./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec1_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec1_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash c2ee13e5ae0bbed1c37b7eadefb29cbd7041f4c5e0d498dc3d4ea1e000526be8 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:56:30,681 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:56:30,682 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:56:30,715 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:56:30,715 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:56:30,716 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:56:30,720 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:56:30,722 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:56:30,724 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:56:30,725 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:56:30,726 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:56:30,727 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:56:30,728 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:56:30,733 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:56:30,736 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:56:30,737 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:56:30,738 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:56:30,738 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:56:30,742 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:56:30,746 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:56:30,748 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:56:30,749 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:56:30,750 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:56:30,751 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:56:30,754 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:56:30,754 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:56:30,754 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:56:30,756 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:56:30,756 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:56:30,757 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:56:30,757 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:56:30,758 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:56:30,758 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:56:30,760 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:56:30,761 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:56:30,761 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:56:30,761 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:56:30,761 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:56:30,762 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:56:30,762 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:56:30,763 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:56:30,763 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:56:30,791 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:56:30,792 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:56:30,792 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:56:30,792 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:56:30,793 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:56:30,793 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:56:30,794 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:56:30,794 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:56:30,794 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:56:30,794 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:56:30,795 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:56:30,795 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:56:30,795 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:56:30,796 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:56:30,796 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:56:30,796 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:56:30,796 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:56:30,796 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:56:30,796 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:56:30,796 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:56:30,797 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:56:30,797 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:56:30,797 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:56:30,797 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:56:30,797 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:56:30,797 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:56:30,798 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:56:30,798 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:56:30,798 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:56:30,798 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:56:30,798 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:56:30,798 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:56:30,799 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:56:30,799 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> c2ee13e5ae0bbed1c37b7eadefb29cbd7041f4c5e0d498dc3d4ea1e000526be8 [2022-02-20 17:56:30,997 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:56:31,011 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:56:31,013 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:56:31,014 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:56:31,014 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:56:31,016 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec1_productSimulator.cil.c [2022-02-20 17:56:31,059 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c44891d2d/37651c9c204c48f98eeaffa1dfe13aeb/FLAGd3fbc15b2 [2022-02-20 17:56:31,473 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:56:31,473 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_productSimulator.cil.c [2022-02-20 17:56:31,493 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c44891d2d/37651c9c204c48f98eeaffa1dfe13aeb/FLAGd3fbc15b2 [2022-02-20 17:56:31,794 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c44891d2d/37651c9c204c48f98eeaffa1dfe13aeb [2022-02-20 17:56:31,796 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:56:31,797 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:56:31,798 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:56:31,798 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:56:31,800 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:56:31,801 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:56:31" (1/1) ... [2022-02-20 17:56:31,802 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@23e135e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:31, skipping insertion in model container [2022-02-20 17:56:31,802 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:56:31" (1/1) ... [2022-02-20 17:56:31,806 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:56:31,850 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:56:32,217 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_productSimulator.cil.c[35789,35802] [2022-02-20 17:56:32,307 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:56:32,316 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:56:32,366 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_productSimulator.cil.c[35789,35802] [2022-02-20 17:56:32,387 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:56:32,430 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:56:32,430 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32 WrapperNode [2022-02-20 17:56:32,430 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:56:32,431 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:56:32,431 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:56:32,431 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:56:32,436 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,456 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,514 INFO L137 Inliner]: procedures = 151, calls = 283, calls flagged for inlining = 67, calls inlined = 64, statements flattened = 1312 [2022-02-20 17:56:32,514 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:56:32,515 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:56:32,515 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:56:32,515 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:56:32,521 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,521 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,527 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,527 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,543 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,551 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,555 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,562 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:56:32,563 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:56:32,563 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:56:32,563 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:56:32,564 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (1/1) ... [2022-02-20 17:56:32,568 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:56:32,576 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:56:32,618 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:56:32,624 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:56:32,652 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:56:32,653 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:56:32,653 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 17:56:32,653 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 17:56:32,653 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 17:56:32,653 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 17:56:32,653 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:56:32,653 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:56:32,653 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:56:32,654 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:56:32,654 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:56:32,654 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:56:32,654 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:56:32,654 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:56:32,654 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 17:56:32,654 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 17:56:32,654 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:56:32,655 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:56:32,655 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 17:56:32,655 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 17:56:32,655 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:56:32,655 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:56:32,655 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:56:32,655 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:56:32,655 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:56:32,656 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:56:32,656 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 17:56:32,656 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 17:56:32,656 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 17:56:32,656 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 17:56:32,656 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:56:32,656 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:56:32,656 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:56:32,657 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:56:32,657 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:56:32,657 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:56:32,657 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:56:32,657 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 17:56:32,657 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 17:56:32,657 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:56:32,657 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:56:32,657 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 17:56:32,658 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 17:56:32,658 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:56:32,658 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:56:32,658 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 17:56:32,658 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 17:56:32,658 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:56:32,658 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:56:32,658 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:56:32,659 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:56:32,659 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:56:32,659 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 17:56:32,659 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 17:56:32,659 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 17:56:32,659 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 17:56:32,659 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 17:56:32,659 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 17:56:32,660 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:56:32,660 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:56:32,660 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:56:32,660 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:56:32,660 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:56:32,660 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:56:32,660 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:56:32,660 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:56:32,661 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:56:32,661 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:56:32,661 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:56:32,661 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:56:32,661 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:56:32,661 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:56:32,661 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 17:56:32,661 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 17:56:32,662 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 17:56:32,662 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 17:56:32,662 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:56:32,662 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:56:32,662 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:56:32,662 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:56:32,662 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:56:32,662 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:56:32,663 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:56:32,663 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 17:56:32,663 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 17:56:32,663 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 17:56:32,663 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 17:56:32,663 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:56:32,663 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:56:32,663 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:56:32,663 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:56:32,877 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:56:32,879 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:56:33,629 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:56:33,638 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:56:33,638 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:56:33,640 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:56:33 BoogieIcfgContainer [2022-02-20 17:56:33,640 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:56:33,641 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:56:33,641 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:56:33,643 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:56:33,643 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:56:31" (1/3) ... [2022-02-20 17:56:33,644 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@711d0bdb and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:56:33, skipping insertion in model container [2022-02-20 17:56:33,644 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:56:32" (2/3) ... [2022-02-20 17:56:33,644 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@711d0bdb and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:56:33, skipping insertion in model container [2022-02-20 17:56:33,644 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:56:33" (3/3) ... [2022-02-20 17:56:33,645 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec1_productSimulator.cil.c [2022-02-20 17:56:33,648 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:56:33,648 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:56:33,677 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:56:33,681 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:56:33,682 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:56:33,714 INFO L276 IsEmpty]: Start isEmpty. Operand has 603 states, 448 states have (on average 1.515625) internal successors, (679), 468 states have internal predecessors, (679), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) [2022-02-20 17:56:33,725 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2022-02-20 17:56:33,725 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:33,726 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:33,726 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:33,730 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:33,730 INFO L85 PathProgramCache]: Analyzing trace with hash 1563756112, now seen corresponding path program 1 times [2022-02-20 17:56:33,736 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:33,736 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1728641892] [2022-02-20 17:56:33,736 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:33,737 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:33,889 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,002 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:56:34,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,012 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,012 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1730#return; {606#true} is VALID [2022-02-20 17:56:34,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:56:34,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,018 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,018 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,018 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1732#return; {606#true} is VALID [2022-02-20 17:56:34,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:56:34,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,024 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1734#return; {606#true} is VALID [2022-02-20 17:56:34,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:34,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,030 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1736#return; {606#true} is VALID [2022-02-20 17:56:34,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:56:34,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,034 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1738#return; {606#true} is VALID [2022-02-20 17:56:34,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:56:34,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,039 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1740#return; {606#true} is VALID [2022-02-20 17:56:34,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:56:34,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,045 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1742#return; {606#true} is VALID [2022-02-20 17:56:34,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:56:34,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,050 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1744#return; {606#true} is VALID [2022-02-20 17:56:34,055 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:56:34,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,060 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:34,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,064 INFO L290 TraceCheckUtils]: 0: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,064 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,064 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,064 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {606#true} #1728#return; {606#true} is VALID [2022-02-20 17:56:34,065 INFO L290 TraceCheckUtils]: 0: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {606#true} is VALID [2022-02-20 17:56:34,066 INFO L272 TraceCheckUtils]: 1: Hoare triple {606#true} call setClientId(~bob___0, ~bob___0); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,066 INFO L290 TraceCheckUtils]: 2: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,066 INFO L290 TraceCheckUtils]: 3: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,066 INFO L290 TraceCheckUtils]: 4: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,067 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {606#true} {606#true} #1728#return; {606#true} is VALID [2022-02-20 17:56:34,067 INFO L290 TraceCheckUtils]: 6: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,067 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {606#true} {606#true} #1750#return; {606#true} is VALID [2022-02-20 17:56:34,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:56:34,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:34,073 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,075 INFO L290 TraceCheckUtils]: 0: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,076 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,076 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {606#true} #1680#return; {606#true} is VALID [2022-02-20 17:56:34,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {606#true} is VALID [2022-02-20 17:56:34,077 INFO L272 TraceCheckUtils]: 1: Hoare triple {606#true} call setClientId(~rjh___0, ~rjh___0); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,078 INFO L290 TraceCheckUtils]: 3: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,078 INFO L290 TraceCheckUtils]: 4: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,078 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {606#true} {606#true} #1680#return; {606#true} is VALID [2022-02-20 17:56:34,078 INFO L290 TraceCheckUtils]: 6: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,079 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {606#true} {606#true} #1756#return; {606#true} is VALID [2022-02-20 17:56:34,079 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:56:34,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,084 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:34,085 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,087 INFO L290 TraceCheckUtils]: 0: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,087 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,087 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,088 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {606#true} #1622#return; {606#true} is VALID [2022-02-20 17:56:34,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {606#true} is VALID [2022-02-20 17:56:34,089 INFO L272 TraceCheckUtils]: 1: Hoare triple {606#true} call setClientId(~chuck___0, ~chuck___0); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,089 INFO L290 TraceCheckUtils]: 2: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,089 INFO L290 TraceCheckUtils]: 3: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,089 INFO L290 TraceCheckUtils]: 4: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,090 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {606#true} {606#true} #1622#return; {606#true} is VALID [2022-02-20 17:56:34,090 INFO L290 TraceCheckUtils]: 6: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,090 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {606#true} {606#true} #1762#return; {606#true} is VALID [2022-02-20 17:56:34,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:56:34,096 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,098 INFO L290 TraceCheckUtils]: 0: Hoare triple {685#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,098 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,099 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,099 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1644#return; {607#false} is VALID [2022-02-20 17:56:34,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:56:34,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {686#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,107 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1646#return; {607#false} is VALID [2022-02-20 17:56:34,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:56:34,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,111 INFO L290 TraceCheckUtils]: 0: Hoare triple {685#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,111 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,111 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,112 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1656#return; {607#false} is VALID [2022-02-20 17:56:34,112 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:56:34,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:34,115 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} ~handle := #in~handle;havoc ~retValue_acc~16; {606#true} is VALID [2022-02-20 17:56:34,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {606#true} is VALID [2022-02-20 17:56:34,115 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,115 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1660#return; {607#false} is VALID [2022-02-20 17:56:34,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {606#true} is VALID [2022-02-20 17:56:34,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {606#true} is VALID [2022-02-20 17:56:34,117 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {606#true} is VALID [2022-02-20 17:56:34,117 INFO L272 TraceCheckUtils]: 3: Hoare triple {606#true} call select_features_#t~ret117#1 := select_one(); {606#true} is VALID [2022-02-20 17:56:34,117 INFO L290 TraceCheckUtils]: 4: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,117 INFO L290 TraceCheckUtils]: 5: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,118 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {606#true} {606#true} #1730#return; {606#true} is VALID [2022-02-20 17:56:34,118 INFO L290 TraceCheckUtils]: 7: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {606#true} is VALID [2022-02-20 17:56:34,118 INFO L272 TraceCheckUtils]: 8: Hoare triple {606#true} call select_features_#t~ret118#1 := select_one(); {606#true} is VALID [2022-02-20 17:56:34,118 INFO L290 TraceCheckUtils]: 9: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,118 INFO L290 TraceCheckUtils]: 10: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,119 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {606#true} {606#true} #1732#return; {606#true} is VALID [2022-02-20 17:56:34,119 INFO L290 TraceCheckUtils]: 12: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {606#true} is VALID [2022-02-20 17:56:34,119 INFO L272 TraceCheckUtils]: 13: Hoare triple {606#true} call select_features_#t~ret119#1 := select_one(); {606#true} is VALID [2022-02-20 17:56:34,119 INFO L290 TraceCheckUtils]: 14: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,120 INFO L290 TraceCheckUtils]: 15: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,120 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {606#true} {606#true} #1734#return; {606#true} is VALID [2022-02-20 17:56:34,120 INFO L290 TraceCheckUtils]: 17: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {606#true} is VALID [2022-02-20 17:56:34,120 INFO L272 TraceCheckUtils]: 18: Hoare triple {606#true} call select_features_#t~ret120#1 := select_one(); {606#true} is VALID [2022-02-20 17:56:34,120 INFO L290 TraceCheckUtils]: 19: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,121 INFO L290 TraceCheckUtils]: 20: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,121 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {606#true} {606#true} #1736#return; {606#true} is VALID [2022-02-20 17:56:34,121 INFO L290 TraceCheckUtils]: 22: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {606#true} is VALID [2022-02-20 17:56:34,121 INFO L272 TraceCheckUtils]: 23: Hoare triple {606#true} call select_features_#t~ret121#1 := select_one(); {606#true} is VALID [2022-02-20 17:56:34,122 INFO L290 TraceCheckUtils]: 24: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,122 INFO L290 TraceCheckUtils]: 25: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,122 