55:35,735 INFO L290 TraceCheckUtils]: 159: Hoare triple {20891#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {20891#true} is VALID [2022-02-20 17:55:35,735 INFO L290 TraceCheckUtils]: 160: Hoare triple {20891#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {20891#true} is VALID [2022-02-20 17:55:35,736 INFO L272 TraceCheckUtils]: 161: Hoare triple {20891#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {20891#true} is VALID [2022-02-20 17:55:35,736 INFO L290 TraceCheckUtils]: 162: Hoare triple {20891#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {20891#true} is VALID [2022-02-20 17:55:35,736 INFO L290 TraceCheckUtils]: 163: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,736 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {20891#true} {20891#true} #1797#return; {20891#true} is VALID [2022-02-20 17:55:35,736 INFO L290 TraceCheckUtils]: 165: Hoare triple {20891#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {20891#true} is VALID [2022-02-20 17:55:35,736 INFO L290 TraceCheckUtils]: 166: Hoare triple {20891#true} assume true; {20891#true} is VALID [2022-02-20 17:55:35,736 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {20891#true} {20892#false} #1709#return; {20892#false} is VALID [2022-02-20 17:55:35,736 INFO L290 TraceCheckUtils]: 168: Hoare triple {20892#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {20892#false} is VALID [2022-02-20 17:55:35,736 INFO L290 TraceCheckUtils]: 169: Hoare triple {20892#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {20892#false} is VALID [2022-02-20 17:55:35,737 INFO L290 TraceCheckUtils]: 170: Hoare triple {20892#false} assume !false; {20892#false} is VALID [2022-02-20 17:55:35,737 INFO L134 CoverageAnalysis]: Checked inductivity of 103 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 96 trivial. 0 not checked. [2022-02-20 17:55:35,737 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:35,737 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1569974647] [2022-02-20 17:55:35,737 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1569974647] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:35,737 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:35,738 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-02-20 17:55:35,738 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [281158487] [2022-02-20 17:55:35,738 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:35,738 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 9 states have (on average 11.222222222222221) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 171 [2022-02-20 17:55:35,739 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:35,739 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 9 states have (on average 11.222222222222221) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:35,835 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 151 edges. 151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:35,835 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 17:55:35,835 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:35,835 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 17:55:35,835 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:35,836 INFO L87 Difference]: Start difference. First operand 601 states and 885 transitions. Second operand has 10 states, 9 states have (on average 11.222222222222221) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:45,937 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:45,937 INFO L93 Difference]: Finished difference Result 1258 states and 1895 transitions. [2022-02-20 17:55:45,937 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:55:45,937 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 9 states have (on average 11.222222222222221) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 171 [2022-02-20 17:55:45,938 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:45,938 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 9 states have (on average 11.222222222222221) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:45,957 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1883 transitions. [2022-02-20 17:55:45,957 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 9 states have (on average 11.222222222222221) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:45,987 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1883 transitions. [2022-02-20 17:55:45,988 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1883 transitions. [2022-02-20 17:55:47,420 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1883 edges. 1883 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:47,446 INFO L225 Difference]: With dead ends: 1258 [2022-02-20 17:55:47,446 INFO L226 Difference]: Without dead ends: 737 [2022-02-20 17:55:47,447 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 62 GetRequests, 44 SyntacticMatches, 0 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=87, Invalid=293, Unknown=0, NotChecked=0, Total=380 [2022-02-20 17:55:47,448 INFO L933 BasicCegarLoop]: 867 mSDtfsCounter, 1540 mSDsluCounter, 1782 mSDsCounter, 0 mSdLazyCounter, 4248 mSolverCounterSat, 658 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1568 SdHoareTripleChecker+Valid, 2649 SdHoareTripleChecker+Invalid, 4906 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 658 IncrementalHoareTripleChecker+Valid, 4248 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:47,448 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1568 Valid, 2649 Invalid, 4906 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [658 Valid, 4248 Invalid, 0 Unknown, 0 Unchecked, 4.7s Time] [2022-02-20 17:55:47,449 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 737 states. [2022-02-20 17:55:47,503 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 737 to 603. [2022-02-20 17:55:47,504 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:47,505 INFO L82 GeneralOperation]: Start isEquivalent. First operand 737 states. Second operand has 603 states, 446 states have (on average 1.4887892376681615) internal successors, (664), 467 states have internal predecessors, (664), 109 states have call successors, (109), 43 states have call predecessors, (109), 47 states have return successors, (116), 109 states have call predecessors, (116), 108 states have call successors, (116) [2022-02-20 17:55:47,506 INFO L74 IsIncluded]: Start isIncluded. First operand 737 states. Second operand has 603 states, 446 states have (on average 1.4887892376681615) internal successors, (664), 467 states have internal predecessors, (664), 109 states have call successors, (109), 43 states have call predecessors, (109), 47 states have return successors, (116), 109 states have call predecessors, (116), 108 states have call successors, (116) [2022-02-20 17:55:47,507 INFO L87 Difference]: Start difference. First operand 737 states. Second operand has 603 states, 446 states have (on average 1.4887892376681615) internal successors, (664), 467 states have internal predecessors, (664), 109 states have call successors, (109), 43 states have call predecessors, (109), 47 states have return successors, (116), 109 states have call predecessors, (116), 108 states have call successors, (116) [2022-02-20 17:55:47,528 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:47,529 INFO L93 Difference]: Finished difference Result 737 states and 1118 transitions. [2022-02-20 17:55:47,529 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1118 transitions. [2022-02-20 17:55:47,531 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:47,531 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:47,532 INFO L74 IsIncluded]: Start isIncluded. First operand has 603 states, 446 states have (on average 1.4887892376681615) internal successors, (664), 467 states have internal predecessors, (664), 109 states have call successors, (109), 43 states have call predecessors, (109), 47 states have return successors, (116), 109 states have call predecessors, (116), 108 states have call successors, (116) Second operand 737 states. [2022-02-20 17:55:47,533 INFO L87 Difference]: Start difference. First operand has 603 states, 446 states have (on average 1.4887892376681615) internal successors, (664), 467 states have internal predecessors, (664), 109 states have call successors, (109), 43 states have call predecessors, (109), 47 states have return successors, (116), 109 states have call predecessors, (116), 108 states have call successors, (116) Second operand 737 states. [2022-02-20 17:55:47,555 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:47,555 INFO L93 Difference]: Finished difference Result 737 states and 1118 transitions. [2022-02-20 17:55:47,555 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1118 transitions. [2022-02-20 17:55:47,558 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:47,558 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:47,558 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:47,558 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:47,559 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 603 states, 446 states have (on average 1.4887892376681615) internal successors, (664), 467 states have internal predecessors, (664), 109 states have call successors, (109), 43 states have call predecessors, (109), 47 states have return successors, (116), 109 states have call predecessors, (116), 108 states have call successors, (116) [2022-02-20 17:55:47,579 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 603 states to 603 states and 889 transitions. [2022-02-20 17:55:47,580 INFO L78 Accepts]: Start accepts. Automaton has 603 states and 889 transitions. Word has length 171 [2022-02-20 17:55:47,581 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:47,581 INFO L470 AbstractCegarLoop]: Abstraction has 603 states and 889 transitions. [2022-02-20 17:55:47,581 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 9 states have (on average 11.222222222222221) internal successors, (101), 7 states have internal predecessors, (101), 4 states have call successors, (29), 5 states have call predecessors, (29), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:55:47,582 INFO L276 IsEmpty]: Start isEmpty. Operand 603 states and 889 transitions. [2022-02-20 17:55:47,584 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 173 [2022-02-20 17:55:47,584 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:47,584 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:47,585 