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {606#true} {606#true} #1738#return; {606#true} is VALID [2022-02-20 17:56:34,122 INFO L290 TraceCheckUtils]: 27: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {606#true} is VALID [2022-02-20 17:56:34,122 INFO L272 TraceCheckUtils]: 28: Hoare triple {606#true} call select_features_#t~ret122#1 := select_one(); {606#true} is VALID [2022-02-20 17:56:34,123 INFO L290 TraceCheckUtils]: 29: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,123 INFO L290 TraceCheckUtils]: 30: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,123 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {606#true} {606#true} #1740#return; {606#true} is VALID [2022-02-20 17:56:34,123 INFO L290 TraceCheckUtils]: 32: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {606#true} is VALID [2022-02-20 17:56:34,123 INFO L272 TraceCheckUtils]: 33: Hoare triple {606#true} call select_features_#t~ret123#1 := select_one(); {606#true} is VALID [2022-02-20 17:56:34,124 INFO L290 TraceCheckUtils]: 34: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,124 INFO L290 TraceCheckUtils]: 35: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,124 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {606#true} {606#true} #1742#return; {606#true} is VALID [2022-02-20 17:56:34,124 INFO L290 TraceCheckUtils]: 37: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {606#true} is VALID [2022-02-20 17:56:34,124 INFO L272 TraceCheckUtils]: 38: Hoare triple {606#true} call select_features_#t~ret124#1 := select_one(); {606#true} is VALID [2022-02-20 17:56:34,125 INFO L290 TraceCheckUtils]: 39: Hoare triple {606#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {606#true} is VALID [2022-02-20 17:56:34,125 INFO L290 TraceCheckUtils]: 40: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,125 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {606#true} {606#true} #1744#return; {606#true} is VALID [2022-02-20 17:56:34,125 INFO L290 TraceCheckUtils]: 42: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {606#true} is VALID [2022-02-20 17:56:34,126 INFO L290 TraceCheckUtils]: 43: Hoare triple {606#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {606#true} is VALID [2022-02-20 17:56:34,126 INFO L290 TraceCheckUtils]: 44: Hoare triple {606#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {606#true} is VALID [2022-02-20 17:56:34,126 INFO L290 TraceCheckUtils]: 45: Hoare triple {606#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~27#1 := 0; {606#true} is VALID [2022-02-20 17:56:34,126 INFO L290 TraceCheckUtils]: 46: Hoare triple {606#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {606#true} is VALID [2022-02-20 17:56:34,126 INFO L290 TraceCheckUtils]: 47: Hoare triple {606#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {606#true} is VALID [2022-02-20 17:56:34,127 INFO L290 TraceCheckUtils]: 48: Hoare triple {606#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {606#true} is VALID [2022-02-20 17:56:34,127 INFO L290 TraceCheckUtils]: 49: Hoare triple {606#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {606#true} is VALID [2022-02-20 17:56:34,128 INFO L272 TraceCheckUtils]: 50: Hoare triple {606#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,128 INFO L290 TraceCheckUtils]: 51: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {606#true} is VALID [2022-02-20 17:56:34,129 INFO L272 TraceCheckUtils]: 52: Hoare triple {606#true} call setClientId(~bob___0, ~bob___0); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,129 INFO L290 TraceCheckUtils]: 53: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,129 INFO L290 TraceCheckUtils]: 54: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,129 INFO L290 TraceCheckUtils]: 55: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,130 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {606#true} {606#true} #1728#return; {606#true} is VALID [2022-02-20 17:56:34,130 INFO L290 TraceCheckUtils]: 57: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,130 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {606#true} {606#true} #1750#return; {606#true} is VALID [2022-02-20 17:56:34,130 INFO L290 TraceCheckUtils]: 59: Hoare triple {606#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {606#true} is VALID [2022-02-20 17:56:34,130 INFO L290 TraceCheckUtils]: 60: Hoare triple {606#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {606#true} is VALID [2022-02-20 17:56:34,131 INFO L272 TraceCheckUtils]: 61: Hoare triple {606#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,131 INFO L290 TraceCheckUtils]: 62: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {606#true} is VALID [2022-02-20 17:56:34,132 INFO L272 TraceCheckUtils]: 63: Hoare triple {606#true} call setClientId(~rjh___0, ~rjh___0); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,132 INFO L290 TraceCheckUtils]: 64: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,132 INFO L290 TraceCheckUtils]: 65: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,132 INFO L290 TraceCheckUtils]: 66: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,133 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {606#true} {606#true} #1680#return; {606#true} is VALID [2022-02-20 17:56:34,133 INFO L290 TraceCheckUtils]: 68: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,133 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {606#true} {606#true} #1756#return; {606#true} is VALID [2022-02-20 17:56:34,133 INFO L290 TraceCheckUtils]: 70: Hoare triple {606#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {606#true} is VALID [2022-02-20 17:56:34,133 INFO L290 TraceCheckUtils]: 71: Hoare triple {606#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {606#true} is VALID [2022-02-20 17:56:34,134 INFO L272 TraceCheckUtils]: 72: Hoare triple {606#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,134 INFO L290 TraceCheckUtils]: 73: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {606#true} is VALID [2022-02-20 17:56:34,135 INFO L272 TraceCheckUtils]: 74: Hoare triple {606#true} call setClientId(~chuck___0, ~chuck___0); {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:34,135 INFO L290 TraceCheckUtils]: 75: Hoare triple {672#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,135 INFO L290 TraceCheckUtils]: 76: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,136 INFO L290 TraceCheckUtils]: 77: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,136 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {606#true} {606#true} #1622#return; {606#true} is VALID [2022-02-20 17:56:34,136 INFO L290 TraceCheckUtils]: 79: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,136 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {606#true} {606#true} #1762#return; {606#true} is VALID [2022-02-20 17:56:34,136 INFO L290 TraceCheckUtils]: 81: Hoare triple {606#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {606#true} is VALID [2022-02-20 17:56:34,136 INFO L290 TraceCheckUtils]: 82: Hoare triple {606#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {606#true} is VALID [2022-02-20 17:56:34,137 INFO L290 TraceCheckUtils]: 83: Hoare triple {606#true} assume !true; {607#false} is VALID [2022-02-20 17:56:34,137 INFO L290 TraceCheckUtils]: 84: Hoare triple {607#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {607#false} is VALID [2022-02-20 17:56:34,137 INFO L272 TraceCheckUtils]: 85: Hoare triple {607#false} call sendEmail(~bob~0, ~rjh~0); {607#false} is VALID [2022-02-20 17:56:34,138 INFO L290 TraceCheckUtils]: 86: Hoare triple {607#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {607#false} is VALID [2022-02-20 17:56:34,138 INFO L272 TraceCheckUtils]: 87: Hoare triple {607#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {685#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:34,138 INFO L290 TraceCheckUtils]: 88: Hoare triple {685#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,138 INFO L290 TraceCheckUtils]: 89: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,138 INFO L290 TraceCheckUtils]: 90: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,138 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {606#true} {607#false} #1644#return; {607#false} is VALID [2022-02-20 17:56:34,139 INFO L272 TraceCheckUtils]: 92: Hoare triple {607#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {686#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:34,139 INFO L290 TraceCheckUtils]: 93: Hoare triple {686#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,139 INFO L290 TraceCheckUtils]: 94: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,139 INFO L290 TraceCheckUtils]: 95: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,139 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {606#true} {607#false} #1646#return; {607#false} is VALID [2022-02-20 17:56:34,140 INFO L290 TraceCheckUtils]: 97: Hoare triple {607#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {607#false} is VALID [2022-02-20 17:56:34,140 INFO L290 TraceCheckUtils]: 98: Hoare triple {607#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {607#false} is VALID [2022-02-20 17:56:34,140 INFO L272 TraceCheckUtils]: 99: Hoare triple {607#false} call outgoing(~sender#1, ~email~0#1); {607#false} is VALID [2022-02-20 17:56:34,140 INFO L290 TraceCheckUtils]: 100: Hoare triple {607#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {607#false} is VALID [2022-02-20 17:56:34,140 INFO L290 TraceCheckUtils]: 101: Hoare triple {607#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {607#false} is VALID [2022-02-20 17:56:34,140 INFO L272 TraceCheckUtils]: 102: Hoare triple {607#false} call outgoing__before__Sign(~client#1, ~msg#1); {607#false} is VALID [2022-02-20 17:56:34,141 INFO L290 TraceCheckUtils]: 103: Hoare triple {607#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {607#false} is VALID [2022-02-20 17:56:34,141 INFO L290 TraceCheckUtils]: 104: Hoare triple {607#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {607#false} is VALID [2022-02-20 17:56:34,141 INFO L272 TraceCheckUtils]: 105: Hoare triple {607#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {607#false} is VALID [2022-02-20 17:56:34,141 INFO L290 TraceCheckUtils]: 106: Hoare triple {607#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {607#false} is VALID [2022-02-20 17:56:34,141 INFO L290 TraceCheckUtils]: 107: Hoare triple {607#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {607#false} is VALID [2022-02-20 17:56:34,142 INFO L272 TraceCheckUtils]: 108: Hoare triple {607#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {607#false} is VALID [2022-02-20 17:56:34,142 INFO L290 TraceCheckUtils]: 109: Hoare triple {607#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {607#false} is VALID [2022-02-20 17:56:34,142 INFO L290 TraceCheckUtils]: 110: Hoare triple {607#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {607#false} is VALID [2022-02-20 17:56:34,142 INFO L290 TraceCheckUtils]: 111: Hoare triple {607#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {607#false} is VALID [2022-02-20 17:56:34,142 INFO L272 TraceCheckUtils]: 112: Hoare triple {607#false} call setEmailFrom(~msg#1, ~tmp~8#1); {685#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:34,142 INFO L290 TraceCheckUtils]: 113: Hoare triple {685#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 17:56:34,143 INFO L290 TraceCheckUtils]: 114: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {606#true} is VALID [2022-02-20 17:56:34,143 INFO L290 TraceCheckUtils]: 115: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,143 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {606#true} {607#false} #1656#return; {607#false} is VALID [2022-02-20 17:56:34,143 INFO L290 TraceCheckUtils]: 117: Hoare triple {607#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {607#false} is VALID [2022-02-20 17:56:34,143 INFO L290 TraceCheckUtils]: 118: Hoare triple {607#false} assume !(-1 == ~mail_is_sensitive~0); {607#false} is VALID [2022-02-20 17:56:34,144 INFO L272 TraceCheckUtils]: 119: Hoare triple {607#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {606#true} is VALID [2022-02-20 17:56:34,144 INFO L290 TraceCheckUtils]: 120: Hoare triple {606#true} ~handle := #in~handle;havoc ~retValue_acc~16; {606#true} is VALID [2022-02-20 17:56:34,144 INFO L290 TraceCheckUtils]: 121: Hoare triple {606#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {606#true} is VALID [2022-02-20 17:56:34,144 INFO L290 TraceCheckUtils]: 122: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 17:56:34,144 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {606#true} {607#false} #1660#return; {607#false} is VALID [2022-02-20 17:56:34,144 INFO L290 TraceCheckUtils]: 124: Hoare triple {607#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {607#false} is VALID [2022-02-20 17:56:34,145 INFO L290 TraceCheckUtils]: 125: Hoare triple {607#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {607#false} is VALID [2022-02-20 17:56:34,145 INFO L290 TraceCheckUtils]: 126: Hoare triple {607#false} assume !false; {607#false} is VALID [2022-02-20 17:56:34,146 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:56:34,146 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:34,146 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1728641892] [2022-02-20 17:56:34,147 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1728641892] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:34,147 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:34,147 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 17:56:34,148 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [285281166] [2022-02-20 17:56:34,149 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:34,152 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 127 [2022-02-20 17:56:34,154 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:34,156 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:34,228 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:34,228 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:56:34,229 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:34,241 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:56:34,242 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 17:56:34,246 INFO L87 Difference]: Start difference. First operand has 603 states, 448 states have (on average 1.515625) internal successors, (679), 468 states have internal predecessors, (679), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) Second operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:38,163 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:38,163 INFO L93 Difference]: Finished difference Result 1078 states and 1627 transitions. [2022-02-20 17:56:38,163 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:56:38,164 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 127 [2022-02-20 17:56:38,164 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:38,165 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:38,210 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1627 transitions. [2022-02-20 17:56:38,211 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:38,262 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1627 transitions. [2022-02-20 17:56:38,262 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1627 transitions. [2022-02-20 17:56:39,711 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1627 edges. 1627 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:39,778 INFO L225 Difference]: With dead ends: 1078 [2022-02-20 17:56:39,778 INFO L226 Difference]: Without dead ends: 737 [2022-02-20 17:56:39,786 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:56:39,790 INFO L933 BasicCegarLoop]: 924 mSDtfsCounter, 1346 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 532 mSolverCounterSat, 626 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1352 SdHoareTripleChecker+Valid, 1638 SdHoareTripleChecker+Invalid, 1158 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 626 IncrementalHoareTripleChecker+Valid, 532 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.5s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:39,792 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1352 Valid, 1638 Invalid, 1158 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [626 Valid, 532 Invalid, 0 Unknown, 0 Unchecked, 1.5s Time] [2022-02-20 17:56:39,809 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 737 states. [2022-02-20 17:56:39,878 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 737 to 596. [2022-02-20 17:56:39,879 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:39,882 INFO L82 GeneralOperation]: Start isEquivalent. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:56:39,885 INFO L74 IsIncluded]: Start isIncluded. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:56:39,887 INFO L87 Difference]: Start difference. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:56:39,928 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:39,928 INFO L93 Difference]: Finished difference Result 737 states and 1126 transitions. [2022-02-20 17:56:39,928 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1126 transitions. [2022-02-20 17:56:39,932 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:39,933 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:39,935 INFO L74 IsIncluded]: Start isIncluded. First operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 737 states. [2022-02-20 17:56:39,936 INFO L87 Difference]: Start difference. First operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 737 states. [2022-02-20 17:56:39,987 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:39,987 INFO L93 Difference]: Finished difference Result 737 states and 1126 transitions. [2022-02-20 17:56:39,987 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1126 transitions. [2022-02-20 17:56:39,990 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:39,990 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:39,990 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:39,990 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:39,992 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:56:40,018 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 596 states to 596 states and 887 transitions. [2022-02-20 17:56:40,019 INFO L78 Accepts]: Start accepts. Automaton has 596 states and 887 transitions. Word has length 127 [2022-02-20 17:56:40,020 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:40,020 INFO L470 AbstractCegarLoop]: Abstraction has 596 states and 887 transitions. [2022-02-20 17:56:40,020 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:40,021 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 887 transitions. [2022-02-20 17:56:40,023 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 129 [2022-02-20 17:56:40,023 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:40,023 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:40,024 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 17:56:40,024 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:40,025 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:40,025 INFO L85 PathProgramCache]: Analyzing trace with hash 445600766, now seen corresponding path program 1 times [2022-02-20 17:56:40,025 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:40,025 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [52230752] [2022-02-20 17:56:40,025 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:40,025 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:40,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:56:40,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,112 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,113 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4508#true} {4508#true} #1730#return; {4508#true} is VALID [2022-02-20 17:56:40,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:56:40,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,117 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,117 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4508#true} {4508#true} #1732#return; {4508#true} is VALID [2022-02-20 17:56:40,117 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:56:40,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,121 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,121 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,121 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4508#true} {4508#true} #1734#return; {4508#true} is VALID [2022-02-20 17:56:40,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:40,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,124 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,124 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,124 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4508#true} {4508#true} #1736#return; {4508#true} is VALID [2022-02-20 17:56:40,125 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:56:40,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,128 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,128 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,128 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4508#true} {4508#true} #1738#return; {4508#true} is VALID [2022-02-20 17:56:40,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:56:40,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,131 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,131 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,131 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4508#true} {4508#true} #1740#return; {4508#true} is VALID [2022-02-20 17:56:40,131 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:56:40,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,135 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,135 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4508#true} {4508#true} #1742#return; {4508#true} is VALID [2022-02-20 17:56:40,135 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:56:40,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,138 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,138 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4508#true} {4508#true} #1744#return; {4508#true} is VALID [2022-02-20 17:56:40,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:56:40,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:40,148 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,150 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4508#true} {4508#true} #1728#return; {4508#true} is VALID [2022-02-20 17:56:40,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4508#true} is VALID [2022-02-20 17:56:40,151 INFO L272 TraceCheckUtils]: 1: Hoare triple {4508#true} call setClientId(~bob___0, ~bob___0); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,152 INFO L290 TraceCheckUtils]: 3: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,152 INFO L290 TraceCheckUtils]: 4: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,152 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4508#true} {4508#true} #1728#return; {4508#true} is VALID [2022-02-20 17:56:40,152 INFO L290 TraceCheckUtils]: 6: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,152 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4508#true} {4509#false} #1750#return; {4509#false} is VALID [2022-02-20 17:56:40,153 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:56:40,154 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,157 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:40,157 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,159 INFO L290 TraceCheckUtils]: 0: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,159 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,160 INFO L290 TraceCheckUtils]: 2: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,160 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4508#true} {4508#true} #1680#return; {4508#true} is VALID [2022-02-20 17:56:40,160 INFO L290 TraceCheckUtils]: 0: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4508#true} is VALID [2022-02-20 17:56:40,161 INFO L272 TraceCheckUtils]: 1: Hoare triple {4508#true} call setClientId(~rjh___0, ~rjh___0); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,161 INFO L290 TraceCheckUtils]: 2: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,161 INFO L290 TraceCheckUtils]: 3: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,161 INFO L290 TraceCheckUtils]: 4: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,161 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4508#true} {4508#true} #1680#return; {4508#true} is VALID [2022-02-20 17:56:40,161 INFO L290 TraceCheckUtils]: 6: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,162 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4508#true} {4509#false} #1756#return; {4509#false} is VALID [2022-02-20 17:56:40,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:56:40,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,166 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:40,167 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,169 INFO L290 TraceCheckUtils]: 0: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,170 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,170 INFO L290 TraceCheckUtils]: 2: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,170 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4508#true} {4508#true} #1622#return; {4508#true} is VALID [2022-02-20 17:56:40,170 INFO L290 TraceCheckUtils]: 0: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4508#true} is VALID [2022-02-20 17:56:40,173 INFO L272 TraceCheckUtils]: 1: Hoare triple {4508#true} call setClientId(~chuck___0, ~chuck___0); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,173 INFO L290 TraceCheckUtils]: 2: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,173 INFO L290 TraceCheckUtils]: 3: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,173 INFO L290 TraceCheckUtils]: 4: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,173 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4508#true} {4508#true} #1622#return; {4508#true} is VALID [2022-02-20 17:56:40,173 INFO L290 TraceCheckUtils]: 6: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,174 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4508#true} {4509#false} #1762#return; {4509#false} is VALID [2022-02-20 17:56:40,178 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:56:40,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,182 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,182 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,182 INFO L290 TraceCheckUtils]: 2: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,182 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4508#true} {4509#false} #1644#return; {4509#false} is VALID [2022-02-20 17:56:40,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:56:40,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,191 INFO L290 TraceCheckUtils]: 0: Hoare triple {4591#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,191 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,191 INFO L290 TraceCheckUtils]: 2: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,192 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4508#true} {4509#false} #1646#return; {4509#false} is VALID [2022-02-20 17:56:40,192 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:56:40,193 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,195 INFO L290 TraceCheckUtils]: 2: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,195 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4508#true} {4509#false} #1656#return; {4509#false} is VALID [2022-02-20 17:56:40,195 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 17:56:40,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} ~handle := #in~handle;havoc ~retValue_acc~16; {4508#true} is VALID [2022-02-20 17:56:40,198 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {4508#true} is VALID [2022-02-20 17:56:40,198 INFO L290 TraceCheckUtils]: 2: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,198 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4508#true} {4509#false} #1660#return; {4509#false} is VALID [2022-02-20 17:56:40,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {4508#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {4508#true} is VALID [2022-02-20 17:56:40,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {4508#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4508#true} is VALID [2022-02-20 17:56:40,199 INFO L290 TraceCheckUtils]: 2: Hoare triple {4508#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {4508#true} is VALID [2022-02-20 17:56:40,199 INFO L272 TraceCheckUtils]: 3: Hoare triple {4508#true} call select_features_#t~ret117#1 := select_one(); {4508#true} is VALID [2022-02-20 17:56:40,199 INFO L290 TraceCheckUtils]: 4: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,200 INFO L290 TraceCheckUtils]: 