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:55:47,585 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__ForwardErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:47,585 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:47,585 INFO L85 PathProgramCache]: Analyzing trace with hash -1506290165, now seen corresponding path program 1 times [2022-02-20 17:55:47,585 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:47,585 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [849702468] [2022-02-20 17:55:47,585 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:47,586 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:47,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:55:47,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,665 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,666 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,666 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1721#return; {25065#true} is VALID [2022-02-20 17:55:47,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:55:47,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,669 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1723#return; {25065#true} is VALID [2022-02-20 17:55:47,669 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:55:47,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,672 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1725#return; {25065#true} is VALID [2022-02-20 17:55:47,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:47,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,674 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1727#return; {25065#true} is VALID [2022-02-20 17:55:47,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:55:47,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,677 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,677 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,677 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1729#return; {25065#true} is VALID [2022-02-20 17:55:47,678 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:55:47,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,680 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,680 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,680 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1731#return; {25065#true} is VALID [2022-02-20 17:55:47,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:55:47,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,684 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1733#return; {25065#true} is VALID [2022-02-20 17:55:47,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:47,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,687 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1735#return; {25065#true} is VALID [2022-02-20 17:55:47,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:55:47,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:47,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,696 INFO L290 TraceCheckUtils]: 0: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,696 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,696 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25065#true} {25065#true} #1719#return; {25065#true} is VALID [2022-02-20 17:55:47,696 INFO L290 TraceCheckUtils]: 0: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25065#true} is VALID [2022-02-20 17:55:47,697 INFO L272 TraceCheckUtils]: 1: Hoare triple {25065#true} call setClientId(~bob___0, ~bob___0); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,697 INFO L290 TraceCheckUtils]: 3: Hoare triple {25065#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,697 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,697 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25065#true} {25065#true} #1719#return; {25065#true} is VALID [2022-02-20 17:55:47,698 INFO L290 TraceCheckUtils]: 6: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,698 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25065#true} {25065#true} #1741#return; {25065#true} is VALID [2022-02-20 17:55:47,698 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:55:47,699 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:47,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,703 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,703 INFO L290 TraceCheckUtils]: 3: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,703 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25065#true} {25065#true} #1669#return; {25065#true} is VALID [2022-02-20 17:55:47,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25065#true} is VALID [2022-02-20 17:55:47,704 INFO L272 TraceCheckUtils]: 1: Hoare triple {25065#true} call setClientId(~rjh___0, ~rjh___0); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,704 INFO L290 TraceCheckUtils]: 3: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,704 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,704 INFO L290 TraceCheckUtils]: 5: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,704 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25065#true} {25065#true} #1669#return; {25065#true} is VALID [2022-02-20 17:55:47,704 INFO L290 TraceCheckUtils]: 7: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,704 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {25065#true} {25065#true} #1747#return; {25065#true} is VALID [2022-02-20 17:55:47,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:55:47,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,708 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:55:47,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,712 INFO L290 TraceCheckUtils]: 0: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,712 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,712 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume !(2 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,712 INFO L290 TraceCheckUtils]: 3: Hoare triple {25065#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,713 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,713 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25065#true} {25065#true} #1615#return; {25065#true} is VALID [2022-02-20 17:55:47,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25065#true} is VALID [2022-02-20 17:55:47,713 INFO L272 TraceCheckUtils]: 1: Hoare triple {25065#true} call setClientId(~chuck___0, ~chuck___0); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,714 INFO L290 TraceCheckUtils]: 2: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,714 INFO L290 TraceCheckUtils]: 3: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,714 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#true} assume !(2 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,714 INFO L290 TraceCheckUtils]: 5: Hoare triple {25065#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,714 INFO L290 TraceCheckUtils]: 6: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,714 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25065#true} {25065#true} #1615#return; {25065#true} is VALID [2022-02-20 17:55:47,714 INFO L290 TraceCheckUtils]: 8: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,714 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {25065#true} {25065#true} #1753#return; {25065#true} is VALID [2022-02-20 17:55:47,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:55:47,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,720 INFO L290 TraceCheckUtils]: 0: Hoare triple {25165#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,721 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,721 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,721 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25065#true} {25066#false} #1637#return; {25066#false} is VALID [2022-02-20 17:55:47,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:55:47,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {25166#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,728 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25065#true} {25066#false} #1639#return; {25066#false} is VALID [2022-02-20 17:55:47,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:55:47,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,730 INFO L290 TraceCheckUtils]: 0: Hoare triple {25165#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,730 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,730 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25065#true} {25066#false} #1649#return; {25066#false} is VALID [2022-02-20 17:55:47,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 17:55:47,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,732 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25065#true} is VALID [2022-02-20 17:55:47,733 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {25065#true} is VALID [2022-02-20 17:55:47,733 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,733 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25065#true} {25066#false} #1651#return; {25066#false} is VALID [2022-02-20 17:55:47,733 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 17:55:47,735 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {25065#true} is VALID [2022-02-20 17:55:47,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume { :end_inline_deliver } true; {25065#true} is VALID [2022-02-20 17:55:47,736 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,736 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25065#true} {25066#false} #1707#return; {25066#false} is VALID [2022-02-20 17:55:47,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 159 [2022-02-20 17:55:47,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,740 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:55:47,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {25065#true} is VALID [2022-02-20 17:55:47,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,742 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25065#true} {25065#true} #1797#return; {25065#true} is VALID [2022-02-20 17:55:47,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {25065#true} is VALID [2022-02-20 17:55:47,743 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25065#true} is VALID [2022-02-20 17:55:47,743 INFO L272 TraceCheckUtils]: 2: Hoare triple {25065#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {25065#true} is VALID [2022-02-20 17:55:47,743 INFO L290 TraceCheckUtils]: 3: Hoare triple {25065#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {25065#true} is VALID [2022-02-20 17:55:47,743 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,743 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25065#true} {25065#true} #1797#return; {25065#true} is VALID [2022-02-20 17:55:47,743 INFO L290 TraceCheckUtils]: 6: Hoare triple {25065#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {25065#true} is VALID [2022-02-20 17:55:47,743 INFO L290 TraceCheckUtils]: 7: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,743 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {25065#true} {25066#false} #1709#return; {25066#false} is VALID [2022-02-20 17:55:47,744 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {25065#true} is VALID [2022-02-20 17:55:47,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25065#true} is VALID [2022-02-20 17:55:47,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {25065#true} is VALID [2022-02-20 17:55:47,745 INFO L272 TraceCheckUtils]: 3: Hoare triple {25065#true} call select_features_#t~ret5#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:47,745 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L290 TraceCheckUtils]: 5: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25065#true} {25065#true} #1721#return; {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L290 TraceCheckUtils]: 7: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L272 TraceCheckUtils]: 8: Hoare triple {25065#true} call select_features_#t~ret6#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L290 TraceCheckUtils]: 9: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L290 TraceCheckUtils]: 10: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25065#true} {25065#true} #1723#return; {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L290 TraceCheckUtils]: 12: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {25065#true} is VALID [2022-02-20 17:55:47,746 INFO L272 TraceCheckUtils]: 13: Hoare triple {25065#true} call select_features_#t~ret7#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L290 TraceCheckUtils]: 14: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L290 TraceCheckUtils]: 15: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25065#true} {25065#true} #1725#return; {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L290 TraceCheckUtils]: 17: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L272 TraceCheckUtils]: 18: Hoare triple {25065#true} call select_features_#t~ret8#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L290 TraceCheckUtils]: 19: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L290 TraceCheckUtils]: 20: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25065#true} {25065#true} #1727#return; {25065#true} is VALID [2022-02-20 17:55:47,747 INFO L290 TraceCheckUtils]: 22: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L272 TraceCheckUtils]: 23: Hoare triple {25065#true} call select_features_#t~ret9#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L290 TraceCheckUtils]: 24: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L290 TraceCheckUtils]: 25: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25065#true} {25065#true} #1729#return; {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L290 TraceCheckUtils]: 27: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L272 TraceCheckUtils]: 28: Hoare triple {25065#true} call select_features_#t~ret10#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L290 TraceCheckUtils]: 29: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L290 TraceCheckUtils]: 30: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25065#true} {25065#true} #1731#return; {25065#true} is VALID [2022-02-20 17:55:47,748 INFO L290 TraceCheckUtils]: 32: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L272 TraceCheckUtils]: 33: Hoare triple {25065#true} call select_features_#t~ret11#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L290 TraceCheckUtils]: 34: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L290 TraceCheckUtils]: 35: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25065#true} {25065#true} #1733#return; {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L290 TraceCheckUtils]: 37: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L272 TraceCheckUtils]: 38: Hoare triple {25065#true} call select_features_#t~ret12#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L290 TraceCheckUtils]: 39: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L290 TraceCheckUtils]: 40: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,749 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25065#true} {25065#true} #1735#return; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 42: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 43: Hoare triple {25065#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 44: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 45: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 46: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 47: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 48: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 49: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 50: Hoare triple {25065#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {25065#true} is VALID [2022-02-20 17:55:47,750 INFO L290 TraceCheckUtils]: 51: Hoare triple {25065#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {25065#true} is VALID [2022-02-20 17:55:47,751 INFO L290 TraceCheckUtils]: 52: Hoare triple {25065#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {25065#true} is VALID [2022-02-20 17:55:47,751 INFO L290 TraceCheckUtils]: 53: Hoare triple {25065#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25065#true} is VALID [2022-02-20 17:55:47,751 INFO L290 TraceCheckUtils]: 54: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:47,751 INFO L272 TraceCheckUtils]: 55: Hoare triple {25065#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,751 INFO L290 TraceCheckUtils]: 56: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25065#true} is VALID [2022-02-20 17:55:47,752 INFO L272 TraceCheckUtils]: 57: Hoare triple {25065#true} call setClientId(~bob___0, ~bob___0); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,752 INFO L290 TraceCheckUtils]: 58: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,752 INFO L290 TraceCheckUtils]: 59: Hoare triple {25065#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,752 INFO L290 TraceCheckUtils]: 60: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,752 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {25065#true} {25065#true} #1719#return; {25065#true} is VALID [2022-02-20 17:55:47,752 INFO L290 TraceCheckUtils]: 62: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,753 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {25065#true} {25065#true} #1741#return; {25065#true} is VALID [2022-02-20 17:55:47,753 INFO L290 TraceCheckUtils]: 64: Hoare triple {25065#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25065#true} is VALID [2022-02-20 17:55:47,753 INFO L290 TraceCheckUtils]: 65: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:47,753 INFO L272 TraceCheckUtils]: 66: Hoare triple {25065#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,753 INFO L290 TraceCheckUtils]: 67: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25065#true} is VALID [2022-02-20 17:55:47,754 INFO L272 TraceCheckUtils]: 68: Hoare triple {25065#true} call setClientId(~rjh___0, ~rjh___0); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,754 INFO L290 TraceCheckUtils]: 69: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,754 INFO L290 TraceCheckUtils]: 70: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,754 INFO L290 TraceCheckUtils]: 71: Hoare triple {25065#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,754 INFO L290 TraceCheckUtils]: 72: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,754 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {25065#true} {25065#true} #1669#return; {25065#true} is VALID [2022-02-20 17:55:47,755 INFO L290 TraceCheckUtils]: 74: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,755 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {25065#true} {25065#true} #1747#return; {25065#true} is VALID [2022-02-20 17:55:47,756 INFO L290 TraceCheckUtils]: 76: Hoare triple {25065#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25065#true} is VALID [2022-02-20 17:55:47,756 INFO L290 TraceCheckUtils]: 77: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:47,756 INFO L272 TraceCheckUtils]: 78: Hoare triple {25065#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,756 INFO L290 TraceCheckUtils]: 79: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25065#true} is VALID [2022-02-20 17:55:47,757 INFO L272 TraceCheckUtils]: 80: Hoare triple {25065#true} call setClientId(~chuck___0, ~chuck___0); {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,757 INFO L290 TraceCheckUtils]: 81: Hoare triple {25149#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,757 INFO L290 TraceCheckUtils]: 82: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,757 INFO L290 TraceCheckUtils]: 83: Hoare triple {25065#true} assume !