5: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,200 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4508#true} {4508#true} #1730#return; {4508#true} is VALID [2022-02-20 17:56:40,200 INFO L290 TraceCheckUtils]: 7: Hoare triple {4508#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {4508#true} is VALID [2022-02-20 17:56:40,200 INFO L272 TraceCheckUtils]: 8: Hoare triple {4508#true} call select_features_#t~ret118#1 := select_one(); {4508#true} is VALID [2022-02-20 17:56:40,200 INFO L290 TraceCheckUtils]: 9: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,200 INFO L290 TraceCheckUtils]: 10: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,201 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4508#true} {4508#true} #1732#return; {4508#true} is VALID [2022-02-20 17:56:40,201 INFO L290 TraceCheckUtils]: 12: Hoare triple {4508#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {4508#true} is VALID [2022-02-20 17:56:40,201 INFO L272 TraceCheckUtils]: 13: Hoare triple {4508#true} call select_features_#t~ret119#1 := select_one(); {4508#true} is VALID [2022-02-20 17:56:40,201 INFO L290 TraceCheckUtils]: 14: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,201 INFO L290 TraceCheckUtils]: 15: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,201 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4508#true} {4508#true} #1734#return; {4508#true} is VALID [2022-02-20 17:56:40,201 INFO L290 TraceCheckUtils]: 17: Hoare triple {4508#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {4508#true} is VALID [2022-02-20 17:56:40,202 INFO L272 TraceCheckUtils]: 18: Hoare triple {4508#true} call select_features_#t~ret120#1 := select_one(); {4508#true} is VALID [2022-02-20 17:56:40,202 INFO L290 TraceCheckUtils]: 19: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,202 INFO L290 TraceCheckUtils]: 20: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,202 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4508#true} {4508#true} #1736#return; {4508#true} is VALID [2022-02-20 17:56:40,202 INFO L290 TraceCheckUtils]: 22: Hoare triple {4508#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {4508#true} is VALID [2022-02-20 17:56:40,202 INFO L272 TraceCheckUtils]: 23: Hoare triple {4508#true} call select_features_#t~ret121#1 := select_one(); {4508#true} is VALID [2022-02-20 17:56:40,202 INFO L290 TraceCheckUtils]: 24: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,203 INFO L290 TraceCheckUtils]: 25: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,203 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4508#true} {4508#true} #1738#return; {4508#true} is VALID [2022-02-20 17:56:40,203 INFO L290 TraceCheckUtils]: 27: Hoare triple {4508#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {4508#true} is VALID [2022-02-20 17:56:40,203 INFO L272 TraceCheckUtils]: 28: Hoare triple {4508#true} call select_features_#t~ret122#1 := select_one(); {4508#true} is VALID [2022-02-20 17:56:40,203 INFO L290 TraceCheckUtils]: 29: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,203 INFO L290 TraceCheckUtils]: 30: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,203 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4508#true} {4508#true} #1740#return; {4508#true} is VALID [2022-02-20 17:56:40,204 INFO L290 TraceCheckUtils]: 32: Hoare triple {4508#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {4508#true} is VALID [2022-02-20 17:56:40,204 INFO L272 TraceCheckUtils]: 33: Hoare triple {4508#true} call select_features_#t~ret123#1 := select_one(); {4508#true} is VALID [2022-02-20 17:56:40,204 INFO L290 TraceCheckUtils]: 34: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,204 INFO L290 TraceCheckUtils]: 35: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,204 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4508#true} {4508#true} #1742#return; {4508#true} is VALID [2022-02-20 17:56:40,204 INFO L290 TraceCheckUtils]: 37: Hoare triple {4508#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {4508#true} is VALID [2022-02-20 17:56:40,204 INFO L272 TraceCheckUtils]: 38: Hoare triple {4508#true} call select_features_#t~ret124#1 := select_one(); {4508#true} is VALID [2022-02-20 17:56:40,205 INFO L290 TraceCheckUtils]: 39: Hoare triple {4508#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {4508#true} is VALID [2022-02-20 17:56:40,205 INFO L290 TraceCheckUtils]: 40: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,205 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4508#true} {4508#true} #1744#return; {4508#true} is VALID [2022-02-20 17:56:40,205 INFO L290 TraceCheckUtils]: 42: Hoare triple {4508#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {4508#true} is VALID [2022-02-20 17:56:40,205 INFO L290 TraceCheckUtils]: 43: Hoare triple {4508#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {4508#true} is VALID [2022-02-20 17:56:40,205 INFO L290 TraceCheckUtils]: 44: Hoare triple {4508#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4508#true} is VALID [2022-02-20 17:56:40,206 INFO L290 TraceCheckUtils]: 45: Hoare triple {4508#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~27#1 := 0; {4534#(= |ULTIMATE.start_valid_product_~tmp~27#1| 0)} is VALID [2022-02-20 17:56:40,206 INFO L290 TraceCheckUtils]: 46: Hoare triple {4534#(= |ULTIMATE.start_valid_product_~tmp~27#1| 0)} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {4535#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 17:56:40,207 INFO L290 TraceCheckUtils]: 47: Hoare triple {4535#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {4536#(= |ULTIMATE.start_main_~tmp~20#1| 0)} is VALID [2022-02-20 17:56:40,207 INFO L290 TraceCheckUtils]: 48: Hoare triple {4536#(= |ULTIMATE.start_main_~tmp~20#1| 0)} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4509#false} is VALID [2022-02-20 17:56:40,207 INFO L290 TraceCheckUtils]: 49: Hoare triple {4509#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4509#false} is VALID [2022-02-20 17:56:40,207 INFO L272 TraceCheckUtils]: 50: Hoare triple {4509#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,207 INFO L290 TraceCheckUtils]: 51: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4508#true} is VALID [2022-02-20 17:56:40,210 INFO L272 TraceCheckUtils]: 52: Hoare triple {4508#true} call setClientId(~bob___0, ~bob___0); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,210 INFO L290 TraceCheckUtils]: 53: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,211 INFO L290 TraceCheckUtils]: 54: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,211 INFO L290 TraceCheckUtils]: 55: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,211 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4508#true} {4508#true} #1728#return; {4508#true} is VALID [2022-02-20 17:56:40,211 INFO L290 TraceCheckUtils]: 57: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,211 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4508#true} {4509#false} #1750#return; {4509#false} is VALID [2022-02-20 17:56:40,211 INFO L290 TraceCheckUtils]: 59: Hoare triple {4509#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4509#false} is VALID [2022-02-20 17:56:40,211 INFO L290 TraceCheckUtils]: 60: Hoare triple {4509#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4509#false} is VALID [2022-02-20 17:56:40,212 INFO L272 TraceCheckUtils]: 61: Hoare triple {4509#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,212 INFO L290 TraceCheckUtils]: 62: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4508#true} is VALID [2022-02-20 17:56:40,212 INFO L272 TraceCheckUtils]: 63: Hoare triple {4508#true} call setClientId(~rjh___0, ~rjh___0); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,212 INFO L290 TraceCheckUtils]: 64: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 65: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 66: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,213 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4508#true} {4508#true} #1680#return; {4508#true} is VALID [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 68: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,213 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4508#true} {4509#false} #1756#return; {4509#false} is VALID [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 70: Hoare triple {4509#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4509#false} is VALID [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 71: Hoare triple {4509#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4509#false} is VALID [2022-02-20 17:56:40,214 INFO L272 TraceCheckUtils]: 72: Hoare triple {4509#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,214 INFO L290 TraceCheckUtils]: 73: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4508#true} is VALID [2022-02-20 17:56:40,214 INFO L272 TraceCheckUtils]: 74: Hoare triple {4508#true} call setClientId(~chuck___0, ~chuck___0); {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,214 INFO L290 TraceCheckUtils]: 75: Hoare triple {4577#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,215 INFO L290 TraceCheckUtils]: 76: Hoare triple {4508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,215 INFO L290 TraceCheckUtils]: 77: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,215 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4508#true} {4508#true} #1622#return; {4508#true} is VALID [2022-02-20 17:56:40,215 INFO L290 TraceCheckUtils]: 79: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,215 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4508#true} {4509#false} #1762#return; {4509#false} is VALID [2022-02-20 17:56:40,215 INFO L290 TraceCheckUtils]: 81: Hoare triple {4509#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {4509#false} is VALID [2022-02-20 17:56:40,215 INFO L290 TraceCheckUtils]: 82: Hoare triple {4509#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4509#false} is VALID [2022-02-20 17:56:40,216 INFO L290 TraceCheckUtils]: 83: Hoare triple {4509#false} assume !false; {4509#false} is VALID [2022-02-20 17:56:40,216 INFO L290 TraceCheckUtils]: 84: Hoare triple {4509#false} assume !(test_~splverifierCounter~0#1 < 4); {4509#false} is VALID [2022-02-20 17:56:40,216 INFO L290 TraceCheckUtils]: 85: Hoare triple {4509#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {4509#false} is VALID [2022-02-20 17:56:40,216 INFO L272 TraceCheckUtils]: 86: Hoare triple {4509#false} call sendEmail(~bob~0, ~rjh~0); {4509#false} is VALID [2022-02-20 17:56:40,216 INFO L290 TraceCheckUtils]: 87: Hoare triple {4509#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4509#false} is VALID [2022-02-20 17:56:40,216 INFO L272 TraceCheckUtils]: 88: Hoare triple {4509#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4590#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:40,217 INFO L290 TraceCheckUtils]: 89: Hoare triple {4590#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,217 INFO L290 TraceCheckUtils]: 90: Hoare triple {4508#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,217 INFO L290 TraceCheckUtils]: 91: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,217 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4508#true} {4509#false} #1644#return; {4509#false} is VALID [2022-02-20 17:56:40,217 INFO L272 TraceCheckUtils]: 93: Hoare triple {4509#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4591#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:40,217 INFO L290 TraceCheckUtils]: 94: Hoare triple {4591#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,217 INFO L290 TraceCheckUtils]: 95: Hoare triple {4508#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,218 INFO L290 TraceCheckUtils]: 96: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,218 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4508#true} {4509#false} #1646#return; {4509#false} is VALID [2022-02-20 17:56:40,218 INFO L290 TraceCheckUtils]: 98: Hoare triple {4509#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {4509#false} is VALID [2022-02-20 17:56:40,218 INFO L290 TraceCheckUtils]: 99: Hoare triple {4509#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {4509#false} is VALID [2022-02-20 17:56:40,218 INFO L272 TraceCheckUtils]: 100: Hoare triple {4509#false} call outgoing(~sender#1, ~email~0#1); {4509#false} is VALID [2022-02-20 17:56:40,218 INFO L290 TraceCheckUtils]: 101: Hoare triple {4509#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4509#false} is VALID [2022-02-20 17:56:40,218 INFO L290 TraceCheckUtils]: 102: Hoare triple {4509#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4509#false} is VALID [2022-02-20 17:56:40,219 INFO L272 TraceCheckUtils]: 103: Hoare triple {4509#false} call outgoing__before__Sign(~client#1, ~msg#1); {4509#false} is VALID [2022-02-20 17:56:40,219 INFO L290 TraceCheckUtils]: 104: Hoare triple {4509#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4509#false} is VALID [2022-02-20 17:56:40,219 INFO L290 TraceCheckUtils]: 105: Hoare triple {4509#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4509#false} is VALID [2022-02-20 17:56:40,219 INFO L272 TraceCheckUtils]: 106: Hoare triple {4509#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4509#false} is VALID [2022-02-20 17:56:40,219 INFO L290 TraceCheckUtils]: 107: Hoare triple {4509#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4509#false} is VALID [2022-02-20 17:56:40,219 INFO L290 TraceCheckUtils]: 108: Hoare triple {4509#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4509#false} is VALID [2022-02-20 17:56:40,219 INFO L272 TraceCheckUtils]: 109: Hoare triple {4509#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4509#false} is VALID [2022-02-20 17:56:40,220 INFO L290 TraceCheckUtils]: 110: Hoare triple {4509#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {4509#false} is VALID [2022-02-20 17:56:40,220 INFO L290 TraceCheckUtils]: 111: Hoare triple {4509#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {4509#false} is VALID [2022-02-20 17:56:40,220 INFO L290 TraceCheckUtils]: 112: Hoare triple {4509#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {4509#false} is VALID [2022-02-20 17:56:40,220 INFO L272 TraceCheckUtils]: 113: Hoare triple {4509#false} call setEmailFrom(~msg#1, ~tmp~8#1); {4590#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:40,220 INFO L290 TraceCheckUtils]: 114: Hoare triple {4590#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4508#true} is VALID [2022-02-20 17:56:40,220 INFO L290 TraceCheckUtils]: 115: Hoare triple {4508#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4508#true} is VALID [2022-02-20 17:56:40,220 INFO L290 TraceCheckUtils]: 116: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,221 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4508#true} {4509#false} #1656#return; {4509#false} is VALID [2022-02-20 17:56:40,221 INFO L290 TraceCheckUtils]: 118: Hoare triple {4509#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {4509#false} is VALID [2022-02-20 17:56:40,221 INFO L290 TraceCheckUtils]: 119: Hoare triple {4509#false} assume !(-1 == ~mail_is_sensitive~0); {4509#false} is VALID [2022-02-20 17:56:40,221 INFO L272 TraceCheckUtils]: 120: Hoare triple {4509#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {4508#true} is VALID [2022-02-20 17:56:40,221 INFO L290 TraceCheckUtils]: 121: Hoare triple {4508#true} ~handle := #in~handle;havoc ~retValue_acc~16; {4508#true} is VALID [2022-02-20 17:56:40,221 INFO L290 TraceCheckUtils]: 122: Hoare triple {4508#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {4508#true} is VALID [2022-02-20 17:56:40,221 INFO L290 TraceCheckUtils]: 123: Hoare triple {4508#true} assume true; {4508#true} is VALID [2022-02-20 17:56:40,222 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {4508#true} {4509#false} #1660#return; {4509#false} is VALID [2022-02-20 17:56:40,222 INFO L290 TraceCheckUtils]: 125: Hoare triple {4509#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {4509#false} is VALID [2022-02-20 17:56:40,222 INFO L290 TraceCheckUtils]: 126: Hoare triple {4509#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {4509#false} is VALID [2022-02-20 17:56:40,222 INFO L290 TraceCheckUtils]: 127: Hoare triple {4509#false} assume !false; {4509#false} is VALID [2022-02-20 17:56:40,222 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:56:40,223 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:40,223 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [52230752] [2022-02-20 17:56:40,223 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [52230752] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:40,223 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:40,223 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:56:40,223 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [225466674] [2022-02-20 17:56:40,224 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:40,225 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 128 [2022-02-20 17:56:40,225 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:40,225 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:40,281 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:40,282 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:56:40,282 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:40,282 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:56:40,282 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:56:40,283 INFO L87 Difference]: Start difference. First operand 596 states and 887 transitions. Second operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:48,474 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:48,474 INFO L93 Difference]: Finished difference Result 1297 states and 1957 transitions. [2022-02-20 17:56:48,475 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 17:56:48,475 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 128 [2022-02-20 17:56:48,475 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:48,476 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:48,509 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1957 transitions. [2022-02-20 17:56:48,510 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:48,541 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1957 transitions. [2022-02-20 17:56:48,541 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1957 transitions. [2022-02-20 17:56:49,954 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1957 edges. 1957 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:50,024 INFO L225 Difference]: With dead ends: 1297 [2022-02-20 17:56:50,025 INFO L226 Difference]: Without dead ends: 737 [2022-02-20 17:56:50,029 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:56:50,032 INFO L933 BasicCegarLoop]: 906 mSDtfsCounter, 1355 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2880 mSolverCounterSat, 648 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1360 SdHoareTripleChecker+Valid, 2380 SdHoareTripleChecker+Invalid, 3528 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 648 IncrementalHoareTripleChecker+Valid, 2880 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:50,032 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1360 Valid, 2380 Invalid, 3528 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [648 Valid, 2880 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 17:56:50,034 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 737 states. [2022-02-20 17:56:50,068 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 737 to 596. [2022-02-20 17:56:50,069 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:50,070 INFO L82 GeneralOperation]: Start isEquivalent. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:56:50,071 INFO L74 IsIncluded]: Start isIncluded. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:56:50,072 INFO L87 Difference]: Start difference. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:56:50,102 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:50,102 INFO L93 Difference]: Finished difference Result 737 states and 1119 transitions. [2022-02-20 17:56:50,102 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1119 transitions. [2022-02-20 17:56:50,105 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:50,105 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:50,107 INFO L74 IsIncluded]: Start isIncluded. First operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 737 states. [2022-02-20 17:56:50,108 INFO L87 Difference]: Start difference. First operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 737 states. [2022-02-20 17:56:50,135 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:50,135 INFO L93 Difference]: Finished difference Result 737 states and 1119 transitions. [2022-02-20 17:56:50,135 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1119 transitions. [2022-02-20 17:56:50,137 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:50,137 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:50,137 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:50,137 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:50,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:56:50,161 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 596 states to 596 states and 880 transitions. [2022-02-20 17:56:50,162 INFO L78 Accepts]: Start accepts. Automaton has 596 states and 880 transitions. Word has length 128 [2022-02-20 17:56:50,163 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:50,164 INFO L470 AbstractCegarLoop]: Abstraction has 596 states and 880 transitions. [2022-02-20 17:56:50,164 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:50,164 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 880 transitions. [2022-02-20 17:56:50,169 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 134 [2022-02-20 17:56:50,170 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:50,170 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:50,170 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 17:56:50,170 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:50,170 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:50,170 INFO L85 PathProgramCache]: Analyzing trace with hash -189778846, now seen corresponding path program 1 times [2022-02-20 17:56:50,171 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:50,171 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1464569289] [2022-02-20 17:56:50,171 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:50,171 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:50,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:56:50,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,236 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8708#true} {8708#true} #1730#return; {8708#true} is VALID [2022-02-20 17:56:50,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:56:50,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,242 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,242 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,242 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8708#true} {8708#true} #1732#return; {8708#true} is VALID [2022-02-20 17:56:50,243 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:56:50,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,247 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,247 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,248 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1734#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:50,251 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,254 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,254 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,254 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1736#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,255 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:56:50,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,261 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,262 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1738#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,262 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:56:50,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,271 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,271 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1740#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,271 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:56:50,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,277 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,277 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,277 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1742#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,278 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:56:50,281 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,287 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,287 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1744#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,293 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:56:50,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:50,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,301 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,301 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8708#true} {8708#true} #1728#return; {8708#true} is VALID [2022-02-20 17:56:50,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8708#true} is VALID [2022-02-20 17:56:50,302 INFO L272 TraceCheckUtils]: 1: Hoare triple {8708#true} call setClientId(~bob___0, ~bob___0); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,303 INFO L290 TraceCheckUtils]: 2: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,303 INFO L290 TraceCheckUtils]: 3: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,303 INFO L290 TraceCheckUtils]: 4: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,303 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8708#true} {8708#true} #1728#return; {8708#true} is VALID [2022-02-20 17:56:50,303 INFO L290 TraceCheckUtils]: 6: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,303 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8708#true} {8709#false} #1750#return; {8709#false} is VALID [2022-02-20 17:56:50,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:56:50,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:50,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,320 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8708#true} {8708#true} #1680#return; {8708#true} is VALID [2022-02-20 17:56:50,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8708#true} is VALID [2022-02-20 17:56:50,321 INFO L272 TraceCheckUtils]: 1: Hoare triple {8708#true} call setClientId(~rjh___0, ~rjh___0); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,321 INFO L290 TraceCheckUtils]: 2: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,321 INFO L290 TraceCheckUtils]: 3: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,321 INFO L290 TraceCheckUtils]: 4: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,321 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8708#true} {8708#true} #1680#return; {8708#true} is VALID [2022-02-20 17:56:50,321 INFO L290 TraceCheckUtils]: 6: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,321 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8708#true} {8709#false} #1756#return; {8709#false} is VALID [2022-02-20 17:56:50,322 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:56:50,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:50,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,329 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8708#true} {8708#true} #1622#return; {8708#true} is VALID [2022-02-20 17:56:50,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8708#true} is VALID [2022-02-20 17:56:50,330 INFO L272 TraceCheckUtils]: 1: Hoare triple {8708#true} call setClientId(~chuck___0, ~chuck___0); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,330 INFO L290 TraceCheckUtils]: 2: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,330 INFO L290 TraceCheckUtils]: 3: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,330 INFO L290 TraceCheckUtils]: 4: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,330 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8708#true} {8708#true} #1622#return; {8708#true} is VALID [2022-02-20 17:56:50,331 INFO L290 TraceCheckUtils]: 6: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,331 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8708#true} {8709#false} #1762#return; {8709#false} is VALID [2022-02-20 17:56:50,335 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:56:50,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {8788#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,339 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8708#true} {8709#false} #1644#return; {8709#false} is VALID [2022-02-20 17:56:50,343 