(2 == ~handle); {25065#true} is VALID [2022-02-20 17:55:47,757 INFO L290 TraceCheckUtils]: 84: Hoare triple {25065#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,757 INFO L290 TraceCheckUtils]: 85: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,757 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {25065#true} {25065#true} #1615#return; {25065#true} is VALID [2022-02-20 17:55:47,758 INFO L290 TraceCheckUtils]: 87: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,758 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25065#true} {25065#true} #1753#return; {25065#true} is VALID [2022-02-20 17:55:47,758 INFO L290 TraceCheckUtils]: 89: Hoare triple {25065#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {25065#true} is VALID [2022-02-20 17:55:47,758 INFO L290 TraceCheckUtils]: 90: Hoare triple {25065#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25118#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:47,758 INFO L290 TraceCheckUtils]: 91: Hoare triple {25118#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {25118#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:47,759 INFO L290 TraceCheckUtils]: 92: Hoare triple {25118#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25118#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:47,759 INFO L290 TraceCheckUtils]: 93: Hoare triple {25118#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:47,760 INFO L290 TraceCheckUtils]: 94: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet110#1 && test_#t~nondet110#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet110#1;havoc test_#t~nondet110#1; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:47,760 INFO L290 TraceCheckUtils]: 95: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___9~0#1; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:47,760 INFO L290 TraceCheckUtils]: 96: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:47,760 INFO L290 TraceCheckUtils]: 97: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} test_~op1~0#1 := 1; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:47,761 INFO L290 TraceCheckUtils]: 98: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:47,761 INFO L290 TraceCheckUtils]: 99: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {25066#false} is VALID [2022-02-20 17:55:47,761 INFO L290 TraceCheckUtils]: 100: Hoare triple {25066#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {25066#false} is VALID [2022-02-20 17:55:47,761 INFO L272 TraceCheckUtils]: 101: Hoare triple {25066#false} call sendEmail(~bob~0, ~rjh~0); {25066#false} is VALID [2022-02-20 17:55:47,761 INFO L290 TraceCheckUtils]: 102: Hoare triple {25066#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25066#false} is VALID [2022-02-20 17:55:47,762 INFO L272 TraceCheckUtils]: 103: Hoare triple {25066#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25165#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:47,762 INFO L290 TraceCheckUtils]: 104: Hoare triple {25165#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,762 INFO L290 TraceCheckUtils]: 105: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,762 INFO L290 TraceCheckUtils]: 106: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,762 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {25065#true} {25066#false} #1637#return; {25066#false} is VALID [2022-02-20 17:55:47,762 INFO L272 TraceCheckUtils]: 108: Hoare triple {25066#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25166#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:47,762 INFO L290 TraceCheckUtils]: 109: Hoare triple {25166#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,762 INFO L290 TraceCheckUtils]: 110: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,762 INFO L290 TraceCheckUtils]: 111: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,762 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {25065#true} {25066#false} #1639#return; {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L290 TraceCheckUtils]: 113: Hoare triple {25066#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L290 TraceCheckUtils]: 114: Hoare triple {25066#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L272 TraceCheckUtils]: 115: Hoare triple {25066#false} call outgoing(~sender#1, ~email~0#1); {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L290 TraceCheckUtils]: 116: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L290 TraceCheckUtils]: 117: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L272 TraceCheckUtils]: 118: Hoare triple {25066#false} call outgoing__before__Sign(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L290 TraceCheckUtils]: 119: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L290 TraceCheckUtils]: 120: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {25066#false} is VALID [2022-02-20 17:55:47,763 INFO L272 TraceCheckUtils]: 121: Hoare triple {25066#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:47,764 INFO L290 TraceCheckUtils]: 122: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:47,764 INFO L290 TraceCheckUtils]: 123: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25066#false} is VALID [2022-02-20 17:55:47,764 INFO L272 TraceCheckUtils]: 124: Hoare triple {25066#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:47,764 INFO L290 TraceCheckUtils]: 125: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {25066#false} is VALID [2022-02-20 17:55:47,764 INFO L290 TraceCheckUtils]: 126: Hoare triple {25066#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {25066#false} is VALID [2022-02-20 17:55:47,764 INFO L290 TraceCheckUtils]: 127: Hoare triple {25066#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {25066#false} is VALID [2022-02-20 17:55:47,764 INFO L272 TraceCheckUtils]: 128: Hoare triple {25066#false} call setEmailFrom(~msg#1, ~tmp~2#1); {25165#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:47,764 INFO L290 TraceCheckUtils]: 129: Hoare triple {25165#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:47,764 INFO L290 TraceCheckUtils]: 130: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:47,764 INFO L290 TraceCheckUtils]: 131: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,765 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {25065#true} {25066#false} #1649#return; {25066#false} is VALID [2022-02-20 17:55:47,765 INFO L290 TraceCheckUtils]: 133: Hoare triple {25066#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {25066#false} is VALID [2022-02-20 17:55:47,765 INFO L272 TraceCheckUtils]: 134: Hoare triple {25066#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {25065#true} is VALID [2022-02-20 17:55:47,765 INFO L290 TraceCheckUtils]: 135: Hoare triple {25065#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25065#true} is VALID [2022-02-20 17:55:47,765 INFO L290 TraceCheckUtils]: 136: Hoare triple {25065#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {25065#true} is VALID [2022-02-20 17:55:47,765 INFO L290 TraceCheckUtils]: 137: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,765 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {25065#true} {25066#false} #1651#return; {25066#false} is VALID [2022-02-20 17:55:47,765 INFO L290 TraceCheckUtils]: 139: Hoare triple {25066#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {25066#false} is VALID [2022-02-20 17:55:47,765 INFO L290 TraceCheckUtils]: 140: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L272 TraceCheckUtils]: 141: Hoare triple {25066#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L290 TraceCheckUtils]: 142: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L290 TraceCheckUtils]: 143: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L272 TraceCheckUtils]: 144: Hoare triple {25066#false} call incoming__before__Verify(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L290 TraceCheckUtils]: 145: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L290 TraceCheckUtils]: 146: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L272 TraceCheckUtils]: 147: Hoare triple {25066#false} call incoming__before__Forward(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L290 TraceCheckUtils]: 148: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L290 TraceCheckUtils]: 149: Hoare triple {25066#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {25066#false} is VALID [2022-02-20 17:55:47,766 INFO L272 TraceCheckUtils]: 150: Hoare triple {25066#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {25065#true} is VALID [2022-02-20 17:55:47,767 INFO L290 TraceCheckUtils]: 151: Hoare triple {25065#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {25065#true} is VALID [2022-02-20 17:55:47,767 INFO L290 TraceCheckUtils]: 152: Hoare triple {25065#true} assume { :end_inline_deliver } true; {25065#true} is VALID [2022-02-20 17:55:47,767 INFO L290 TraceCheckUtils]: 153: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,767 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25065#true} {25066#false} #1707#return; {25066#false} is VALID [2022-02-20 17:55:47,767 INFO L290 TraceCheckUtils]: 155: Hoare triple {25066#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {25066#false} is VALID [2022-02-20 17:55:47,767 INFO L290 TraceCheckUtils]: 156: Hoare triple {25066#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {25066#false} is VALID [2022-02-20 17:55:47,767 INFO L290 TraceCheckUtils]: 157: Hoare triple {25066#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {25066#false} is VALID [2022-02-20 17:55:47,767 INFO L290 TraceCheckUtils]: 158: Hoare triple {25066#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {25066#false} is VALID [2022-02-20 17:55:47,767 INFO L272 TraceCheckUtils]: 159: Hoare triple {25066#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L290 TraceCheckUtils]: 160: Hoare triple {25065#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L290 TraceCheckUtils]: 161: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L272 TraceCheckUtils]: 162: Hoare triple {25065#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L290 TraceCheckUtils]: 163: Hoare triple {25065#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L290 TraceCheckUtils]: 164: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {25065#true} {25065#true} #1797#return; {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L290 TraceCheckUtils]: 166: Hoare triple {25065#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L290 TraceCheckUtils]: 167: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:47,768 INFO L284 TraceCheckUtils]: 168: Hoare quadruple {25065#true} {25066#false} #1709#return; {25066#false} is VALID [2022-02-20 17:55:47,769 INFO L290 TraceCheckUtils]: 169: Hoare triple {25066#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {25066#false} is VALID [2022-02-20 17:55:47,769 INFO L290 TraceCheckUtils]: 170: Hoare triple {25066#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {25066#false} is VALID [2022-02-20 17:55:47,769 INFO L290 TraceCheckUtils]: 171: Hoare triple {25066#false} assume !false; {25066#false} is VALID [2022-02-20 17:55:47,769 INFO L134 CoverageAnalysis]: Checked inductivity of 103 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 101 trivial. 0 not checked. [2022-02-20 17:55:47,769 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:47,769 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [849702468] [2022-02-20 17:55:47,770 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [849702468] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:47,770 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [712535801] [2022-02-20 17:55:47,770 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:47,770 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:47,770 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:47,771 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:47,772 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:55:48,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,032 INFO L263 TraceCheckSpWp]: Trace formula consists of 1486 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:55:48,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,087 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L272 TraceCheckUtils]: 3: Hoare triple {25065#true} call select_features_#t~ret5#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 5: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25065#true} {25065#true} #1721#return; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 7: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L272 TraceCheckUtils]: 8: Hoare triple {25065#true} call select_features_#t~ret6#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 9: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 10: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25065#true} {25065#true} #1723#return; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L290 TraceCheckUtils]: 12: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {25065#true} is VALID [2022-02-20 17:55:48,456 INFO L272 TraceCheckUtils]: 13: Hoare triple {25065#true} call select_features_#t~ret7#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L290 TraceCheckUtils]: 14: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L290 TraceCheckUtils]: 15: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25065#true} {25065#true} #1725#return; {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L290 TraceCheckUtils]: 17: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L272 TraceCheckUtils]: 18: Hoare triple {25065#true} call select_features_#t~ret8#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L290 TraceCheckUtils]: 19: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L290 TraceCheckUtils]: 20: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25065#true} {25065#true} #1727#return; {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L290 TraceCheckUtils]: 22: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L272 TraceCheckUtils]: 23: Hoare triple {25065#true} call select_features_#t~ret9#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,457 INFO L290 TraceCheckUtils]: 24: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L290 TraceCheckUtils]: 25: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25065#true} {25065#true} #1729#return; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L290 TraceCheckUtils]: 27: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L272 TraceCheckUtils]: 28: Hoare triple {25065#true} call select_features_#t~ret10#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L290 TraceCheckUtils]: 29: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L290 TraceCheckUtils]: 30: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25065#true} {25065#true} #1731#return; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L290 TraceCheckUtils]: 32: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L272 TraceCheckUtils]: 33: Hoare triple {25065#true} call select_features_#t~ret11#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L290 TraceCheckUtils]: 34: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L290 TraceCheckUtils]: 35: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25065#true} {25065#true} #1733#return; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L290 TraceCheckUtils]: 37: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {25065#true} is VALID [2022-02-20 17:55:48,460 INFO L272 TraceCheckUtils]: 38: Hoare triple {25065#true} call select_features_#t~ret12#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 39: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 40: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25065#true} {25065#true} #1735#return; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 42: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 43: Hoare triple {25065#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 44: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 45: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 46: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 47: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 48: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 49: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 50: Hoare triple {25065#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 51: Hoare triple {25065#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 52: Hoare triple {25065#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 53: Hoare triple {25065#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 54: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L272 TraceCheckUtils]: 55: Hoare triple {25065#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L290 TraceCheckUtils]: 56: Hoare triple {25065#true} ~bob___0 := #in~bob___0; {25065#true} is VALID [2022-02-20 17:55:48,461 INFO L272 TraceCheckUtils]: 57: Hoare triple {25065#true} call setClientId(~bob___0, ~bob___0); {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 58: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 59: Hoare triple {25065#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 60: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {25065#true} {25065#true} #1719#return; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 62: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {25065#true} {25065#true} #1741#return; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 64: Hoare triple {25065#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 65: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L272 TraceCheckUtils]: 66: Hoare triple {25065#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 67: Hoare triple {25065#true} ~rjh___0 := #in~rjh___0; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L272 TraceCheckUtils]: 68: Hoare triple {25065#true} call setClientId(~rjh___0, ~rjh___0); {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 69: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 70: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 71: Hoare triple {25065#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 72: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {25065#true} {25065#true} #1669#return; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 74: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {25065#true} {25065#true} #1747#return; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 76: Hoare triple {25065#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L290 TraceCheckUtils]: 77: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:48,462 INFO L272 TraceCheckUtils]: 78: Hoare triple {25065#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {25065#true} is VALID [2022-02-20 17:55:48,463 INFO L290 TraceCheckUtils]: 79: Hoare triple {25065#true} ~chuck___0 := #in~chuck___0; {25065#true} is VALID [2022-02-20 17:55:48,463 INFO L272 TraceCheckUtils]: 80: Hoare triple {25065#true} call setClientId(~chuck___0, ~chuck___0); {25065#true} is VALID [2022-02-20 17:55:48,463 INFO L290 TraceCheckUtils]: 81: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,463 INFO L290 TraceCheckUtils]: 82: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:48,463 INFO L290 TraceCheckUtils]: 83: Hoare triple {25065#true} assume !(2 == ~handle); {25065#true} is VALID [2022-02-20 17:55:48,472 INFO L290 TraceCheckUtils]: 84: Hoare triple {25065#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,472 INFO L290 TraceCheckUtils]: 85: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,472 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {25065#true} {25065#true} #1615#return; {25065#true} is VALID [2022-02-20 17:55:48,472 INFO L290 TraceCheckUtils]: 87: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,472 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25065#true} {25065#true} #1753#return; {25065#true} is VALID [2022-02-20 17:55:48,472 INFO L290 TraceCheckUtils]: 89: Hoare triple {25065#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {25065#true} is VALID [2022-02-20 17:55:48,473 INFO L290 TraceCheckUtils]: 90: Hoare triple {25065#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25443#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:48,473 INFO L290 TraceCheckUtils]: 91: Hoare triple {25443#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {25443#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:48,473 INFO L290 TraceCheckUtils]: 92: Hoare triple {25443#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25443#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 93: Hoare triple {25443#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 94: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet110#1 && test_#t~nondet110#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet110#1;havoc test_#t~nondet110#1; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 95: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___9~0#1; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 96: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 97: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} test_~op1~0#1 := 1; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 98: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 99: Hoare triple {25119#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {25066#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 100: Hoare triple {25066#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {25066#false} is VALID [2022-02-20 17:55:48,475 INFO L272 TraceCheckUtils]: 101: Hoare triple {25066#false} call sendEmail(~bob~0, ~rjh~0); {25066#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 102: Hoare triple {25066#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25066#false} is VALID [2022-02-20 17:55:48,475 INFO L272 TraceCheckUtils]: 103: Hoare triple {25066#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 104: Hoare triple {25066#false} ~handle := #in~handle;~value := #in~value; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 105: Hoare triple {25066#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 106: Hoare triple {25066#false} assume true; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {25066#false} {25066#false} #1637#return; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L272 