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:56:50,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {8789#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,347 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,347 INFO L290 TraceCheckUtils]: 2: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,347 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8708#true} {8709#false} #1646#return; {8709#false} is VALID [2022-02-20 17:56:50,347 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:56:50,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {8788#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,350 INFO L290 TraceCheckUtils]: 2: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,351 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8708#true} {8709#false} #1656#return; {8709#false} is VALID [2022-02-20 17:56:50,351 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:56:50,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:50,353 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} ~handle := #in~handle;havoc ~retValue_acc~16; {8708#true} is VALID [2022-02-20 17:56:50,354 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {8708#true} is VALID [2022-02-20 17:56:50,354 INFO L290 TraceCheckUtils]: 2: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,354 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8708#true} {8709#false} #1660#return; {8709#false} is VALID [2022-02-20 17:56:50,354 INFO L290 TraceCheckUtils]: 0: Hoare triple {8708#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8708#true} is VALID [2022-02-20 17:56:50,354 INFO L290 TraceCheckUtils]: 1: Hoare triple {8708#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8708#true} is VALID [2022-02-20 17:56:50,354 INFO L290 TraceCheckUtils]: 2: Hoare triple {8708#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {8708#true} is VALID [2022-02-20 17:56:50,354 INFO L272 TraceCheckUtils]: 3: Hoare triple {8708#true} call select_features_#t~ret117#1 := select_one(); {8708#true} is VALID [2022-02-20 17:56:50,355 INFO L290 TraceCheckUtils]: 4: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,355 INFO L290 TraceCheckUtils]: 5: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,355 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8708#true} {8708#true} #1730#return; {8708#true} is VALID [2022-02-20 17:56:50,355 INFO L290 TraceCheckUtils]: 7: Hoare triple {8708#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {8708#true} is VALID [2022-02-20 17:56:50,355 INFO L272 TraceCheckUtils]: 8: Hoare triple {8708#true} call select_features_#t~ret118#1 := select_one(); {8708#true} is VALID [2022-02-20 17:56:50,355 INFO L290 TraceCheckUtils]: 9: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,355 INFO L290 TraceCheckUtils]: 10: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,355 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8708#true} {8708#true} #1732#return; {8708#true} is VALID [2022-02-20 17:56:50,356 INFO L290 TraceCheckUtils]: 12: Hoare triple {8708#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,356 INFO L272 TraceCheckUtils]: 13: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret119#1 := select_one(); {8708#true} is VALID [2022-02-20 17:56:50,356 INFO L290 TraceCheckUtils]: 14: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,356 INFO L290 TraceCheckUtils]: 15: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,357 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1734#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,357 INFO L290 TraceCheckUtils]: 17: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,357 INFO L272 TraceCheckUtils]: 18: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret120#1 := select_one(); {8708#true} is VALID [2022-02-20 17:56:50,357 INFO L290 TraceCheckUtils]: 19: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,357 INFO L290 TraceCheckUtils]: 20: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,358 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1736#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,358 INFO L290 TraceCheckUtils]: 22: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,358 INFO L272 TraceCheckUtils]: 23: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret121#1 := select_one(); {8708#true} is VALID [2022-02-20 17:56:50,358 INFO L290 TraceCheckUtils]: 24: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,358 INFO L290 TraceCheckUtils]: 25: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,359 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1738#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,359 INFO L290 TraceCheckUtils]: 27: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,359 INFO L272 TraceCheckUtils]: 28: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret122#1 := select_one(); {8708#true} is VALID [2022-02-20 17:56:50,359 INFO L290 TraceCheckUtils]: 29: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,359 INFO L290 TraceCheckUtils]: 30: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,360 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1740#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,360 INFO L290 TraceCheckUtils]: 32: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,360 INFO L272 TraceCheckUtils]: 33: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret123#1 := select_one(); {8708#true} is VALID [2022-02-20 17:56:50,360 INFO L290 TraceCheckUtils]: 34: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,360 INFO L290 TraceCheckUtils]: 35: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,361 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1742#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,361 INFO L290 TraceCheckUtils]: 37: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,361 INFO L272 TraceCheckUtils]: 38: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret124#1 := select_one(); {8708#true} is VALID [2022-02-20 17:56:50,361 INFO L290 TraceCheckUtils]: 39: Hoare triple {8708#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {8708#true} is VALID [2022-02-20 17:56:50,361 INFO L290 TraceCheckUtils]: 40: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,362 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8708#true} {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1744#return; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,362 INFO L290 TraceCheckUtils]: 42: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,362 INFO L290 TraceCheckUtils]: 43: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 17:56:50,363 INFO L290 TraceCheckUtils]: 44: Hoare triple {8716#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8709#false} is VALID [2022-02-20 17:56:50,363 INFO L290 TraceCheckUtils]: 45: Hoare triple {8709#false} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8709#false} is VALID [2022-02-20 17:56:50,363 INFO L290 TraceCheckUtils]: 46: Hoare triple {8709#false} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8709#false} is VALID [2022-02-20 17:56:50,363 INFO L290 TraceCheckUtils]: 47: Hoare triple {8709#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8709#false} is VALID [2022-02-20 17:56:50,363 INFO L290 TraceCheckUtils]: 48: Hoare triple {8709#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8709#false} is VALID [2022-02-20 17:56:50,363 INFO L290 TraceCheckUtils]: 49: Hoare triple {8709#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8709#false} is VALID [2022-02-20 17:56:50,363 INFO L290 TraceCheckUtils]: 50: Hoare triple {8709#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {8709#false} is VALID [2022-02-20 17:56:50,364 INFO L290 TraceCheckUtils]: 51: Hoare triple {8709#false} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {8709#false} is VALID [2022-02-20 17:56:50,364 INFO L290 TraceCheckUtils]: 52: Hoare triple {8709#false} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {8709#false} is VALID [2022-02-20 17:56:50,364 INFO L290 TraceCheckUtils]: 53: Hoare triple {8709#false} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8709#false} is VALID [2022-02-20 17:56:50,364 INFO L290 TraceCheckUtils]: 54: Hoare triple {8709#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8709#false} is VALID [2022-02-20 17:56:50,364 INFO L272 TraceCheckUtils]: 55: Hoare triple {8709#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,364 INFO L290 TraceCheckUtils]: 56: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8708#true} is VALID [2022-02-20 17:56:50,365 INFO L272 TraceCheckUtils]: 57: Hoare triple {8708#true} call setClientId(~bob___0, ~bob___0); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,365 INFO L290 TraceCheckUtils]: 58: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,365 INFO L290 TraceCheckUtils]: 59: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,365 INFO L290 TraceCheckUtils]: 60: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,365 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8708#true} {8708#true} #1728#return; {8708#true} is VALID [2022-02-20 17:56:50,365 INFO L290 TraceCheckUtils]: 62: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,366 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8708#true} {8709#false} #1750#return; {8709#false} is VALID [2022-02-20 17:56:50,366 INFO L290 TraceCheckUtils]: 64: Hoare triple {8709#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8709#false} is VALID [2022-02-20 17:56:50,366 INFO L290 TraceCheckUtils]: 65: Hoare triple {8709#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8709#false} is VALID [2022-02-20 17:56:50,366 INFO L272 TraceCheckUtils]: 66: Hoare triple {8709#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,366 INFO L290 TraceCheckUtils]: 67: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8708#true} is VALID [2022-02-20 17:56:50,367 INFO L272 TraceCheckUtils]: 68: Hoare triple {8708#true} call setClientId(~rjh___0, ~rjh___0); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,367 INFO L290 TraceCheckUtils]: 69: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,367 INFO L290 TraceCheckUtils]: 70: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,367 INFO L290 TraceCheckUtils]: 71: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,367 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8708#true} {8708#true} #1680#return; {8708#true} is VALID [2022-02-20 17:56:50,367 INFO L290 TraceCheckUtils]: 73: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,367 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8708#true} {8709#false} #1756#return; {8709#false} is VALID [2022-02-20 17:56:50,367 INFO L290 TraceCheckUtils]: 75: Hoare triple {8709#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8709#false} is VALID [2022-02-20 17:56:50,368 INFO L290 TraceCheckUtils]: 76: Hoare triple {8709#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8709#false} is VALID [2022-02-20 17:56:50,368 INFO L272 TraceCheckUtils]: 77: Hoare triple {8709#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,368 INFO L290 TraceCheckUtils]: 78: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8708#true} is VALID [2022-02-20 17:56:50,368 INFO L272 TraceCheckUtils]: 79: Hoare triple {8708#true} call setClientId(~chuck___0, ~chuck___0); {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:50,368 INFO L290 TraceCheckUtils]: 80: Hoare triple {8775#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,369 INFO L290 TraceCheckUtils]: 81: Hoare triple {8708#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,369 INFO L290 TraceCheckUtils]: 82: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,369 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8708#true} {8708#true} #1622#return; {8708#true} is VALID [2022-02-20 17:56:50,369 INFO L290 TraceCheckUtils]: 84: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,369 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8708#true} {8709#false} #1762#return; {8709#false} is VALID [2022-02-20 17:56:50,369 INFO L290 TraceCheckUtils]: 86: Hoare triple {8709#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {8709#false} is VALID [2022-02-20 17:56:50,369 INFO L290 TraceCheckUtils]: 87: Hoare triple {8709#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8709#false} is VALID [2022-02-20 17:56:50,369 INFO L290 TraceCheckUtils]: 88: Hoare triple {8709#false} assume !false; {8709#false} is VALID [2022-02-20 17:56:50,369 INFO L290 TraceCheckUtils]: 89: Hoare triple {8709#false} assume !(test_~splverifierCounter~0#1 < 4); {8709#false} is VALID [2022-02-20 17:56:50,370 INFO L290 TraceCheckUtils]: 90: Hoare triple {8709#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {8709#false} is VALID [2022-02-20 17:56:50,370 INFO L272 TraceCheckUtils]: 91: Hoare triple {8709#false} call sendEmail(~bob~0, ~rjh~0); {8709#false} is VALID [2022-02-20 17:56:50,370 INFO L290 TraceCheckUtils]: 92: Hoare triple {8709#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8709#false} is VALID [2022-02-20 17:56:50,370 INFO L272 TraceCheckUtils]: 93: Hoare triple {8709#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8788#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:50,370 INFO L290 TraceCheckUtils]: 94: Hoare triple {8788#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,370 INFO L290 TraceCheckUtils]: 95: Hoare triple {8708#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,370 INFO L290 TraceCheckUtils]: 96: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,370 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8708#true} {8709#false} #1644#return; {8709#false} is VALID [2022-02-20 17:56:50,370 INFO L272 TraceCheckUtils]: 98: Hoare triple {8709#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8789#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:50,371 INFO L290 TraceCheckUtils]: 99: Hoare triple {8789#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,371 INFO L290 TraceCheckUtils]: 100: Hoare triple {8708#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,371 INFO L290 TraceCheckUtils]: 101: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,371 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8708#true} {8709#false} #1646#return; {8709#false} is VALID [2022-02-20 17:56:50,371 INFO L290 TraceCheckUtils]: 103: Hoare triple {8709#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {8709#false} is VALID [2022-02-20 17:56:50,371 INFO L290 TraceCheckUtils]: 104: Hoare triple {8709#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {8709#false} is VALID [2022-02-20 17:56:50,371 INFO L272 TraceCheckUtils]: 105: Hoare triple {8709#false} call outgoing(~sender#1, ~email~0#1); {8709#false} is VALID [2022-02-20 17:56:50,371 INFO L290 TraceCheckUtils]: 106: Hoare triple {8709#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L290 TraceCheckUtils]: 107: Hoare triple {8709#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L272 TraceCheckUtils]: 108: Hoare triple {8709#false} call outgoing__before__Sign(~client#1, ~msg#1); {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L290 TraceCheckUtils]: 109: Hoare triple {8709#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L290 TraceCheckUtils]: 110: Hoare triple {8709#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L272 TraceCheckUtils]: 111: Hoare triple {8709#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L290 TraceCheckUtils]: 112: Hoare triple {8709#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L290 TraceCheckUtils]: 113: Hoare triple {8709#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L272 TraceCheckUtils]: 114: Hoare triple {8709#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L290 TraceCheckUtils]: 115: Hoare triple {8709#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {8709#false} is VALID [2022-02-20 17:56:50,372 INFO L290 TraceCheckUtils]: 116: Hoare triple {8709#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {8709#false} is VALID [2022-02-20 17:56:50,373 INFO L290 TraceCheckUtils]: 117: Hoare triple {8709#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {8709#false} is VALID [2022-02-20 17:56:50,373 INFO L272 TraceCheckUtils]: 118: Hoare triple {8709#false} call setEmailFrom(~msg#1, ~tmp~8#1); {8788#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:50,373 INFO L290 TraceCheckUtils]: 119: Hoare triple {8788#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8708#true} is VALID [2022-02-20 17:56:50,373 INFO L290 TraceCheckUtils]: 120: Hoare triple {8708#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8708#true} is VALID [2022-02-20 17:56:50,373 INFO L290 TraceCheckUtils]: 121: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,373 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8708#true} {8709#false} #1656#return; {8709#false} is VALID [2022-02-20 17:56:50,373 INFO L290 TraceCheckUtils]: 123: Hoare triple {8709#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {8709#false} is VALID [2022-02-20 17:56:50,373 INFO L290 TraceCheckUtils]: 124: Hoare triple {8709#false} assume !(-1 == ~mail_is_sensitive~0); {8709#false} is VALID [2022-02-20 17:56:50,374 INFO L272 TraceCheckUtils]: 125: Hoare triple {8709#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {8708#true} is VALID [2022-02-20 17:56:50,374 INFO L290 TraceCheckUtils]: 126: Hoare triple {8708#true} ~handle := #in~handle;havoc ~retValue_acc~16; {8708#true} is VALID [2022-02-20 17:56:50,374 INFO L290 TraceCheckUtils]: 127: Hoare triple {8708#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {8708#true} is VALID [2022-02-20 17:56:50,374 INFO L290 TraceCheckUtils]: 128: Hoare triple {8708#true} assume true; {8708#true} is VALID [2022-02-20 17:56:50,374 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {8708#true} {8709#false} #1660#return; {8709#false} is VALID [2022-02-20 17:56:50,374 INFO L290 TraceCheckUtils]: 130: Hoare triple {8709#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {8709#false} is VALID [2022-02-20 17:56:50,374 INFO L290 TraceCheckUtils]: 131: Hoare triple {8709#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {8709#false} is VALID [2022-02-20 17:56:50,374 INFO L290 TraceCheckUtils]: 132: Hoare triple {8709#false} assume !false; {8709#false} is VALID [2022-02-20 17:56:50,375 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:56:50,375 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:50,375 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1464569289] [2022-02-20 17:56:50,375 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1464569289] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:50,375 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:50,375 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:56:50,376 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1018262527] [2022-02-20 17:56:50,376 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:50,376 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) Word has length 133 [2022-02-20 17:56:50,377 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:50,377 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:56:50,435 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 110 edges. 110 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:50,436 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:56:50,436 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:50,436 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:56:50,436 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:56:50,437 INFO L87 Difference]: Start difference. First operand 596 states and 880 transitions. Second operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:56:54,105 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:54,106 INFO L93 Difference]: Finished difference Result 1307 states and 1989 transitions. [2022-02-20 17:56:54,106 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:56:54,106 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) Word has length 133 [2022-02-20 17:56:54,106 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:54,107 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:56:54,128 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1989 transitions. [2022-02-20 17:56:54,128 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:56:54,151 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1989 transitions. [2022-02-20 17:56:54,151 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1989 transitions. [2022-02-20 17:56:55,736 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1989 edges. 1989 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:55,765 INFO L225 Difference]: With dead ends: 1307 [2022-02-20 17:56:55,765 INFO L226 Difference]: Without dead ends: 736 [2022-02-20 17:56:55,767 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:56:55,773 INFO L933 BasicCegarLoop]: 891 mSDtfsCounter, 2032 mSDsluCounter, 662 mSDsCounter, 0 mSdLazyCounter, 518 mSolverCounterSat, 823 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2059 SdHoareTripleChecker+Valid, 1553 SdHoareTripleChecker+Invalid, 1341 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 823 IncrementalHoareTripleChecker+Valid, 518 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:55,774 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2059 Valid, 1553 Invalid, 1341 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [823 Valid, 518 Invalid, 0 Unknown, 0 Unchecked, 1.4s Time] [2022-02-20 17:56:55,776 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 736 states. [2022-02-20 17:56:55,797 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 736 to 595. [2022-02-20 17:56:55,797 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:55,798 INFO L82 GeneralOperation]: Start isEquivalent. First operand 736 states. Second operand has 595 states, 443 states have (on average 1.4830699774266365) internal successors, (657), 460 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 17:56:55,799 INFO L74 IsIncluded]: Start isIncluded. First operand 736 states. Second operand has 595 states, 443 states have (on average 1.4830699774266365) internal successors, (657), 460 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 17:56:55,801 INFO L87 Difference]: Start difference. First operand 736 states. Second operand has 595 states, 443 states have (on average 1.4830699774266365) internal successors, (657), 460 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 17:56:55,824 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:55,824 INFO L93 Difference]: Finished difference Result 736 states and 1106 transitions. [2022-02-20 17:56:55,824 INFO L276 IsEmpty]: Start isEmpty. Operand 736 states and 1106 transitions. [2022-02-20 17:56:55,826 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:55,826 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:55,827 INFO L74 IsIncluded]: Start isIncluded. First operand has 595 states, 443 states have (on average 1.4830699774266365) internal successors, (657), 460 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) Second operand 736 states. [2022-02-20 17:56:55,828 INFO L87 Difference]: Start difference. First operand has 595 states, 443 states have (on average 1.4830699774266365) internal successors, (657), 460 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) Second operand 736 states. [2022-02-20 17:56:55,853 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:55,853 INFO L93 Difference]: Finished difference Result 736 states and 1106 transitions. [2022-02-20 17:56:55,853 INFO L276 IsEmpty]: Start isEmpty. Operand 736 states and 1106 transitions. [2022-02-20 17:56:55,855 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:55,856 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:55,856 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:55,856 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:55,857 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 595 states, 443 states have (on average 1.4830699774266365) internal successors, (657), 460 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 17:56:55,878 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 595 states to 595 states and 870 transitions. [2022-02-20 17:56:55,879 INFO L78 Accepts]: Start accepts. Automaton has 595 states and 870 transitions. Word has length 133 [2022-02-20 17:56:55,879 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:55,879 INFO L470 AbstractCegarLoop]: Abstraction has 595 states and 870 transitions. [2022-02-20 17:56:55,879 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:56:55,879 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 870 transitions. [2022-02-20 17:56:55,881 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 157 [2022-02-20 17:56:55,881 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:55,881 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:55,881 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 17:56:55,882 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:55,883 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:55,884 INFO L85 PathProgramCache]: Analyzing trace with hash 1444160713, now seen corresponding path program 1 times [2022-02-20 17:56:55,884 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:55,884 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1691822776] [2022-02-20 17:56:55,884 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:55,884 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:55,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:55,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:56:55,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:55,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:55,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:55,969 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12915#true} {12915#true} #1730#return; {12915#true} is VALID [2022-02-20 17:56:55,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:56:55,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:55,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:55,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:55,973 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12915#true} {12915#true} #1732#return; {12915#true} is VALID [2022-02-20 17:56:55,974 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:56:55,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:55,978 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:55,978 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:55,978 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12915#true} {12915#true} #1734#return; {12915#true} is VALID [2022-02-20 17:56:55,978 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:55,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:55,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:55,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:55,982 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12915#true} {12915#true} #1736#return; {12915#true} is VALID [2022-02-20 17:56:55,982 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:56:55,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:55,986 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:55,986 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:55,986 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12915#true} {12915#true} #1738#return; {12915#true} is VALID [2022-02-20 17:56:55,986 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:56:55,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:55,990 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:55,990 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:55,991 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12915#true} {12915#true} #1740#return; {12915#true} is VALID [2022-02-20 17:56:55,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:56:55,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:55,995 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:55,996 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:55,996 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12915#true} {12915#true} #1742#return; {12915#true} is VALID [2022-02-20 17:56:55,996 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:56:55,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,004 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12915#true} {12915#true} #1744#return; {12915#true} is VALID [2022-02-20 17:56:56,009 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:56:56,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:56,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,017 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12915#true} #1728#return; {12915#true} is VALID [2022-02-20 17:56:56,018 INFO L290 TraceCheckUtils]: 0: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12915#true} is VALID [2022-02-20 17:56:56,018 INFO L272 TraceCheckUtils]: 1: Hoare triple {12915#true} call setClientId(~bob___0, ~bob___0); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,018 INFO L290 TraceCheckUtils]: 2: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,018 INFO L290 TraceCheckUtils]: 3: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,018 INFO L290 TraceCheckUtils]: 4: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,019 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12915#true} {12915#true} #1728#return; {12915#true} is VALID [2022-02-20 17:56:56,019 INFO L290 TraceCheckUtils]: 6: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,019 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12915#true} {12916#false} #1750#return; {12916#false} is VALID [2022-02-20 17:56:56,019 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:56:56,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:56,024 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,030 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12915#true} #1680#return; {12915#true} is VALID [2022-02-20 17:56:56,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12915#true} is VALID [2022-02-20 17:56:56,031 INFO L272 TraceCheckUtils]: 1: Hoare triple {12915#true} call setClientId(~rjh___0, ~rjh___0); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,031 INFO L290 TraceCheckUtils]: 3: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,031 INFO L290 TraceCheckUtils]: 4: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,031 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12915#true} {12915#true} #1680#return; {12915#true} is VALID [2022-02-20 17:56:56,031 INFO L290 TraceCheckUtils]: 6: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,031 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12915#true} {12916#false} #1756#return; {12916#false} is VALID [2022-02-20 17:56:56,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:56:56,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:56:56,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,040 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12915#true} #1622#return; {12915#true} is VALID [2022-02-20 17:56:56,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12915#true} is VALID [2022-02-20 17:56:56,041 INFO L272 TraceCheckUtils]: 1: Hoare triple {12915#true} call setClientId(~chuck___0, ~chuck___0); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,041 INFO L290 TraceCheckUtils]: 2: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,041 INFO L290 TraceCheckUtils]: 3: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,041 INFO L290 TraceCheckUtils]: 4: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,041 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12915#true} {12915#true} #1622#return; {12915#true} is VALID [2022-02-20 17:56:56,041 INFO L290 TraceCheckUtils]: 6: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,042 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12915#true} {12916#false} #1762#return; {12916#false} is VALID [2022-02-20 17:56:56,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:56:56,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {13008#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,049 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12916#false} #1644#return; {12916#false} is VALID [2022-02-20 17:56:56,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:56:56,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {13009#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,058 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12916#false} #1646#return; {12916#false} is VALID [2022-02-20 17:56:56,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:56:56,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,060 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} ~handle := #in~handle;havoc ~retValue_acc~28; {12915#true} is VALID [2022-02-20 17:56:56,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~28; {12915#true} is VALID [2022-02-20 17:56:56,061 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,061 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12916#false} #1624#return; {12916#false} is VALID [2022-02-20 17:56:56,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:56:56,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,064 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} ~handle := #in~handle;havoc ~retValue_acc~13; {12915#true} is VALID [2022-02-20 17:56:56,064 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {12915#true} is VALID [2022-02-20 17:56:56,064 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,065 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12916#false} #1610#return; {12916#false} is VALID [2022-02-20 17:56:56,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:56:56,066 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,069 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {12915#true} is VALID [2022-02-20 17:56:56,070 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle; {12915#true} is VALID [2022-02-20 17:56:56,070 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {12915#true} is VALID [2022-02-20 17:56:56,070 INFO L290 TraceCheckUtils]: 3: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,070 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12915#true} {12916#false} #1612#return; {12916#false} is VALID [2022-02-20 17:56:56,070 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 17:56:56,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,077 INFO L290 TraceCheckUtils]: 0: Hoare triple {13008#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,077 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,077 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12916#false} #1656#return; {12916#false} is VALID [2022-02-20 17:56:56,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 148 [2022-02-20 17:56:56,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:56,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} ~handle := #in~handle;havoc ~retValue_acc~16; {12915#true} is VALID [2022-02-20 17:56:56,084 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {12915#true} is VALID [2022-02-20 17:56:56,084 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,084 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12915#true} {12916#false} #1660#return; {12916#false} is VALID [2022-02-20 17:56:56,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {12915#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L290 TraceCheckUtils]: 1: Hoare triple {12915#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L290 TraceCheckUtils]: 2: Hoare triple {12915#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L272 TraceCheckUtils]: 3: Hoare triple {12915#true} call select_features_#t~ret117#1 := select_one(); {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L290 TraceCheckUtils]: 4: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L290 TraceCheckUtils]: 5: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12915#true} {12915#true} #1730#return; {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L290 TraceCheckUtils]: 7: Hoare triple {12915#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L272 TraceCheckUtils]: 8: Hoare triple {12915#true} call select_features_#t~ret118#1 := select_one(); {12915#true} is VALID [2022-02-20 17:56:56,085 INFO L290 TraceCheckUtils]: 9: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L290 TraceCheckUtils]: 10: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {12915#true} {12915#true} #1732#return; {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L290 TraceCheckUtils]: 12: Hoare triple {12915#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L272 TraceCheckUtils]: 13: Hoare triple {12915#true} call select_features_#t~ret119#1 := select_one(); {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L290 TraceCheckUtils]: 14: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L290 TraceCheckUtils]: 15: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12915#true} {12915#true} #1734#return; {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L290 TraceCheckUtils]: 17: Hoare triple {12915#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L272 TraceCheckUtils]: 18: Hoare triple {12915#true} call select_features_#t~ret120#1 := select_one(); {12915#true} is VALID [2022-02-20 17:56:56,086 INFO L290 TraceCheckUtils]: 19: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L290 TraceCheckUtils]: 20: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12915#true} {12915#true} #1736#return; {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L290 TraceCheckUtils]: 22: Hoare triple {12915#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L272 TraceCheckUtils]: 23: Hoare triple {12915#true} call select_features_#t~ret121#1 := select_one(); {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L290 TraceCheckUtils]: 24: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L290 TraceCheckUtils]: 25: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {12915#true} {12915#true} #1738#return; {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L290 TraceCheckUtils]: 27: Hoare triple {12915#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {12915#true} is VALID [2022-02-20 17:56:56,087 INFO L272 TraceCheckUtils]: 28: Hoare triple {12915#true} call select_features_#t~ret122#1 := select_one(); {12915#true} is VALID [2022-02-20 17:56:56,088 INFO L290 TraceCheckUtils]: 29: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,088 INFO L290 TraceCheckUtils]: 30: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,098 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {12915#true} {12915#true} #1740#return; {12915#true} is VALID [2022-02-20 17:56:56,101 INFO L290 TraceCheckUtils]: 32: Hoare triple {12915#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {12915#true} is VALID [2022-02-20 17:56:56,101 INFO L272 TraceCheckUtils]: 33: Hoare triple {12915#true} call select_features_#t~ret123#1 := select_one(); {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L290 TraceCheckUtils]: 34: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L290 TraceCheckUtils]: 35: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12915#true} {12915#true} #1742#return; {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L290 TraceCheckUtils]: 37: Hoare triple {12915#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L272 TraceCheckUtils]: 38: Hoare triple {12915#true} call select_features_#t~ret124#1 := select_one(); {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L290 TraceCheckUtils]: 39: Hoare triple {12915#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L290 TraceCheckUtils]: 40: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12915#true} {12915#true} #1744#return; {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L290 TraceCheckUtils]: 42: Hoare triple {12915#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {12915#true} is VALID [2022-02-20 17:56:56,102 INFO L290 TraceCheckUtils]: 43: Hoare triple {12915#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {12915#true} is VALID [2022-02-20 17:56:56,103 INFO L290 TraceCheckUtils]: 44: Hoare triple {12915#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {12915#true} is VALID [2022-02-20 17:56:56,103 INFO L290 TraceCheckUtils]: 45: Hoare triple {12915#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {12941#(not (= ~__SELECTED_FEATURE_Decrypt~0 0))} is VALID [2022-02-20 17:56:56,103 INFO L290 TraceCheckUtils]: 46: Hoare triple {12941#(not (= ~__SELECTED_FEATURE_Decrypt~0 0))} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {12916#false} is VALID [2022-02-20 17:56:56,111 INFO L290 TraceCheckUtils]: 47: Hoare triple {12916#false} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {12916#false} is VALID [2022-02-20 17:56:56,111 INFO L290 TraceCheckUtils]: 48: Hoare triple {12916#false} assume 0 != ~__SELECTED_FEATURE_Keys~0; {12916#false} is VALID [2022-02-20 17:56:56,111 INFO L290 TraceCheckUtils]: 49: Hoare triple {12916#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12916#false} is VALID [2022-02-20 17:56:56,111 INFO L290 TraceCheckUtils]: 50: Hoare triple {12916#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {12916#false} is VALID [2022-02-20 17:56:56,112 INFO L290 TraceCheckUtils]: 51: Hoare triple {12916#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12916#false} is VALID [2022-02-20 17:56:56,112 INFO L290 TraceCheckUtils]: 52: Hoare triple {12916#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {12916#false} is VALID [2022-02-20 17:56:56,112 INFO L290 TraceCheckUtils]: 53: Hoare triple {12916#false} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {12916#false} is VALID [2022-02-20 17:56:56,112 INFO L290 TraceCheckUtils]: 54: Hoare triple {12916#false} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {12916#false} is VALID [2022-02-20 17:56:56,112 INFO L290 TraceCheckUtils]: 55: Hoare triple {12916#false} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {12916#false} is VALID [2022-02-20 17:56:56,112 INFO L290 TraceCheckUtils]: 56: Hoare triple {12916#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12916#false} is VALID [2022-02-20 17:56:56,112 INFO L272 TraceCheckUtils]: 57: Hoare triple {12916#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,112 INFO L290 TraceCheckUtils]: 58: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12915#true} is VALID [2022-02-20 17:56:56,113 INFO L272 TraceCheckUtils]: 59: Hoare triple {12915#true} call setClientId(~bob___0, ~bob___0); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,113 INFO L290 TraceCheckUtils]: 60: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,113 INFO L290 TraceCheckUtils]: 61: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,113 INFO L290 TraceCheckUtils]: 62: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,113 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12915#true} {12915#true} #1728#return; {12915#true} is VALID [2022-02-20 17:56:56,113 INFO L290 TraceCheckUtils]: 64: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,114 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {12915#true} {12916#false} #1750#return; {12916#false} is VALID [2022-02-20 17:56:56,114 INFO L290 TraceCheckUtils]: 66: Hoare triple {12916#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {12916#false} is VALID [2022-02-20 17:56:56,114 INFO L290 TraceCheckUtils]: 67: Hoare triple {12916#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12916#false} is VALID [2022-02-20 17:56:56,114 INFO L272 TraceCheckUtils]: 68: Hoare triple {12916#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,114 INFO L290 TraceCheckUtils]: 69: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12915#true} is VALID [2022-02-20 17:56:56,115 INFO L272 TraceCheckUtils]: 70: Hoare triple {12915#true} call setClientId(~rjh___0, ~rjh___0); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,115 INFO L290 TraceCheckUtils]: 71: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,115 INFO L290 TraceCheckUtils]: 72: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,115 INFO L290 TraceCheckUtils]: 73: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,115 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12915#true} {12915#true} #1680#return; {12915#true} is VALID [2022-02-20 17:56:56,115 INFO L290 TraceCheckUtils]: 75: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,115 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {12915#true} {12916#false} #1756#return; {12916#false} is VALID [2022-02-20 17:56:56,115 INFO L290 TraceCheckUtils]: 77: Hoare triple {12916#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {12916#false} is VALID [2022-02-20 17:56:56,115 INFO L290 TraceCheckUtils]: 78: Hoare triple {12916#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12916#false} is VALID [2022-02-20 17:56:56,115 INFO L272 TraceCheckUtils]: 79: Hoare triple {12916#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,116 INFO L290 TraceCheckUtils]: 80: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12915#true} is VALID [2022-02-20 17:56:56,116 INFO L272 TraceCheckUtils]: 81: Hoare triple {12915#true} call setClientId(~chuck___0, ~chuck___0); {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:56,116 INFO L290 TraceCheckUtils]: 82: Hoare triple {12995#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,116 INFO L290 TraceCheckUtils]: 83: Hoare triple {12915#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,116 INFO L290 TraceCheckUtils]: 84: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,117 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12915#true} {12915#true} #1622#return; {12915#true} is VALID [2022-02-20 17:56:56,117 INFO L290 TraceCheckUtils]: 86: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,117 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {12915#true} {12916#false} #1762#return; {12916#false} is VALID [2022-02-20 17:56:56,117 INFO L290 TraceCheckUtils]: 88: Hoare triple {12916#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {12916#false} is VALID [2022-02-20 17:56:56,117 INFO L290 TraceCheckUtils]: 89: Hoare triple {12916#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12916#false} is VALID [2022-02-20 17:56:56,117 INFO L290 TraceCheckUtils]: 90: Hoare triple {12916#false} assume !false; {12916#false} is VALID [2022-02-20 17:56:56,117 INFO L290 TraceCheckUtils]: 91: Hoare triple {12916#false} assume !(test_~splverifierCounter~0#1 < 4); {12916#false} is VALID [2022-02-20 17:56:56,117 INFO L290 TraceCheckUtils]: 92: Hoare triple {12916#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {12916#false} is VALID [2022-02-20 17:56:56,117 INFO L272 TraceCheckUtils]: 93: Hoare triple {12916#false} call sendEmail(~bob~0, ~rjh~0); {12916#false} is VALID [2022-02-20 17:56:56,117 INFO L290 TraceCheckUtils]: 94: Hoare triple {12916#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12916#false} is VALID [2022-02-20 17:56:56,118 INFO L272 TraceCheckUtils]: 95: Hoare triple {12916#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13008#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:56,118 INFO L290 TraceCheckUtils]: 96: Hoare triple {13008#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,118 INFO L290 TraceCheckUtils]: 97: Hoare triple {12915#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,118 INFO L290 TraceCheckUtils]: 98: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,118 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {12915#true} {12916#false} #1644#return; {12916#false} is VALID [2022-02-20 17:56:56,118 INFO L272 TraceCheckUtils]: 100: Hoare triple {12916#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13009#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:56,118 INFO L290 TraceCheckUtils]: 101: Hoare triple {13009#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,118 INFO L290 TraceCheckUtils]: 102: Hoare triple {12915#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,118 INFO L290 TraceCheckUtils]: 103: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,118 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {12915#true} {12916#false} #1646#return; {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L290 TraceCheckUtils]: 105: Hoare triple {12916#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L290 TraceCheckUtils]: 106: Hoare triple {12916#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L272 TraceCheckUtils]: 107: Hoare triple {12916#false} call outgoing(~sender#1, ~email~0#1); {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L290 TraceCheckUtils]: 108: Hoare triple {12916#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L290 TraceCheckUtils]: 109: Hoare triple {12916#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L272 TraceCheckUtils]: 110: Hoare triple {12916#false} call outgoing__before__Sign(~client#1, ~msg#1); {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L290 TraceCheckUtils]: 111: Hoare triple {12916#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L290 TraceCheckUtils]: 112: Hoare triple {12916#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret45#1, outgoing__role__AddressBook_#t~ret46#1, outgoing__role__AddressBook_#t~ret47#1, outgoing__role__AddressBook_#t~ret48#1, outgoing__role__AddressBook_#t~ret49#1, outgoing__role__AddressBook_#t~ret50#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~0#1, outgoing__role__AddressBook_~tmp~10#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~0#1;havoc outgoing__role__AddressBook_~tmp~10#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {12916#false} is VALID [2022-02-20 17:56:56,119 INFO L272 TraceCheckUtils]: 113: Hoare triple {12916#false} call outgoing__role__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {12915#true} is VALID [2022-02-20 17:56:56,120 INFO L290 TraceCheckUtils]: 114: Hoare triple {12915#true} ~handle := #in~handle;havoc ~retValue_acc~28; {12915#true} is VALID [2022-02-20 17:56:56,120 INFO L290 TraceCheckUtils]: 115: Hoare triple {12915#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~28; {12915#true} is VALID [2022-02-20 17:56:56,120 INFO L290 TraceCheckUtils]: 116: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,120 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {12915#true} {12916#false} #1624#return; {12916#false} is VALID [2022-02-20 17:56:56,120 INFO L290 TraceCheckUtils]: 118: Hoare triple {12916#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret45#1 && outgoing__role__AddressBook_#t~ret45#1 <= 2147483647;outgoing__role__AddressBook_~tmp~10#1 := outgoing__role__AddressBook_#t~ret45#1;havoc outgoing__role__AddressBook_#t~ret45#1;outgoing__role__AddressBook_~size~0#1 := outgoing__role__AddressBook_~tmp~10#1; {12916#false} is VALID [2022-02-20 17:56:56,120 INFO L290 TraceCheckUtils]: 119: Hoare triple {12916#false} assume !(0 != outgoing__role__AddressBook_~size~0#1); {12916#false} is VALID [2022-02-20 17:56:56,120 INFO L272 TraceCheckUtils]: 120: Hoare triple {12916#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {12916#false} is VALID [2022-02-20 17:56:56,120 INFO L290 TraceCheckUtils]: 121: Hoare triple {12916#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12916#false} is VALID [2022-02-20 17:56:56,120 INFO L290 TraceCheckUtils]: 122: Hoare triple {12916#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {12916#false} is VALID [2022-02-20 17:56:56,121 INFO L272 TraceCheckUtils]: 123: Hoare triple {12916#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {12915#true} is VALID [2022-02-20 17:56:56,121 INFO L290 TraceCheckUtils]: 124: Hoare triple {12915#true} ~handle := #in~handle;havoc ~retValue_acc~13; {12915#true} is VALID [2022-02-20 17:56:56,121 INFO L290 TraceCheckUtils]: 125: Hoare triple {12915#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {12915#true} is VALID [2022-02-20 17:56:56,121 INFO L290 TraceCheckUtils]: 126: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,121 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {12915#true} {12916#false} #1610#return; {12916#false} is VALID [2022-02-20 17:56:56,121 INFO L290 TraceCheckUtils]: 128: Hoare triple {12916#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {12916#false} is VALID [2022-02-20 17:56:56,121 INFO L272 TraceCheckUtils]: 129: Hoare triple {12916#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {12915#true} is VALID [2022-02-20 17:56:56,121 INFO L290 TraceCheckUtils]: 130: Hoare triple {12915#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {12915#true} is VALID [2022-02-20 17:56:56,121 INFO L290 TraceCheckUtils]: 131: Hoare triple {12915#true} assume 1 == ~handle; {12915#true} is VALID [2022-02-20 17:56:56,121 INFO L290 TraceCheckUtils]: 132: Hoare triple {12915#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {12915#true} is VALID [2022-02-20 17:56:56,122 INFO L290 TraceCheckUtils]: 133: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,125 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {12915#true} {12916#false} #1612#return; {12916#false} is VALID [2022-02-20 17:56:56,125 INFO L290 TraceCheckUtils]: 135: Hoare triple {12916#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {12916#false} is VALID [2022-02-20 17:56:56,125 INFO L290 TraceCheckUtils]: 136: Hoare triple {12916#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {12916#false} is VALID [2022-02-20 17:56:56,125 INFO L272 TraceCheckUtils]: 137: Hoare triple {12916#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {12916#false} is VALID [2022-02-20 17:56:56,126 INFO L290 TraceCheckUtils]: 138: Hoare triple {12916#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {12916#false} is VALID [2022-02-20 17:56:56,126 INFO L290 TraceCheckUtils]: 139: Hoare triple {12916#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {12916#false} is VALID [2022-02-20 17:56:56,126 INFO L290 TraceCheckUtils]: 140: Hoare triple {12916#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {12916#false} is VALID [2022-02-20 17:56:56,126 INFO L272 TraceCheckUtils]: 141: Hoare triple {12916#false} call setEmailFrom(~msg#1, ~tmp~8#1); {13008#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:56,126 INFO L290 TraceCheckUtils]: 142: Hoare triple {13008#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12915#true} is VALID [2022-02-20 17:56:56,126 INFO L290 TraceCheckUtils]: 143: Hoare triple {12915#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12915#true} is VALID [2022-02-20 17:56:56,126 INFO L290 TraceCheckUtils]: 144: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,126 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {12915#true} {12916#false} #1656#return; {12916#false} is VALID [2022-02-20 17:56:56,127 INFO L290 TraceCheckUtils]: 146: Hoare triple {12916#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {12916#false} is VALID [2022-02-20 17:56:56,127 INFO L290 TraceCheckUtils]: 147: Hoare triple {12916#false} assume !(-1 == ~mail_is_sensitive~0); {12916#false} is VALID [2022-02-20 17:56:56,127 INFO L272 TraceCheckUtils]: 148: Hoare triple {12916#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {12915#true} is VALID [2022-02-20 17:56:56,127 INFO L290 TraceCheckUtils]: 149: Hoare triple {12915#true} ~handle := #in~handle;havoc ~retValue_acc~16; {12915#true} is VALID [2022-02-20 17:56:56,127 INFO L290 TraceCheckUtils]: 150: Hoare triple {12915#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {12915#true} is VALID [2022-02-20 17:56:56,127 INFO L290 TraceCheckUtils]: 151: Hoare triple {12915#true} assume true; {12915#true} is VALID [2022-02-20 17:56:56,127 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {12915#true} {12916#false} #1660#return; {12916#false} is VALID [2022-02-20 17:56:56,127 INFO L290 TraceCheckUtils]: 153: Hoare triple {12916#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {12916#false} is VALID [2022-02-20 17:56:56,128 INFO L290 TraceCheckUtils]: 154: Hoare triple {12916#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {12916#false} is VALID [2022-02-20 17:56:56,128 INFO L290 TraceCheckUtils]: 155: Hoare triple {12916#false} assume !false; {12916#false} is VALID [2022-02-20 17:56:56,128 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:56:56,128 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:56,128 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1691822776] [2022-02-20 17:56:56,128 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1691822776] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:56,128 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:56,129 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:56:56,129 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [317333659] [2022-02-20 17:56:56,129 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:56,130 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 156 [2022-02-20 17:56:56,130 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:56,131 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:56:56,216 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 133 edges. 133 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:56,216 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:56:56,216 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:56,217 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:56:56,218 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:56:56,218 INFO L87 Difference]: Start difference. First operand 595 states and 870 transitions. Second operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:01,269 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:01,270 INFO L93 Difference]: Finished difference Result 1299 states and 1949 transitions. [2022-02-20 17:57:01,270 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:57:01,270 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 156 [2022-02-20 17:57:01,271 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:01,271 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:01,290 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1947 transitions. [2022-02-20 17:57:01,290 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:01,311 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1947 transitions. [2022-02-20 17:57:01,311 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1947 transitions. [2022-02-20 17:57:02,876 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1947 edges. 