TraceCheckUtils]: 108: Hoare triple {25066#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 109: Hoare triple {25066#false} ~handle := #in~handle;~value := #in~value; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 110: Hoare triple {25066#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 111: Hoare triple {25066#false} assume true; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {25066#false} {25066#false} #1639#return; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 113: Hoare triple {25066#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 114: Hoare triple {25066#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L272 TraceCheckUtils]: 115: Hoare triple {25066#false} call outgoing(~sender#1, ~email~0#1); {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 116: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 117: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L272 TraceCheckUtils]: 118: Hoare triple {25066#false} call outgoing__before__Sign(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 119: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 120: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L272 TraceCheckUtils]: 121: Hoare triple {25066#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 122: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 123: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25066#false} is VALID [2022-02-20 17:55:48,476 INFO L272 TraceCheckUtils]: 124: Hoare triple {25066#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 125: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 126: Hoare triple {25066#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 127: Hoare triple {25066#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L272 TraceCheckUtils]: 128: Hoare triple {25066#false} call setEmailFrom(~msg#1, ~tmp~2#1); {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 129: Hoare triple {25066#false} ~handle := #in~handle;~value := #in~value; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 130: Hoare triple {25066#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 131: Hoare triple {25066#false} assume true; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {25066#false} {25066#false} #1649#return; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 133: Hoare triple {25066#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L272 TraceCheckUtils]: 134: Hoare triple {25066#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 135: Hoare triple {25066#false} ~handle := #in~handle;havoc ~retValue_acc~19; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 136: Hoare triple {25066#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 137: Hoare triple {25066#false} assume true; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {25066#false} {25066#false} #1651#return; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 139: Hoare triple {25066#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 140: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L272 TraceCheckUtils]: 141: Hoare triple {25066#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 142: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 143: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {25066#false} is VALID [2022-02-20 17:55:48,478 INFO L272 TraceCheckUtils]: 144: Hoare triple {25066#false} call incoming__before__Verify(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 145: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 146: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {25066#false} is VALID [2022-02-20 17:55:48,478 INFO L272 TraceCheckUtils]: 147: Hoare triple {25066#false} call incoming__before__Forward(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 148: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 149: Hoare triple {25066#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {25066#false} is VALID [2022-02-20 17:55:48,478 INFO L272 TraceCheckUtils]: 150: Hoare triple {25066#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,479 INFO L290 TraceCheckUtils]: 151: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {25066#false} is VALID [2022-02-20 17:55:48,479 INFO L290 TraceCheckUtils]: 152: Hoare triple {25066#false} assume { :end_inline_deliver } true; {25066#false} is VALID [2022-02-20 17:55:48,479 INFO L290 TraceCheckUtils]: 153: Hoare triple {25066#false} assume true; {25066#false} is VALID [2022-02-20 17:55:48,480 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25066#false} {25066#false} #1707#return; {25066#false} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 155: Hoare triple {25066#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {25066#false} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 156: Hoare triple {25066#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {25066#false} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 157: Hoare triple {25066#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {25066#false} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 158: Hoare triple {25066#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {25066#false} is VALID [2022-02-20 17:55:48,481 INFO L272 TraceCheckUtils]: 159: Hoare triple {25066#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 160: Hoare triple {25066#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {25066#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 161: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25066#false} is VALID [2022-02-20 17:55:48,481 INFO L272 TraceCheckUtils]: 162: Hoare triple {25066#false} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 163: Hoare triple {25066#false} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 164: Hoare triple {25066#false} assume true; {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {25066#false} {25066#false} #1797#return; {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 166: Hoare triple {25066#false} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 167: Hoare triple {25066#false} assume true; {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L284 TraceCheckUtils]: 168: Hoare quadruple {25066#false} {25066#false} #1709#return; {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 169: Hoare triple {25066#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 170: Hoare triple {25066#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {25066#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 171: Hoare triple {25066#false} assume !false; {25066#false} is VALID [2022-02-20 17:55:48,484 INFO L134 CoverageAnalysis]: Checked inductivity of 103 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 101 trivial. 0 not checked. [2022-02-20 17:55:48,484 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:55:48,950 INFO L290 TraceCheckUtils]: 171: Hoare triple {25066#false} assume !false; {25066#false} is VALID [2022-02-20 17:55:48,950 INFO L290 TraceCheckUtils]: 170: Hoare triple {25066#false} assume !(0 != __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1);assume { :begin_inline___automaton_fail } true; {25066#false} is VALID [2022-02-20 17:55:48,950 INFO L290 TraceCheckUtils]: 169: Hoare triple {25066#false} assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1 := __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1; {25066#false} is VALID [2022-02-20 17:55:48,950 INFO L284 TraceCheckUtils]: 168: Hoare quadruple {25065#true} {25066#false} #1709#return; {25066#false} is VALID [2022-02-20 17:55:48,950 INFO L290 TraceCheckUtils]: 167: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 166: Hoare triple {25065#true} assume -2147483648 <= #t~ret108#1 && #t~ret108#1 <= 2147483647;~retValue_acc~13#1 := #t~ret108#1;havoc #t~ret108#1;#res#1 := ~retValue_acc~13#1; {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {25065#true} {25065#true} #1797#return; {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 164: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 163: Hoare triple {25065#true} ~msg := #in~msg;havoc ~retValue_acc~11;~retValue_acc~11 := 1;#res := ~retValue_acc~11; {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L272 TraceCheckUtils]: 162: Hoare triple {25065#true} call #t~ret108#1 := isReadable__before__Encrypt(~msg#1); {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 161: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 160: Hoare triple {25065#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~13#1; {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L272 TraceCheckUtils]: 159: Hoare triple {25066#false} call __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1 := isReadable(__utac_acc__DecryptAutoResponder_spec__1_~msg#1); {25065#true} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 158: Hoare triple {25066#false} assume 0 != incoming__role__AutoResponder_~tmp~5#1;assume { :begin_inline_autoRespond } true;autoRespond_#in~client#1, autoRespond_#in~msg#1 := incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1;havoc autoRespond_#t~ret34#1, autoRespond_#t~ret35#1, autoRespond_~client#1, autoRespond_~msg#1, autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1, autoRespond_~sender~0#1, autoRespond_~tmp~10#1;autoRespond_~client#1 := autoRespond_#in~client#1;autoRespond_~msg#1 := autoRespond_#in~msg#1;havoc autoRespond_~__utac__ad__arg1~0#1;havoc autoRespond_~__utac__ad__arg2~0#1;havoc autoRespond_~sender~0#1;havoc autoRespond_~tmp~10#1;autoRespond_~__utac__ad__arg1~0#1 := autoRespond_~client#1;autoRespond_~__utac__ad__arg2~0#1 := autoRespond_~msg#1;assume { :begin_inline___utac_acc__DecryptAutoResponder_spec__1 } true;__utac_acc__DecryptAutoResponder_spec__1_#in~client#1, __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1 := autoRespond_~__utac__ad__arg1~0#1, autoRespond_~__utac__ad__arg2~0#1;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1, __utac_acc__DecryptAutoResponder_spec__1_#t~ret124#1, __utac_acc__DecryptAutoResponder_spec__1_~client#1, __utac_acc__DecryptAutoResponder_spec__1_~msg#1, __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;__utac_acc__DecryptAutoResponder_spec__1_~client#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~client#1;__utac_acc__DecryptAutoResponder_spec__1_~msg#1 := __utac_acc__DecryptAutoResponder_spec__1_#in~msg#1;havoc __utac_acc__DecryptAutoResponder_spec__1_~tmp~27#1;call __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 && __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__DecryptAutoResponder_spec__1_#t~ret123#1; {25066#false} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 157: Hoare triple {25066#false} incoming__role__AutoResponder_#t~ret25#1 := getClientAutoResponse_#res#1;assume { :end_inline_getClientAutoResponse } true;assume -2147483648 <= incoming__role__AutoResponder_#t~ret25#1 && incoming__role__AutoResponder_#t~ret25#1 <= 2147483647;incoming__role__AutoResponder_~tmp~5#1 := incoming__role__AutoResponder_#t~ret25#1;havoc incoming__role__AutoResponder_#t~ret25#1; {25066#false} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 156: Hoare triple {25066#false} assume 1 == getClientAutoResponse_~handle#1;getClientAutoResponse_~retValue_acc~36#1 := ~__ste_client_autoResponse0~0;getClientAutoResponse_#res#1 := getClientAutoResponse_~retValue_acc~36#1; {25066#false} is VALID [2022-02-20 17:55:48,951 INFO L290 TraceCheckUtils]: 155: Hoare triple {25066#false} assume { :begin_inline_getClientAutoResponse } true;getClientAutoResponse_#in~handle#1 := incoming__role__AutoResponder_~client#1;havoc getClientAutoResponse_#res#1;havoc getClientAutoResponse_~handle#1, getClientAutoResponse_~retValue_acc~36#1;getClientAutoResponse_~handle#1 := getClientAutoResponse_#in~handle#1;havoc getClientAutoResponse_~retValue_acc~36#1; {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25065#true} {25066#false} #1707#return; {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 153: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 152: Hoare triple {25065#true} assume { :end_inline_deliver } true; {25065#true} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 151: Hoare triple {25065#true} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret24#1, deliver_~client#1, deliver_~msg#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;call deliver_#t~ret24#1 := puts(7, 0);assume -2147483648 <= deliver_#t~ret24#1 && deliver_#t~ret24#1 <= 2147483647;havoc deliver_#t~ret24#1; {25065#true} is VALID [2022-02-20 17:55:48,956 INFO L272 TraceCheckUtils]: 150: Hoare triple {25066#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {25065#true} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 149: Hoare triple {25066#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret25#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~5#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~5#1; {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 148: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L272 TraceCheckUtils]: 147: Hoare triple {25066#false} call incoming__before__Forward(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 146: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 145: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L272 TraceCheckUtils]: 144: Hoare triple {25066#false} call incoming__before__Verify(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 143: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 142: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L272 TraceCheckUtils]: 141: Hoare triple {25066#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 140: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 139: Hoare triple {25066#false} assume -2147483648 <= mail_#t~ret14#1 && mail_#t~ret14#1 <= 2147483647;mail_~tmp~1#1 := mail_#t~ret14#1;havoc mail_#t~ret14#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~1#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {25065#true} {25066#false} #1651#return; {25066#false} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 137: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,956 INFO L290 TraceCheckUtils]: 136: Hoare triple {25065#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {25065#true} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 135: Hoare triple {25065#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25065#true} is VALID [2022-02-20 17:55:48,957 INFO L272 TraceCheckUtils]: 134: Hoare triple {25066#false} call mail_#t~ret14#1 := getEmailTo(mail_~msg#1); {25065#true} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 133: Hoare triple {25066#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret13#1, mail_#t~ret14#1, mail_~client#1, mail_~msg#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~1#1;call mail_#t~ret13#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret13#1 && mail_#t~ret13#1 <= 2147483647;havoc mail_#t~ret13#1; {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {25065#true} {25066#false} #1649#return; {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 131: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 130: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 129: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,957 INFO L272 TraceCheckUtils]: 128: Hoare triple {25066#false} call setEmailFrom(~msg#1, ~tmp~2#1); {25065#true} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 127: Hoare triple {25066#false} #t~ret15#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 126: Hoare triple {25066#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 125: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L272 TraceCheckUtils]: 124: Hoare triple {25066#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 123: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 122: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L272 TraceCheckUtils]: 121: Hoare triple {25066#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 120: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 119: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L272 TraceCheckUtils]: 118: Hoare triple {25066#false} call outgoing__before__Sign(~client#1, ~msg#1); {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 117: Hoare triple {25066#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L290 TraceCheckUtils]: 116: Hoare triple {25066#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25066#false} is VALID [2022-02-20 17:55:48,957 INFO L272 TraceCheckUtils]: 115: Hoare triple {25066#false} call outgoing(~sender#1, ~email~0#1); {25066#false} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 114: Hoare triple {25066#false} #t~ret32#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret32#1 && #t~ret32#1 <= 2147483647;~tmp~9#1 := #t~ret32#1;havoc #t~ret32#1;~email~0#1 := ~tmp~9#1; {25066#false} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 113: Hoare triple {25066#false} createEmail_~retValue_acc~15#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~15#1; {25066#false} is VALID [2022-02-20 17:55:48,958 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {25065#true} {25066#false} #1639#return; {25066#false} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 111: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 110: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 109: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,958 INFO L272 TraceCheckUtils]: 108: Hoare triple {25066#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25065#true} is VALID [2022-02-20 17:55:48,958 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {25065#true} {25066#false} #1637#return; {25066#false} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 106: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 105: Hoare triple {25065#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 104: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,958 INFO L272 TraceCheckUtils]: 103: Hoare triple {25066#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25065#true} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 102: Hoare triple {25066#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~15#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~15#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25066#false} is VALID [2022-02-20 17:55:48,958 INFO L272 TraceCheckUtils]: 101: Hoare triple {25066#false} call sendEmail(~bob~0, ~rjh~0); {25066#false} is VALID [2022-02-20 17:55:48,958 INFO L290 TraceCheckUtils]: 100: Hoare triple {25066#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret44#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret44#1 && bobToRjh_#t~ret44#1 <= 2147483647;havoc bobToRjh_#t~ret44#1; {25066#false} is VALID [2022-02-20 17:55:48,979 INFO L290 TraceCheckUtils]: 99: Hoare triple {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {25066#false} is VALID [2022-02-20 17:55:48,980 INFO L290 TraceCheckUtils]: 98: Hoare triple {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:48,980 INFO L290 TraceCheckUtils]: 97: Hoare triple {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} test_~op1~0#1 := 1; {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:48,980 INFO L290 TraceCheckUtils]: 96: Hoare triple {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:48,980 INFO L290 TraceCheckUtils]: 95: Hoare triple {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___9~0#1; {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:48,981 INFO L290 TraceCheckUtils]: 94: Hoare triple {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet110#1 && test_#t~nondet110#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet110#1;havoc test_#t~nondet110#1; {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:48,981 INFO L290 TraceCheckUtils]: 93: Hoare triple {25922#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25903#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:48,981 INFO L290 TraceCheckUtils]: 92: Hoare triple {25922#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {25922#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:55:48,981 INFO L290 TraceCheckUtils]: 91: Hoare triple {25922#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {25922#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 90: Hoare triple {25065#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet110#1, test_#t~nondet111#1, test_#t~nondet112#1, test_#t~nondet113#1, test_#t~nondet114#1, test_#t~nondet115#1, test_#t~nondet116#1, test_#t~nondet117#1, test_#t~nondet118#1, test_#t~nondet119#1, test_#t~nondet120#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25922#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 89: Hoare triple {25065#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 15, 0;havoc setup_#t~nondet51#1; {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25065#true} {25065#true} #1753#return; {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 87: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {25065#true} {25065#true} #1615#return; {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 85: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 84: Hoare triple {25065#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 83: Hoare triple {25065#true} assume !