1947 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:02,905 INFO L225 Difference]: With dead ends: 1299 [2022-02-20 17:57:02,905 INFO L226 Difference]: Without dead ends: 734 [2022-02-20 17:57:02,906 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:57:02,911 INFO L933 BasicCegarLoop]: 872 mSDtfsCounter, 2054 mSDsluCounter, 679 mSDsCounter, 0 mSdLazyCounter, 495 mSolverCounterSat, 813 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2081 SdHoareTripleChecker+Valid, 1551 SdHoareTripleChecker+Invalid, 1308 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 813 IncrementalHoareTripleChecker+Valid, 495 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.9s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:02,912 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2081 Valid, 1551 Invalid, 1308 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [813 Valid, 495 Invalid, 0 Unknown, 0 Unchecked, 1.9s Time] [2022-02-20 17:57:02,914 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 734 states. [2022-02-20 17:57:02,931 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 734 to 594. [2022-02-20 17:57:02,932 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:02,933 INFO L82 GeneralOperation]: Start isEquivalent. First operand 734 states. Second operand has 594 states, 443 states have (on average 1.4785553047404063) internal successors, (655), 459 states have internal predecessors, (655), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:57:02,934 INFO L74 IsIncluded]: Start isIncluded. First operand 734 states. Second operand has 594 states, 443 states have (on average 1.4785553047404063) internal successors, (655), 459 states have internal predecessors, (655), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:57:02,935 INFO L87 Difference]: Start difference. First operand 734 states. Second operand has 594 states, 443 states have (on average 1.4785553047404063) internal successors, (655), 459 states have internal predecessors, (655), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:57:02,959 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:02,959 INFO L93 Difference]: Finished difference Result 734 states and 1097 transitions. [2022-02-20 17:57:02,959 INFO L276 IsEmpty]: Start isEmpty. Operand 734 states and 1097 transitions. [2022-02-20 17:57:02,961 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:02,961 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:02,963 INFO L74 IsIncluded]: Start isIncluded. First operand has 594 states, 443 states have (on average 1.4785553047404063) internal successors, (655), 459 states have internal predecessors, (655), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 734 states. [2022-02-20 17:57:02,964 INFO L87 Difference]: Start difference. First operand has 594 states, 443 states have (on average 1.4785553047404063) internal successors, (655), 459 states have internal predecessors, (655), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 734 states. [2022-02-20 17:57:02,989 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:02,990 INFO L93 Difference]: Finished difference Result 734 states and 1097 transitions. [2022-02-20 17:57:02,990 INFO L276 IsEmpty]: Start isEmpty. Operand 734 states and 1097 transitions. [2022-02-20 17:57:02,994 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:02,994 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:02,994 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:02,994 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:02,996 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 443 states have (on average 1.4785553047404063) internal successors, (655), 459 states have internal predecessors, (655), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:57:03,017 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 866 transitions. [2022-02-20 17:57:03,017 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 866 transitions. Word has length 156 [2022-02-20 17:57:03,017 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:03,017 INFO L470 AbstractCegarLoop]: Abstraction has 594 states and 866 transitions. [2022-02-20 17:57:03,018 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:03,018 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 866 transitions. [2022-02-20 17:57:03,019 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 158 [2022-02-20 17:57:03,020 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:03,020 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:03,020 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 17:57:03,020 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:03,020 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:03,020 INFO L85 PathProgramCache]: Analyzing trace with hash 213248250, now seen corresponding path program 1 times [2022-02-20 17:57:03,021 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:03,021 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [826233710] [2022-02-20 17:57:03,021 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:03,021 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:03,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,093 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:03,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,097 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,097 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,097 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17115#true} {17115#true} #1730#return; {17115#true} is VALID [2022-02-20 17:57:03,097 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:03,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,104 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,104 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,104 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17115#true} {17115#true} #1732#return; {17115#true} is VALID [2022-02-20 17:57:03,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:03,106 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,109 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17115#true} {17115#true} #1734#return; {17115#true} is VALID [2022-02-20 17:57:03,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:03,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,113 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17115#true} {17115#true} #1736#return; {17115#true} is VALID [2022-02-20 17:57:03,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:03,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,119 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,119 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,119 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17115#true} {17115#true} #1738#return; {17115#true} is VALID [2022-02-20 17:57:03,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:03,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,127 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17115#true} {17115#true} #1740#return; {17115#true} is VALID [2022-02-20 17:57:03,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:03,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,133 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,133 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17115#true} {17115#true} #1742#return; {17115#true} is VALID [2022-02-20 17:57:03,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:03,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,138 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,138 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17115#true} {17115#true} #1744#return; {17115#true} is VALID [2022-02-20 17:57:03,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:57:03,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,146 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:03,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,148 INFO L290 TraceCheckUtils]: 0: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,149 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,149 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,149 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17115#true} #1728#return; {17115#true} is VALID [2022-02-20 17:57:03,149 INFO L290 TraceCheckUtils]: 0: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17115#true} is VALID [2022-02-20 17:57:03,149 INFO L272 TraceCheckUtils]: 1: Hoare triple {17115#true} call setClientId(~bob___0, ~bob___0); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,150 INFO L290 TraceCheckUtils]: 3: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,150 INFO L290 TraceCheckUtils]: 4: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,150 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17115#true} {17115#true} #1728#return; {17115#true} is VALID [2022-02-20 17:57:03,150 INFO L290 TraceCheckUtils]: 6: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,150 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17115#true} {17116#false} #1750#return; {17116#false} is VALID [2022-02-20 17:57:03,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:57:03,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,155 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:03,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,158 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17115#true} #1680#return; {17115#true} is VALID [2022-02-20 17:57:03,159 INFO L290 TraceCheckUtils]: 0: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17115#true} is VALID [2022-02-20 17:57:03,159 INFO L272 TraceCheckUtils]: 1: Hoare triple {17115#true} call setClientId(~rjh___0, ~rjh___0); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,159 INFO L290 TraceCheckUtils]: 3: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,159 INFO L290 TraceCheckUtils]: 4: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,160 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17115#true} {17115#true} #1680#return; {17115#true} is VALID [2022-02-20 17:57:03,160 INFO L290 TraceCheckUtils]: 6: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,160 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17115#true} {17116#false} #1756#return; {17116#false} is VALID [2022-02-20 17:57:03,160 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:57:03,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:03,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,166 INFO L290 TraceCheckUtils]: 0: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,166 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,166 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,166 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17115#true} #1622#return; {17115#true} is VALID [2022-02-20 17:57:03,166 INFO L290 TraceCheckUtils]: 0: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17115#true} is VALID [2022-02-20 17:57:03,167 INFO L272 TraceCheckUtils]: 1: Hoare triple {17115#true} call setClientId(~chuck___0, ~chuck___0); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,167 INFO L290 TraceCheckUtils]: 2: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,167 INFO L290 TraceCheckUtils]: 3: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,167 INFO L290 TraceCheckUtils]: 4: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,167 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17115#true} {17115#true} #1622#return; {17115#true} is VALID [2022-02-20 17:57:03,167 INFO L290 TraceCheckUtils]: 6: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,168 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17115#true} {17116#false} #1762#return; {17116#false} is VALID [2022-02-20 17:57:03,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:57:03,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,174 INFO L290 TraceCheckUtils]: 0: Hoare triple {17208#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,175 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,175 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,175 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17116#false} #1644#return; {17116#false} is VALID [2022-02-20 17:57:03,179 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:57:03,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,182 INFO L290 TraceCheckUtils]: 0: Hoare triple {17209#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,182 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,182 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,182 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17116#false} #1646#return; {17116#false} is VALID [2022-02-20 17:57:03,182 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:57:03,183 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} ~handle := #in~handle;havoc ~retValue_acc~28; {17115#true} is VALID [2022-02-20 17:57:03,186 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~28; {17115#true} is VALID [2022-02-20 17:57:03,186 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,186 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17116#false} #1624#return; {17116#false} is VALID [2022-02-20 17:57:03,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:57:03,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,189 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} ~handle := #in~handle;havoc ~retValue_acc~13; {17115#true} is VALID [2022-02-20 17:57:03,189 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {17115#true} is VALID [2022-02-20 17:57:03,189 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,189 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17116#false} #1610#return; {17116#false} is VALID [2022-02-20 17:57:03,190 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 17:57:03,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,192 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {17115#true} is VALID [2022-02-20 17:57:03,192 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle; {17115#true} is VALID [2022-02-20 17:57:03,192 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {17115#true} is VALID [2022-02-20 17:57:03,192 INFO L290 TraceCheckUtils]: 3: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,192 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17115#true} {17116#false} #1612#return; {17116#false} is VALID [2022-02-20 17:57:03,193 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:57:03,193 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,195 INFO L290 TraceCheckUtils]: 0: Hoare triple {17208#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,195 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,195 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17116#false} #1656#return; {17116#false} is VALID [2022-02-20 17:57:03,195 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 17:57:03,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:03,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} ~handle := #in~handle;havoc ~retValue_acc~16; {17115#true} is VALID [2022-02-20 17:57:03,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {17115#true} is VALID [2022-02-20 17:57:03,199 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,199 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17115#true} {17116#false} #1660#return; {17116#false} is VALID [2022-02-20 17:57:03,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {17115#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {17115#true} is VALID [2022-02-20 17:57:03,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {17115#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {17115#true} is VALID [2022-02-20 17:57:03,199 INFO L290 TraceCheckUtils]: 2: Hoare triple {17115#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {17115#true} is VALID [2022-02-20 17:57:03,199 INFO L272 TraceCheckUtils]: 3: Hoare triple {17115#true} call select_features_#t~ret117#1 := select_one(); {17115#true} is VALID [2022-02-20 17:57:03,199 INFO L290 TraceCheckUtils]: 4: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L290 TraceCheckUtils]: 5: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {17115#true} {17115#true} #1730#return; {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L290 TraceCheckUtils]: 7: Hoare triple {17115#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L272 TraceCheckUtils]: 8: Hoare triple {17115#true} call select_features_#t~ret118#1 := select_one(); {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L290 TraceCheckUtils]: 9: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L290 TraceCheckUtils]: 10: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {17115#true} {17115#true} #1732#return; {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L290 TraceCheckUtils]: 12: Hoare triple {17115#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L272 TraceCheckUtils]: 13: Hoare triple {17115#true} call select_features_#t~ret119#1 := select_one(); {17115#true} is VALID [2022-02-20 17:57:03,200 INFO L290 TraceCheckUtils]: 14: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L290 TraceCheckUtils]: 15: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17115#true} {17115#true} #1734#return; {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L290 TraceCheckUtils]: 17: Hoare triple {17115#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L272 TraceCheckUtils]: 18: Hoare triple {17115#true} call select_features_#t~ret120#1 := select_one(); {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L290 TraceCheckUtils]: 19: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L290 TraceCheckUtils]: 20: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {17115#true} {17115#true} #1736#return; {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L290 TraceCheckUtils]: 22: Hoare triple {17115#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L272 TraceCheckUtils]: 23: Hoare triple {17115#true} call select_features_#t~ret121#1 := select_one(); {17115#true} is VALID [2022-02-20 17:57:03,201 INFO L290 TraceCheckUtils]: 24: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L290 TraceCheckUtils]: 25: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {17115#true} {17115#true} #1738#return; {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L290 TraceCheckUtils]: 27: Hoare triple {17115#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L272 TraceCheckUtils]: 28: Hoare triple {17115#true} call select_features_#t~ret122#1 := select_one(); {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L290 TraceCheckUtils]: 29: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L290 TraceCheckUtils]: 30: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {17115#true} {17115#true} #1740#return; {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L290 TraceCheckUtils]: 32: Hoare triple {17115#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {17115#true} is VALID [2022-02-20 17:57:03,202 INFO L272 TraceCheckUtils]: 33: Hoare triple {17115#true} call select_features_#t~ret123#1 := select_one(); {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L290 TraceCheckUtils]: 34: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L290 TraceCheckUtils]: 35: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17115#true} {17115#true} #1742#return; {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L290 TraceCheckUtils]: 37: Hoare triple {17115#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L272 TraceCheckUtils]: 38: Hoare triple {17115#true} call select_features_#t~ret124#1 := select_one(); {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L290 TraceCheckUtils]: 39: Hoare triple {17115#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L290 TraceCheckUtils]: 40: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {17115#true} {17115#true} #1744#return; {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L290 TraceCheckUtils]: 42: Hoare triple {17115#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {17115#true} is VALID [2022-02-20 17:57:03,203 INFO L290 TraceCheckUtils]: 43: Hoare triple {17115#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {17115#true} is VALID [2022-02-20 17:57:03,204 INFO L290 TraceCheckUtils]: 44: Hoare triple {17115#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {17115#true} is VALID [2022-02-20 17:57:03,204 INFO L290 TraceCheckUtils]: 45: Hoare triple {17115#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {17115#true} is VALID [2022-02-20 17:57:03,204 INFO L290 TraceCheckUtils]: 46: Hoare triple {17115#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {17115#true} is VALID [2022-02-20 17:57:03,204 INFO L290 TraceCheckUtils]: 47: Hoare triple {17115#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {17115#true} is VALID [2022-02-20 17:57:03,204 INFO L290 TraceCheckUtils]: 48: Hoare triple {17115#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {17115#true} is VALID [2022-02-20 17:57:03,204 INFO L290 TraceCheckUtils]: 49: Hoare triple {17115#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:57:03,205 INFO L290 TraceCheckUtils]: 50: Hoare triple {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:57:03,205 INFO L290 TraceCheckUtils]: 51: Hoare triple {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Verify~0; {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:57:03,205 INFO L290 TraceCheckUtils]: 52: Hoare triple {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:57:03,205 INFO L290 TraceCheckUtils]: 53: Hoare triple {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:57:03,206 INFO L290 TraceCheckUtils]: 54: Hoare triple {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:57:03,206 INFO L290 TraceCheckUtils]: 55: Hoare triple {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:57:03,206 INFO L290 TraceCheckUtils]: 56: Hoare triple {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:57:03,206 INFO L290 TraceCheckUtils]: 57: Hoare triple {17141#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17116#false} is VALID [2022-02-20 17:57:03,206 INFO L272 TraceCheckUtils]: 58: Hoare triple {17116#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,207 INFO L290 TraceCheckUtils]: 59: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17115#true} is VALID [2022-02-20 17:57:03,207 INFO L272 TraceCheckUtils]: 60: Hoare triple {17115#true} call setClientId(~bob___0, ~bob___0); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,207 INFO L290 TraceCheckUtils]: 61: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,207 INFO L290 TraceCheckUtils]: 62: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,207 INFO L290 TraceCheckUtils]: 63: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,208 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {17115#true} {17115#true} #1728#return; {17115#true} is VALID [2022-02-20 17:57:03,208 INFO L290 TraceCheckUtils]: 65: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,208 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {17115#true} {17116#false} #1750#return; {17116#false} is VALID [2022-02-20 17:57:03,208 INFO L290 TraceCheckUtils]: 67: Hoare triple {17116#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {17116#false} is VALID [2022-02-20 17:57:03,208 INFO L290 TraceCheckUtils]: 68: Hoare triple {17116#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17116#false} is VALID [2022-02-20 17:57:03,208 INFO L272 TraceCheckUtils]: 69: Hoare triple {17116#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,208 INFO L290 TraceCheckUtils]: 70: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17115#true} is VALID [2022-02-20 17:57:03,209 INFO L272 TraceCheckUtils]: 71: Hoare triple {17115#true} call setClientId(~rjh___0, ~rjh___0); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,209 INFO L290 TraceCheckUtils]: 72: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,209 INFO L290 TraceCheckUtils]: 73: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,209 INFO L290 TraceCheckUtils]: 74: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,209 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {17115#true} {17115#true} #1680#return; {17115#true} is VALID [2022-02-20 17:57:03,209 INFO L290 TraceCheckUtils]: 76: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,209 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {17115#true} {17116#false} #1756#return; {17116#false} is VALID [2022-02-20 17:57:03,209 INFO L290 TraceCheckUtils]: 78: Hoare triple {17116#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {17116#false} is VALID [2022-02-20 17:57:03,209 INFO L290 TraceCheckUtils]: 79: Hoare triple {17116#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17116#false} is VALID [2022-02-20 17:57:03,210 INFO L272 TraceCheckUtils]: 80: Hoare triple {17116#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,210 INFO L290 TraceCheckUtils]: 81: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17115#true} is VALID [2022-02-20 17:57:03,210 INFO L272 TraceCheckUtils]: 82: Hoare triple {17115#true} call setClientId(~chuck___0, ~chuck___0); {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:03,210 INFO L290 TraceCheckUtils]: 83: Hoare triple {17195#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,210 INFO L290 TraceCheckUtils]: 84: Hoare triple {17115#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,210 INFO L290 TraceCheckUtils]: 85: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,211 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {17115#true} {17115#true} #1622#return; {17115#true} is VALID [2022-02-20 17:57:03,211 INFO L290 TraceCheckUtils]: 87: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,211 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {17115#true} {17116#false} #1762#return; {17116#false} is VALID [2022-02-20 17:57:03,211 INFO L290 TraceCheckUtils]: 89: Hoare triple {17116#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {17116#false} is VALID [2022-02-20 17:57:03,211 INFO L290 TraceCheckUtils]: 90: Hoare triple {17116#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17116#false} is VALID [2022-02-20 17:57:03,211 INFO L290 TraceCheckUtils]: 91: Hoare triple {17116#false} assume !false; {17116#false} is VALID [2022-02-20 17:57:03,211 INFO L290 TraceCheckUtils]: 92: Hoare triple {17116#false} assume !(test_~splverifierCounter~0#1 < 4); {17116#false} is VALID [2022-02-20 17:57:03,211 INFO L290 TraceCheckUtils]: 93: Hoare triple {17116#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {17116#false} is VALID [2022-02-20 17:57:03,211 INFO L272 TraceCheckUtils]: 94: Hoare triple {17116#false} call sendEmail(~bob~0, ~rjh~0); {17116#false} is VALID [2022-02-20 17:57:03,212 INFO L290 TraceCheckUtils]: 95: Hoare triple {17116#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17116#false} is VALID [2022-02-20 17:57:03,212 INFO L272 TraceCheckUtils]: 96: Hoare triple {17116#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17208#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:03,212 INFO L290 TraceCheckUtils]: 97: Hoare triple {17208#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,212 INFO L290 TraceCheckUtils]: 98: Hoare triple {17115#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,212 INFO L290 TraceCheckUtils]: 99: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,212 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {17115#true} {17116#false} #1644#return; {17116#false} is VALID [2022-02-20 17:57:03,212 INFO L272 TraceCheckUtils]: 101: Hoare triple {17116#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17209#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:03,212 INFO L290 TraceCheckUtils]: 102: Hoare triple {17209#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,212 INFO L290 TraceCheckUtils]: 103: Hoare triple {17115#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,212 INFO L290 TraceCheckUtils]: 104: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,213 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {17115#true} {17116#false} #1646#return; {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L290 TraceCheckUtils]: 106: Hoare triple {17116#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L290 TraceCheckUtils]: 107: Hoare triple {17116#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L272 TraceCheckUtils]: 108: Hoare triple {17116#false} call outgoing(~sender#1, ~email~0#1); {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L290 TraceCheckUtils]: 109: Hoare triple {17116#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L290 TraceCheckUtils]: 110: Hoare triple {17116#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L272 TraceCheckUtils]: 111: Hoare triple {17116#false} call outgoing__before__Sign(~client#1, ~msg#1); {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L290 TraceCheckUtils]: 112: Hoare triple {17116#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L290 TraceCheckUtils]: 113: Hoare triple {17116#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret45#1, outgoing__role__AddressBook_#t~ret46#1, outgoing__role__AddressBook_#t~ret47#1, outgoing__role__AddressBook_#t~ret48#1, outgoing__role__AddressBook_#t~ret49#1, outgoing__role__AddressBook_#t~ret50#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~0#1, outgoing__role__AddressBook_~tmp~10#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~0#1;havoc outgoing__role__AddressBook_~tmp~10#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {17116#false} is VALID [2022-02-20 17:57:03,213 INFO L272 TraceCheckUtils]: 114: Hoare triple {17116#false} call outgoing__role__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {17115#true} is VALID [2022-02-20 17:57:03,214 INFO L290 TraceCheckUtils]: 115: Hoare triple {17115#true} ~handle := #in~handle;havoc ~retValue_acc~28; {17115#true} is VALID [2022-02-20 17:57:03,214 INFO L290 TraceCheckUtils]: 116: Hoare triple {17115#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~28; {17115#true} is VALID [2022-02-20 17:57:03,214 INFO L290 TraceCheckUtils]: 117: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,214 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {17115#true} {17116#false} #1624#return; {17116#false} is VALID [2022-02-20 17:57:03,214 INFO L290 TraceCheckUtils]: 119: Hoare triple {17116#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret45#1 && outgoing__role__AddressBook_#t~ret45#1 <= 2147483647;outgoing__role__AddressBook_~tmp~10#1 := outgoing__role__AddressBook_#t~ret45#1;havoc outgoing__role__AddressBook_#t~ret45#1;outgoing__role__AddressBook_~size~0#1 := outgoing__role__AddressBook_~tmp~10#1; {17116#false} is VALID [2022-02-20 17:57:03,214 INFO L290 TraceCheckUtils]: 120: Hoare triple {17116#false} assume !(0 != outgoing__role__AddressBook_~size~0#1); {17116#false} is VALID [2022-02-20 17:57:03,214 INFO L272 TraceCheckUtils]: 121: Hoare triple {17116#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {17116#false} is VALID [2022-02-20 17:57:03,214 INFO L290 TraceCheckUtils]: 122: Hoare triple {17116#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17116#false} is VALID [2022-02-20 17:57:03,214 INFO L290 TraceCheckUtils]: 123: Hoare triple {17116#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {17116#false} is VALID [2022-02-20 17:57:03,214 INFO L272 TraceCheckUtils]: 124: Hoare triple {17116#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {17115#true} is VALID [2022-02-20 17:57:03,215 INFO L290 TraceCheckUtils]: 125: Hoare triple {17115#true} ~handle := #in~handle;havoc ~retValue_acc~13; {17115#true} is VALID [2022-02-20 17:57:03,215 INFO L290 TraceCheckUtils]: 126: Hoare triple {17115#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {17115#true} is VALID [2022-02-20 17:57:03,215 INFO L290 TraceCheckUtils]: 127: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,215 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {17115#true} {17116#false} #1610#return; {17116#false} is VALID [2022-02-20 17:57:03,215 INFO L290 TraceCheckUtils]: 129: Hoare triple {17116#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {17116#false} is VALID [2022-02-20 17:57:03,215 INFO L272 TraceCheckUtils]: 130: Hoare triple {17116#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {17115#true} is VALID [2022-02-20 17:57:03,215 INFO L290 TraceCheckUtils]: 131: Hoare triple {17115#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {17115#true} is VALID [2022-02-20 17:57:03,215 INFO L290 TraceCheckUtils]: 132: Hoare triple {17115#true} assume 1 == ~handle; {17115#true} is VALID [2022-02-20 17:57:03,215 INFO L290 TraceCheckUtils]: 133: Hoare triple {17115#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {17115#true} is VALID [2022-02-20 17:57:03,216 INFO L290 TraceCheckUtils]: 134: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,216 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {17115#true} {17116#false} #1612#return; {17116#false} is VALID [2022-02-20 17:57:03,216 INFO L290 TraceCheckUtils]: 136: Hoare triple {17116#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {17116#false} is VALID [2022-02-20 17:57:03,216 INFO L290 TraceCheckUtils]: 137: Hoare triple {17116#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {17116#false} is VALID [2022-02-20 17:57:03,216 INFO L272 TraceCheckUtils]: 138: Hoare triple {17116#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {17116#false} is VALID [2022-02-20 17:57:03,216 INFO L290 TraceCheckUtils]: 139: Hoare triple {17116#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {17116#false} is VALID [2022-02-20 17:57:03,216 INFO L290 TraceCheckUtils]: 140: Hoare triple {17116#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {17116#false} is VALID [2022-02-20 17:57:03,216 INFO L290 TraceCheckUtils]: 141: Hoare triple {17116#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {17116#false} is VALID [2022-02-20 17:57:03,216 INFO L272 TraceCheckUtils]: 142: Hoare triple {17116#false} call setEmailFrom(~msg#1, ~tmp~8#1); {17208#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:03,217 INFO L290 TraceCheckUtils]: 143: Hoare triple {17208#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17115#true} is VALID [2022-02-20 17:57:03,217 INFO L290 TraceCheckUtils]: 144: Hoare triple {17115#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17115#true} is VALID [2022-02-20 17:57:03,217 INFO L290 TraceCheckUtils]: 145: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,217 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {17115#true} {17116#false} #1656#return; {17116#false} is VALID [2022-02-20 17:57:03,217 INFO L290 TraceCheckUtils]: 147: Hoare triple {17116#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {17116#false} is VALID [2022-02-20 17:57:03,217 INFO L290 TraceCheckUtils]: 148: Hoare triple {17116#false} assume !(-1 == ~mail_is_sensitive~0); {17116#false} is VALID [2022-02-20 17:57:03,217 INFO L272 TraceCheckUtils]: 149: Hoare triple {17116#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {17115#true} is VALID [2022-02-20 17:57:03,217 INFO L290 TraceCheckUtils]: 150: Hoare triple {17115#true} ~handle := #in~handle;havoc ~retValue_acc~16; {17115#true} is VALID [2022-02-20 17:57:03,217 INFO L290 TraceCheckUtils]: 151: Hoare triple {17115#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {17115#true} is VALID [2022-02-20 17:57:03,217 INFO L290 TraceCheckUtils]: 152: Hoare triple {17115#true} assume true; {17115#true} is VALID [2022-02-20 17:57:03,218 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {17115#true} {17116#false} #1660#return; {17116#false} is VALID [2022-02-20 17:57:03,218 INFO L290 TraceCheckUtils]: 154: Hoare triple {17116#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {17116#false} is VALID [2022-02-20 17:57:03,218 INFO L290 TraceCheckUtils]: 155: Hoare triple {17116#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {17116#false} is VALID [2022-02-20 17:57:03,218 INFO L290 TraceCheckUtils]: 156: Hoare triple {17116#false} assume !false; {17116#false} is VALID [2022-02-20 17:57:03,218 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:57:03,218 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:03,218 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [826233710] [2022-02-20 17:57:03,219 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [826233710] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:03,219 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:57:03,219 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:57:03,219 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [122022921] [2022-02-20 17:57:03,219 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:03,220 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 157 [2022-02-20 17:57:03,220 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:03,220 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:03,290 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 134 edges. 134 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:03,291 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:57:03,291 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:03,291 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:57:03,291 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:57:03,292 INFO L87 Difference]: Start difference. First operand 594 states and 866 transitions. Second operand has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:06,828 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:06,828 INFO L93 Difference]: Finished difference Result 1279 states and 1896 transitions. [2022-02-20 17:57:06,828 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:57:06,829 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 157 [2022-02-20 17:57:06,829 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:06,830 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:06,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1894 transitions. [2022-02-20 17:57:06,872 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:06,892 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1894 transitions. [2022-02-20 17:57:06,893 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1894 transitions. [2022-02-20 17:57:07,885 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1894 edges. 1894 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:07,926 INFO L225 Difference]: With dead ends: 1279 [2022-02-20 17:57:07,927 INFO L226 Difference]: Without dead ends: 731 [2022-02-20 17:57:07,928 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:57:07,929 INFO L933 BasicCegarLoop]: 853 mSDtfsCounter, 2004 mSDsluCounter, 617 mSDsCounter, 0 mSdLazyCounter, 516 mSolverCounterSat, 819 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2028 SdHoareTripleChecker+Valid, 1470 SdHoareTripleChecker+Invalid, 1335 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 819 IncrementalHoareTripleChecker+Valid, 516 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:07,930 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2028 Valid, 1470 Invalid, 1335 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [819 Valid, 516 Invalid, 0 Unknown, 0 Unchecked, 1.3s Time] [2022-02-20 17:57:07,930 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 731 states. [2022-02-20 17:57:07,975 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 731 to 591. [2022-02-20 17:57:07,975 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:07,977 INFO L82 GeneralOperation]: Start isEquivalent. First operand 731 states. Second operand has 591 states, 443 states have (on average 1.4537246049661399) internal successors, (644), 454 states have internal predecessors, (644), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 17:57:07,978 INFO L74 IsIncluded]: Start isIncluded. First operand 731 states. Second operand has 591 states, 443 states have (on average 1.4537246049661399) internal successors, (644), 454 states have internal predecessors, (644), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 17:57:07,990 INFO L87 Difference]: Start difference. First operand 731 states. Second operand has 591 states, 443 states have (on average 1.4537246049661399) internal successors, (644), 454 states have internal predecessors, (644), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 17:57:08,023 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:08,026 INFO L93 Difference]: Finished difference Result 731 states and 1077 transitions. [2022-02-20 17:57:08,026 INFO L276 IsEmpty]: Start isEmpty. Operand 731 states and 1077 transitions. [2022-02-20 17:57:08,029 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:08,029 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:08,030 INFO L74 IsIncluded]: Start isIncluded. First operand has 591 states, 443 states have (on average 1.4537246049661399) internal successors, (644), 454 states have internal predecessors, (644), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 731 states. [2022-02-20 17:57:08,032 INFO L87 Difference]: Start difference. First operand has 591 states, 443 states have (on average 1.4537246049661399) internal successors, (644), 454 states have internal predecessors, (644), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 731 states. [2022-02-20 17:57:08,053 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:08,053 INFO L93 Difference]: Finished difference Result 731 states and 1077 transitions. [2022-02-20 17:57:08,053 INFO L276 IsEmpty]: Start isEmpty. Operand 731 states and 1077 transitions. [2022-02-20 17:57:08,055 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:08,055 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:08,055 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:08,055 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:08,056 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 591 states, 443 states have (on average 1.4537246049661399) internal successors, (644), 454 states have internal predecessors, (644), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 17:57:08,075 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 591 states to 591 states and 849 transitions. [2022-02-20 17:57:08,076 INFO L78 Accepts]: Start accepts. Automaton has 591 states and 849 transitions. Word has length 157 [2022-02-20 17:57:08,076 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:08,076 INFO L470 AbstractCegarLoop]: Abstraction has 591 states and 849 transitions. [2022-02-20 17:57:08,076 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.5) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:08,077 INFO L276 IsEmpty]: Start isEmpty. Operand 591 states and 849 transitions. [2022-02-20 17:57:08,078 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 169 [2022-02-20 17:57:08,079 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:08,079 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:08,079 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 17:57:08,079 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:08,079 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:08,079 INFO L85 PathProgramCache]: Analyzing trace with hash -2040504776, now seen corresponding path program 1 times [2022-02-20 17:57:08,079 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:08,080 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1933148420] [2022-02-20 17:57:08,080 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:08,080 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:08,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:08,166 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,168 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21270#true} {21270#true} #1730#return; {21270#true} is VALID [2022-02-20 17:57:08,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:08,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,170 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,171 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,171 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21270#true} {21270#true} #1732#return; {21270#true} is VALID [2022-02-20 17:57:08,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:08,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,173 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,173 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21270#true} {21270#true} #1734#return; {21270#true} is VALID [2022-02-20 17:57:08,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:08,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,177 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,177 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,177 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21270#true} {21270#true} #1736#return; {21270#true} is VALID [2022-02-20 17:57:08,177 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:08,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,180 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21270#true} {21270#true} #1738#return; {21270#true} is VALID [2022-02-20 17:57:08,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:08,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,183 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,183 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21270#true} {21270#true} #1740#return; {21270#true} is VALID [2022-02-20 17:57:08,183 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:08,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,186 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,186 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,186 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21270#true} {21270#true} #1742#return; {21270#true} is VALID [2022-02-20 17:57:08,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:08,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,189 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,189 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,189 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21270#true} {21270#true} #1744#return; {21270#true} is VALID [2022-02-20 17:57:08,194 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:57:08,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:08,198 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,200 INFO L290 TraceCheckUtils]: 0: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,200 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,200 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,201 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21270#true} #1728#return; {21270#true} is VALID [2022-02-20 17:57:08,201 INFO L290 TraceCheckUtils]: 0: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21270#true} is VALID [2022-02-20 17:57:08,201 INFO L272 TraceCheckUtils]: 1: Hoare triple {21270#true} call setClientId(~bob___0, ~bob___0); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,201 INFO L290 TraceCheckUtils]: 2: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,202 INFO L290 TraceCheckUtils]: 3: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,202 INFO L290 TraceCheckUtils]: 4: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,202 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21270#true} {21270#true} #1728#return; {21270#true} is VALID [2022-02-20 17:57:08,202 INFO L290 TraceCheckUtils]: 6: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,202 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21270#true} {21270#true} #1746#return; {21270#true} is VALID [2022-02-20 17:57:08,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:57:08,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,211 INFO L290 TraceCheckUtils]: 0: Hoare triple {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,212 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21270#true} #1748#return; {21270#true} is VALID [2022-02-20 17:57:08,212 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:57:08,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:08,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,249 INFO L290 TraceCheckUtils]: 0: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21371#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:08,249 INFO L290 TraceCheckUtils]: 1: Hoare triple {21371#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21372#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:08,249 INFO L290 TraceCheckUtils]: 2: Hoare triple {21372#(= |setClientId_#in~handle| 1)} assume true; {21372#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:08,250 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21372#(= |setClientId_#in~handle| 1)} {21365#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:08,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21365#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:08,251 INFO L272 TraceCheckUtils]: 1: Hoare triple {21365#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,251 INFO L290 TraceCheckUtils]: 2: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21371#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:08,251 INFO L290 TraceCheckUtils]: 3: Hoare triple {21371#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21372#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:08,252 INFO L290 TraceCheckUtils]: 4: Hoare triple {21372#(= |setClientId_#in~handle| 1)} assume true; {21372#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:08,252 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21372#(= |setClientId_#in~handle| 1)} {21365#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:08,252 INFO L290 TraceCheckUtils]: 6: Hoare triple {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:08,253 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21309#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1752#return; {21271#false} is VALID [2022-02-20 17:57:08,253 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:57:08,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,256 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21271#false} #1754#return; {21271#false} is VALID [2022-02-20 17:57:08,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:57:08,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,259 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:08,260 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,264 INFO L290 TraceCheckUtils]: 0: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,264 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,264 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,264 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21270#true} #1622#return; {21270#true} is VALID [2022-02-20 17:57:08,265 INFO L290 TraceCheckUtils]: 0: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21270#true} is VALID [2022-02-20 17:57:08,265 INFO L272 TraceCheckUtils]: 1: Hoare triple {21270#true} call setClientId(~chuck___0, ~chuck___0); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,265 INFO L290 TraceCheckUtils]: 3: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,265 INFO L290 TraceCheckUtils]: 4: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,266 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21270#true} {21270#true} #1622#return; {21270#true} is VALID [2022-02-20 17:57:08,266 INFO L290 TraceCheckUtils]: 6: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,266 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21270#true} {21271#false} #1758#return; {21271#false} is VALID [2022-02-20 17:57:08,266 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:57:08,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,269 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21271#false} #1760#return; {21271#false} is VALID [2022-02-20 17:57:08,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:57:08,278 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {21377#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,280 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,280 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,280 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21271#false} #1644#return; {21271#false} is VALID [2022-02-20 17:57:08,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:57:08,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,291 INFO L290 TraceCheckUtils]: 0: Hoare triple {21378#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,291 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,292 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,292 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21271#false} #1646#return; {21271#false} is VALID [2022-02-20 17:57:08,292 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 17:57:08,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} ~handle := #in~handle;havoc ~retValue_acc~13; {21270#true} is VALID [2022-02-20 17:57:08,298 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {21270#true} is VALID [2022-02-20 17:57:08,298 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,298 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21271#false} #1610#return; {21271#false} is VALID [2022-02-20 17:57:08,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 17:57:08,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,305 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {21270#true} is VALID [2022-02-20 17:57:08,305 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle; {21270#true} is VALID [2022-02-20 17:57:08,305 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {21270#true} is VALID [2022-02-20 17:57:08,305 INFO L290 TraceCheckUtils]: 3: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,305 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21270#true} {21271#false} #1612#return; {21271#false} is VALID [2022-02-20 17:57:08,305 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 17:57:08,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,310 INFO L290 TraceCheckUtils]: 0: Hoare triple {21377#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,310 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,310 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,310 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21271#false} #1656#return; {21271#false} is VALID [2022-02-20 17:57:08,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-02-20 17:57:08,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,313 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} ~handle := #in~handle;havoc ~retValue_acc~16; {21270#true} is VALID [2022-02-20 17:57:08,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {21270#true} is VALID [2022-02-20 17:57:08,314 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,314 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21270#true} {21271#false} #1660#return; {21271#false} is VALID [2022-02-20 17:57:08,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {21270#true} is VALID [2022-02-20 17:57:08,314 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21270#true} is VALID [2022-02-20 17:57:08,314 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {21270#true} is VALID [2022-02-20 17:57:08,314 INFO L272 TraceCheckUtils]: 3: Hoare triple {21270#true} call select_features_#t~ret117#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:08,314 INFO L290 TraceCheckUtils]: 4: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,314 INFO L290 TraceCheckUtils]: 5: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21270#true} {21270#true} #1730#return; {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L290 TraceCheckUtils]: 7: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L272 TraceCheckUtils]: 8: Hoare triple {21270#true} call select_features_#t~ret118#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L290 TraceCheckUtils]: 9: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L290 TraceCheckUtils]: 10: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21270#true} {21270#true} #1732#return; {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L290 TraceCheckUtils]: 12: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L272 TraceCheckUtils]: 13: Hoare triple {21270#true} call select_features_#t~ret119#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L290 TraceCheckUtils]: 14: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,315 INFO L290 TraceCheckUtils]: 15: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21270#true} {21270#true} #1734#return; {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L290 TraceCheckUtils]: 17: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L272 TraceCheckUtils]: 18: Hoare triple {21270#true} call select_features_#t~ret120#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L290 TraceCheckUtils]: 19: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L290 TraceCheckUtils]: 20: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21270#true} {21270#true} #1736#return; {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L290 TraceCheckUtils]: 22: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L272 TraceCheckUtils]: 23: Hoare triple {21270#true} call select_features_#t~ret121#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:08,316 INFO L290 TraceCheckUtils]: 24: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L290 TraceCheckUtils]: 25: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21270#true} {21270#true} #1738#return; {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L290 TraceCheckUtils]: 27: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L272 TraceCheckUtils]: 28: Hoare triple {21270#true} call select_features_#t~ret122#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L290 TraceCheckUtils]: 29: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L290 TraceCheckUtils]: 30: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21270#true} {21270#true} #1740#return; {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L290 TraceCheckUtils]: 