(2 == ~handle); {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 82: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 81: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L272 TraceCheckUtils]: 80: Hoare triple {25065#true} call setClientId(~chuck___0, ~chuck___0); {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 79: Hoare triple {25065#true} ~chuck___0 := #in~chuck___0; {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L272 TraceCheckUtils]: 78: Hoare triple {25065#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {25065#true} is VALID [2022-02-20 17:55:48,982 INFO L290 TraceCheckUtils]: 77: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L290 TraceCheckUtils]: 76: Hoare triple {25065#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet50#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {25065#true} {25065#true} #1747#return; {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L290 TraceCheckUtils]: 74: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {25065#true} {25065#true} #1669#return; {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L290 TraceCheckUtils]: 72: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L290 TraceCheckUtils]: 71: Hoare triple {25065#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L290 TraceCheckUtils]: 70: Hoare triple {25065#true} assume !(1 == ~handle); {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L290 TraceCheckUtils]: 69: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L272 TraceCheckUtils]: 68: Hoare triple {25065#true} call setClientId(~rjh___0, ~rjh___0); {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L290 TraceCheckUtils]: 67: Hoare triple {25065#true} ~rjh___0 := #in~rjh___0; {25065#true} is VALID [2022-02-20 17:55:48,983 INFO L272 TraceCheckUtils]: 66: Hoare triple {25065#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L290 TraceCheckUtils]: 65: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L290 TraceCheckUtils]: 64: Hoare triple {25065#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet49#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {25065#true} {25065#true} #1741#return; {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L290 TraceCheckUtils]: 62: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {25065#true} {25065#true} #1719#return; {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L290 TraceCheckUtils]: 60: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L290 TraceCheckUtils]: 59: Hoare triple {25065#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L290 TraceCheckUtils]: 58: Hoare triple {25065#true} ~handle := #in~handle;~value := #in~value; {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L272 TraceCheckUtils]: 57: Hoare triple {25065#true} call setClientId(~bob___0, ~bob___0); {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L290 TraceCheckUtils]: 56: Hoare triple {25065#true} ~bob___0 := #in~bob___0; {25065#true} is VALID [2022-02-20 17:55:48,984 INFO L272 TraceCheckUtils]: 55: Hoare triple {25065#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 54: Hoare triple {25065#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 53: Hoare triple {25065#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet49#1, setup_#t~nondet50#1, setup_#t~nondet51#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 52: Hoare triple {25065#true} main_#t~ret52#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret52#1 && main_#t~ret52#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret52#1;havoc main_#t~ret52#1; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 51: Hoare triple {25065#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 50: Hoare triple {25065#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 49: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 48: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 47: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 46: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 45: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 44: Hoare triple {25065#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 43: Hoare triple {25065#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 42: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25065#true} {25065#true} #1735#return; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 40: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 39: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L272 TraceCheckUtils]: 38: Hoare triple {25065#true} call select_features_#t~ret12#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 37: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25065#true} {25065#true} #1733#return; {25065#true} is VALID [2022-02-20 17:55:48,985 INFO L290 TraceCheckUtils]: 35: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 34: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L272 TraceCheckUtils]: 33: Hoare triple {25065#true} call select_features_#t~ret11#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 32: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25065#true} {25065#true} #1731#return; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 30: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 29: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L272 TraceCheckUtils]: 28: Hoare triple {25065#true} call select_features_#t~ret10#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 27: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25065#true} {25065#true} #1729#return; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 25: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 24: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L272 TraceCheckUtils]: 23: Hoare triple {25065#true} call select_features_#t~ret9#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 22: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25065#true} {25065#true} #1727#return; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 20: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 19: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L272 TraceCheckUtils]: 18: Hoare triple {25065#true} call select_features_#t~ret8#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 17: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1;~__SELECTED_FEATURE_AutoResponder~0 := 1; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25065#true} {25065#true} #1725#return; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 15: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L290 TraceCheckUtils]: 14: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,986 INFO L272 TraceCheckUtils]: 13: Hoare triple {25065#true} call select_features_#t~ret7#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 12: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25065#true} {25065#true} #1723#return; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 10: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 9: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L272 TraceCheckUtils]: 8: Hoare triple {25065#true} call select_features_#t~ret6#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 7: Hoare triple {25065#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25065#true} {25065#true} #1721#return; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 5: Hoare triple {25065#true} assume true; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 4: Hoare triple {25065#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L272 TraceCheckUtils]: 3: Hoare triple {25065#true} call select_features_#t~ret5#1 := select_one(); {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 2: Hoare triple {25065#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {25065#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret52#1, main_~retValue_acc~7#1, main_~tmp~14#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25065#true} is VALID [2022-02-20 17:55:48,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(25, 39);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(115, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(20, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {25065#true} is VALID [2022-02-20 17:55:48,988 INFO L134 CoverageAnalysis]: Checked inductivity of 103 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 101 trivial. 0 not checked. [2022-02-20 17:55:48,988 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [712535801] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:55:48,988 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:55:48,988 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 4, 4] total 10 [2022-02-20 17:55:48,988 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1890850288] [2022-02-20 17:55:48,988 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:55:48,989 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 13.8) internal successors, (138), 7 states have internal predecessors, (138), 2 states have call successors, (45), 5 states have call predecessors, (45), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) Word has length 172 [2022-02-20 17:55:49,621 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:49,621 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 13.8) internal successors, (138), 7 states have internal predecessors, (138), 2 states have call successors, (45), 5 states have call predecessors, (45), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 17:55:49,731 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 211 edges. 211 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:49,731 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 17:55:49,731 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:49,732 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 17:55:49,732 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=63, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:49,732 INFO L87 Difference]: Start difference. First operand 603 states and 889 transitions. Second operand has 10 states, 10 states have (on average 13.8) internal successors, (138), 7 states have internal predecessors, (138), 2 states have call successors, (45), 5 states have call predecessors, (45), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28)