32: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L272 TraceCheckUtils]: 33: Hoare triple {21270#true} call select_features_#t~ret123#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:08,317 INFO L290 TraceCheckUtils]: 34: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L290 TraceCheckUtils]: 35: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21270#true} {21270#true} #1742#return; {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L290 TraceCheckUtils]: 37: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L272 TraceCheckUtils]: 38: Hoare triple {21270#true} call select_features_#t~ret124#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L290 TraceCheckUtils]: 39: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L290 TraceCheckUtils]: 40: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21270#true} {21270#true} #1744#return; {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L290 TraceCheckUtils]: 42: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {21270#true} is VALID [2022-02-20 17:57:08,318 INFO L290 TraceCheckUtils]: 43: Hoare triple {21270#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 44: Hoare triple {21270#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 45: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 46: Hoare triple {21270#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 47: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 48: Hoare triple {21270#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 49: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 50: Hoare triple {21270#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 51: Hoare triple {21270#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 52: Hoare triple {21270#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21270#true} is VALID [2022-02-20 17:57:08,319 INFO L290 TraceCheckUtils]: 53: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {21270#true} is VALID [2022-02-20 17:57:08,320 INFO L290 TraceCheckUtils]: 54: Hoare triple {21270#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {21270#true} is VALID [2022-02-20 17:57:08,320 INFO L290 TraceCheckUtils]: 55: Hoare triple {21270#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {21270#true} is VALID [2022-02-20 17:57:08,320 INFO L290 TraceCheckUtils]: 56: Hoare triple {21270#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21270#true} is VALID [2022-02-20 17:57:08,320 INFO L290 TraceCheckUtils]: 57: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21270#true} is VALID [2022-02-20 17:57:08,321 INFO L272 TraceCheckUtils]: 58: Hoare triple {21270#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,321 INFO L290 TraceCheckUtils]: 59: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21270#true} is VALID [2022-02-20 17:57:08,321 INFO L272 TraceCheckUtils]: 60: Hoare triple {21270#true} call setClientId(~bob___0, ~bob___0); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,321 INFO L290 TraceCheckUtils]: 61: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,321 INFO L290 TraceCheckUtils]: 62: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,322 INFO L290 TraceCheckUtils]: 63: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,322 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21270#true} {21270#true} #1728#return; {21270#true} is VALID [2022-02-20 17:57:08,322 INFO L290 TraceCheckUtils]: 65: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,322 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21270#true} {21270#true} #1746#return; {21270#true} is VALID [2022-02-20 17:57:08,323 INFO L272 TraceCheckUtils]: 67: Hoare triple {21270#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:08,323 INFO L290 TraceCheckUtils]: 68: Hoare triple {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,323 INFO L290 TraceCheckUtils]: 69: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,323 INFO L290 TraceCheckUtils]: 70: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,323 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21270#true} {21270#true} #1748#return; {21270#true} is VALID [2022-02-20 17:57:08,323 INFO L290 TraceCheckUtils]: 72: Hoare triple {21270#true} assume { :end_inline_setup_bob__role__Keys } true; {21270#true} is VALID [2022-02-20 17:57:08,324 INFO L290 TraceCheckUtils]: 73: Hoare triple {21270#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21308#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:57:08,324 INFO L290 TraceCheckUtils]: 74: Hoare triple {21308#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21309#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:57:08,324 INFO L272 TraceCheckUtils]: 75: Hoare triple {21309#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,325 INFO L290 TraceCheckUtils]: 76: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21365#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:08,325 INFO L272 TraceCheckUtils]: 77: Hoare triple {21365#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,326 INFO L290 TraceCheckUtils]: 78: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21371#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:08,326 INFO L290 TraceCheckUtils]: 79: Hoare triple {21371#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21372#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:08,326 INFO L290 TraceCheckUtils]: 80: Hoare triple {21372#(= |setClientId_#in~handle| 1)} assume true; {21372#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:08,327 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21372#(= |setClientId_#in~handle| 1)} {21365#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:08,327 INFO L290 TraceCheckUtils]: 82: Hoare triple {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:08,327 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21370#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21309#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1752#return; {21271#false} is VALID [2022-02-20 17:57:08,327 INFO L272 TraceCheckUtils]: 84: Hoare triple {21271#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:08,327 INFO L290 TraceCheckUtils]: 85: Hoare triple {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,328 INFO L290 TraceCheckUtils]: 86: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,328 INFO L290 TraceCheckUtils]: 87: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,328 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21270#true} {21271#false} #1754#return; {21271#false} is VALID [2022-02-20 17:57:08,328 INFO L290 TraceCheckUtils]: 89: Hoare triple {21271#false} assume { :end_inline_setup_rjh__role__Keys } true; {21271#false} is VALID [2022-02-20 17:57:08,328 INFO L290 TraceCheckUtils]: 90: Hoare triple {21271#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21271#false} is VALID [2022-02-20 17:57:08,328 INFO L290 TraceCheckUtils]: 91: Hoare triple {21271#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21271#false} is VALID [2022-02-20 17:57:08,328 INFO L272 TraceCheckUtils]: 92: Hoare triple {21271#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,328 INFO L290 TraceCheckUtils]: 93: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21270#true} is VALID [2022-02-20 17:57:08,329 INFO L272 TraceCheckUtils]: 94: Hoare triple {21270#true} call setClientId(~chuck___0, ~chuck___0); {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:08,329 INFO L290 TraceCheckUtils]: 95: Hoare triple {21359#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,329 INFO L290 TraceCheckUtils]: 96: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,329 INFO L290 TraceCheckUtils]: 97: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,329 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21270#true} {21270#true} #1622#return; {21270#true} is VALID [2022-02-20 17:57:08,329 INFO L290 TraceCheckUtils]: 99: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,329 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21270#true} {21271#false} #1758#return; {21271#false} is VALID [2022-02-20 17:57:08,330 INFO L272 TraceCheckUtils]: 101: Hoare triple {21271#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:08,330 INFO L290 TraceCheckUtils]: 102: Hoare triple {21364#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,330 INFO L290 TraceCheckUtils]: 103: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,330 INFO L290 TraceCheckUtils]: 104: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,330 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21270#true} {21271#false} #1760#return; {21271#false} is VALID [2022-02-20 17:57:08,330 INFO L290 TraceCheckUtils]: 106: Hoare triple {21271#false} assume { :end_inline_setup_chuck__role__Keys } true; {21271#false} is VALID [2022-02-20 17:57:08,330 INFO L290 TraceCheckUtils]: 107: Hoare triple {21271#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {21271#false} is VALID [2022-02-20 17:57:08,330 INFO L290 TraceCheckUtils]: 108: Hoare triple {21271#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21271#false} is VALID [2022-02-20 17:57:08,330 INFO L290 TraceCheckUtils]: 109: Hoare triple {21271#false} assume !false; {21271#false} is VALID [2022-02-20 17:57:08,330 INFO L290 TraceCheckUtils]: 110: Hoare triple {21271#false} assume !(test_~splverifierCounter~0#1 < 4); {21271#false} is VALID [2022-02-20 17:57:08,331 INFO L290 TraceCheckUtils]: 111: Hoare triple {21271#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {21271#false} is VALID [2022-02-20 17:57:08,331 INFO L272 TraceCheckUtils]: 112: Hoare triple {21271#false} call sendEmail(~bob~0, ~rjh~0); {21271#false} is VALID [2022-02-20 17:57:08,331 INFO L290 TraceCheckUtils]: 113: Hoare triple {21271#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21271#false} is VALID [2022-02-20 17:57:08,331 INFO L272 TraceCheckUtils]: 114: Hoare triple {21271#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21377#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:08,331 INFO L290 TraceCheckUtils]: 115: Hoare triple {21377#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,331 INFO L290 TraceCheckUtils]: 116: Hoare triple {21270#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,331 INFO L290 TraceCheckUtils]: 117: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,331 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21270#true} {21271#false} #1644#return; {21271#false} is VALID [2022-02-20 17:57:08,331 INFO L272 TraceCheckUtils]: 119: Hoare triple {21271#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21378#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:08,332 INFO L290 TraceCheckUtils]: 120: Hoare triple {21378#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,332 INFO L290 TraceCheckUtils]: 121: Hoare triple {21270#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,332 INFO L290 TraceCheckUtils]: 122: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,332 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21270#true} {21271#false} #1646#return; {21271#false} is VALID [2022-02-20 17:57:08,332 INFO L290 TraceCheckUtils]: 124: Hoare triple {21271#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {21271#false} is VALID [2022-02-20 17:57:08,332 INFO L290 TraceCheckUtils]: 125: Hoare triple {21271#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {21271#false} is VALID [2022-02-20 17:57:08,332 INFO L272 TraceCheckUtils]: 126: Hoare triple {21271#false} call outgoing(~sender#1, ~email~0#1); {21271#false} is VALID [2022-02-20 17:57:08,332 INFO L290 TraceCheckUtils]: 127: Hoare triple {21271#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21271#false} is VALID [2022-02-20 17:57:08,332 INFO L290 TraceCheckUtils]: 128: Hoare triple {21271#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {21271#false} is VALID [2022-02-20 17:57:08,332 INFO L272 TraceCheckUtils]: 129: Hoare triple {21271#false} call outgoing__before__Sign(~client#1, ~msg#1); {21271#false} is VALID [2022-02-20 17:57:08,333 INFO L290 TraceCheckUtils]: 130: Hoare triple {21271#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21271#false} is VALID [2022-02-20 17:57:08,333 INFO L290 TraceCheckUtils]: 131: Hoare triple {21271#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21271#false} is VALID [2022-02-20 17:57:08,333 INFO L272 TraceCheckUtils]: 132: Hoare triple {21271#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21271#false} is VALID [2022-02-20 17:57:08,333 INFO L290 TraceCheckUtils]: 133: Hoare triple {21271#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21271#false} is VALID [2022-02-20 17:57:08,333 INFO L290 TraceCheckUtils]: 134: Hoare triple {21271#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {21271#false} is VALID [2022-02-20 17:57:08,333 INFO L272 TraceCheckUtils]: 135: Hoare triple {21271#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {21270#true} is VALID [2022-02-20 17:57:08,333 INFO L290 TraceCheckUtils]: 136: Hoare triple {21270#true} ~handle := #in~handle;havoc ~retValue_acc~13; {21270#true} is VALID [2022-02-20 17:57:08,333 INFO L290 TraceCheckUtils]: 137: Hoare triple {21270#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {21270#true} is VALID [2022-02-20 17:57:08,333 INFO L290 TraceCheckUtils]: 138: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,334 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {21270#true} {21271#false} #1610#return; {21271#false} is VALID [2022-02-20 17:57:08,334 INFO L290 TraceCheckUtils]: 140: Hoare triple {21271#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {21271#false} is VALID [2022-02-20 17:57:08,334 INFO L272 TraceCheckUtils]: 141: Hoare triple {21271#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {21270#true} is VALID [2022-02-20 17:57:08,334 INFO L290 TraceCheckUtils]: 142: Hoare triple {21270#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {21270#true} is VALID [2022-02-20 17:57:08,334 INFO L290 TraceCheckUtils]: 143: Hoare triple {21270#true} assume 1 == ~handle; {21270#true} is VALID [2022-02-20 17:57:08,334 INFO L290 TraceCheckUtils]: 144: Hoare triple {21270#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {21270#true} is VALID [2022-02-20 17:57:08,334 INFO L290 TraceCheckUtils]: 145: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,334 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {21270#true} {21271#false} #1612#return; {21271#false} is VALID [2022-02-20 17:57:08,334 INFO L290 TraceCheckUtils]: 147: Hoare triple {21271#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {21271#false} is VALID [2022-02-20 17:57:08,334 INFO L290 TraceCheckUtils]: 148: Hoare triple {21271#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {21271#false} is VALID [2022-02-20 17:57:08,335 INFO L272 TraceCheckUtils]: 149: Hoare triple {21271#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {21271#false} is VALID [2022-02-20 17:57:08,335 INFO L290 TraceCheckUtils]: 150: Hoare triple {21271#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {21271#false} is VALID [2022-02-20 17:57:08,335 INFO L290 TraceCheckUtils]: 151: Hoare triple {21271#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {21271#false} is VALID [2022-02-20 17:57:08,335 INFO L290 TraceCheckUtils]: 152: Hoare triple {21271#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {21271#false} is VALID [2022-02-20 17:57:08,335 INFO L272 TraceCheckUtils]: 153: Hoare triple {21271#false} call setEmailFrom(~msg#1, ~tmp~8#1); {21377#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:08,335 INFO L290 TraceCheckUtils]: 154: Hoare triple {21377#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:08,335 INFO L290 TraceCheckUtils]: 155: Hoare triple {21270#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:08,335 INFO L290 TraceCheckUtils]: 156: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,335 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21270#true} {21271#false} #1656#return; {21271#false} is VALID [2022-02-20 17:57:08,336 INFO L290 TraceCheckUtils]: 158: Hoare triple {21271#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {21271#false} is VALID [2022-02-20 17:57:08,336 INFO L290 TraceCheckUtils]: 159: Hoare triple {21271#false} assume !(-1 == ~mail_is_sensitive~0); {21271#false} is VALID [2022-02-20 17:57:08,336 INFO L272 TraceCheckUtils]: 160: Hoare triple {21271#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {21270#true} is VALID [2022-02-20 17:57:08,336 INFO L290 TraceCheckUtils]: 161: Hoare triple {21270#true} ~handle := #in~handle;havoc ~retValue_acc~16; {21270#true} is VALID [2022-02-20 17:57:08,336 INFO L290 TraceCheckUtils]: 162: Hoare triple {21270#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {21270#true} is VALID [2022-02-20 17:57:08,336 INFO L290 TraceCheckUtils]: 163: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:08,337 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21270#true} {21271#false} #1660#return; {21271#false} is VALID [2022-02-20 17:57:08,337 INFO L290 TraceCheckUtils]: 165: Hoare triple {21271#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {21271#false} is VALID [2022-02-20 17:57:08,337 INFO L290 TraceCheckUtils]: 166: Hoare triple {21271#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {21271#false} is VALID [2022-02-20 17:57:08,337 INFO L290 TraceCheckUtils]: 167: Hoare triple {21271#false} assume !false; {21271#false} is VALID [2022-02-20 17:57:08,337 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2022-02-20 17:57:08,338 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:08,338 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1933148420] [2022-02-20 17:57:08,338 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1933148420] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:57:08,338 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1876872079] [2022-02-20 17:57:08,338 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:08,338 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:57:08,338 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:57:08,340 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:57:08,341 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:57:08,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,600 INFO L263 TraceCheckSpWp]: Trace formula consists of 1440 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:57:08,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:08,705 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:57:09,012 INFO L290 TraceCheckUtils]: 0: Hoare triple {21270#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {21270#true} is VALID [2022-02-20 17:57:09,012 INFO L290 TraceCheckUtils]: 1: Hoare triple {21270#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L290 TraceCheckUtils]: 2: Hoare triple {21270#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L272 TraceCheckUtils]: 3: Hoare triple {21270#true} call select_features_#t~ret117#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L290 TraceCheckUtils]: 4: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L290 TraceCheckUtils]: 5: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21270#true} {21270#true} #1730#return; {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L290 TraceCheckUtils]: 7: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L272 TraceCheckUtils]: 8: Hoare triple {21270#true} call select_features_#t~ret118#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L290 TraceCheckUtils]: 9: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:09,013 INFO L290 TraceCheckUtils]: 10: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21270#true} {21270#true} #1732#return; {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L290 TraceCheckUtils]: 12: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L272 TraceCheckUtils]: 13: Hoare triple {21270#true} call select_features_#t~ret119#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L290 TraceCheckUtils]: 14: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L290 TraceCheckUtils]: 15: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21270#true} {21270#true} #1734#return; {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L290 TraceCheckUtils]: 17: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L272 TraceCheckUtils]: 18: Hoare triple {21270#true} call select_features_#t~ret120#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:09,014 INFO L290 TraceCheckUtils]: 19: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L290 TraceCheckUtils]: 20: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21270#true} {21270#true} #1736#return; {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L290 TraceCheckUtils]: 22: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L272 TraceCheckUtils]: 23: Hoare triple {21270#true} call select_features_#t~ret121#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L290 TraceCheckUtils]: 24: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L290 TraceCheckUtils]: 25: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21270#true} {21270#true} #1738#return; {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L290 TraceCheckUtils]: 27: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L272 TraceCheckUtils]: 28: Hoare triple {21270#true} call select_features_#t~ret122#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:09,015 INFO L290 TraceCheckUtils]: 29: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L290 TraceCheckUtils]: 30: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21270#true} {21270#true} #1740#return; {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L290 TraceCheckUtils]: 32: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L272 TraceCheckUtils]: 33: Hoare triple {21270#true} call select_features_#t~ret123#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L290 TraceCheckUtils]: 34: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L290 TraceCheckUtils]: 35: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21270#true} {21270#true} #1742#return; {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L290 TraceCheckUtils]: 37: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L272 TraceCheckUtils]: 38: Hoare triple {21270#true} call select_features_#t~ret124#1 := select_one(); {21270#true} is VALID [2022-02-20 17:57:09,016 INFO L290 TraceCheckUtils]: 39: Hoare triple {21270#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L290 TraceCheckUtils]: 40: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21270#true} {21270#true} #1744#return; {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L290 TraceCheckUtils]: 42: Hoare triple {21270#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L290 TraceCheckUtils]: 43: Hoare triple {21270#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L290 TraceCheckUtils]: 44: Hoare triple {21270#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L290 TraceCheckUtils]: 45: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L290 TraceCheckUtils]: 46: Hoare triple {21270#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L290 TraceCheckUtils]: 47: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {21270#true} is VALID [2022-02-20 17:57:09,017 INFO L290 TraceCheckUtils]: 48: Hoare triple {21270#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 49: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 50: Hoare triple {21270#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 51: Hoare triple {21270#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 52: Hoare triple {21270#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 53: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 54: Hoare triple {21270#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 55: Hoare triple {21270#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 56: Hoare triple {21270#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L290 TraceCheckUtils]: 57: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21270#true} is VALID [2022-02-20 17:57:09,018 INFO L272 TraceCheckUtils]: 58: Hoare triple {21270#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L290 TraceCheckUtils]: 59: Hoare triple {21270#true} ~bob___0 := #in~bob___0; {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L272 TraceCheckUtils]: 60: Hoare triple {21270#true} call setClientId(~bob___0, ~bob___0); {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L290 TraceCheckUtils]: 61: Hoare triple {21270#true} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L290 TraceCheckUtils]: 62: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L290 TraceCheckUtils]: 63: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21270#true} {21270#true} #1728#return; {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L290 TraceCheckUtils]: 65: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21270#true} {21270#true} #1746#return; {21270#true} is VALID [2022-02-20 17:57:09,019 INFO L272 TraceCheckUtils]: 67: Hoare triple {21270#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L290 TraceCheckUtils]: 68: Hoare triple {21270#true} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L290 TraceCheckUtils]: 69: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L290 TraceCheckUtils]: 70: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21270#true} {21270#true} #1748#return; {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L290 TraceCheckUtils]: 72: Hoare triple {21270#true} assume { :end_inline_setup_bob__role__Keys } true; {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L290 TraceCheckUtils]: 73: Hoare triple {21270#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L290 TraceCheckUtils]: 74: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L272 TraceCheckUtils]: 75: Hoare triple {21270#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L290 TraceCheckUtils]: 76: Hoare triple {21270#true} ~rjh___0 := #in~rjh___0; {21270#true} is VALID [2022-02-20 17:57:09,020 INFO L272 TraceCheckUtils]: 77: Hoare triple {21270#true} call setClientId(~rjh___0, ~rjh___0); {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L290 TraceCheckUtils]: 78: Hoare triple {21270#true} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L290 TraceCheckUtils]: 79: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L290 TraceCheckUtils]: 80: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21270#true} {21270#true} #1680#return; {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L290 TraceCheckUtils]: 82: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21270#true} {21270#true} #1752#return; {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L272 TraceCheckUtils]: 84: Hoare triple {21270#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L290 TraceCheckUtils]: 85: Hoare triple {21270#true} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:09,021 INFO L290 TraceCheckUtils]: 86: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L290 TraceCheckUtils]: 87: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21270#true} {21270#true} #1754#return; {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L290 TraceCheckUtils]: 89: Hoare triple {21270#true} assume { :end_inline_setup_rjh__role__Keys } true; {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L290 TraceCheckUtils]: 90: Hoare triple {21270#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L290 TraceCheckUtils]: 91: Hoare triple {21270#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L272 TraceCheckUtils]: 92: Hoare triple {21270#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L290 TraceCheckUtils]: 93: Hoare triple {21270#true} ~chuck___0 := #in~chuck___0; {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L272 TraceCheckUtils]: 94: Hoare triple {21270#true} call setClientId(~chuck___0, ~chuck___0); {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L290 TraceCheckUtils]: 95: Hoare triple {21270#true} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:09,022 INFO L290 TraceCheckUtils]: 96: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L290 TraceCheckUtils]: 97: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21270#true} {21270#true} #1622#return; {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L290 TraceCheckUtils]: 99: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21270#true} {21270#true} #1758#return; {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L272 TraceCheckUtils]: 101: Hoare triple {21270#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L290 TraceCheckUtils]: 102: Hoare triple {21270#true} ~handle := #in~handle;~value := #in~value; {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L290 TraceCheckUtils]: 103: Hoare triple {21270#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L290 TraceCheckUtils]: 104: Hoare triple {21270#true} assume true; {21270#true} is VALID [2022-02-20 17:57:09,023 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21270#true} {21270#true} #1760#return; {21270#true} is VALID [2022-02-20 17:57:09,024 INFO L290 TraceCheckUtils]: 106: Hoare triple {21270#true} assume { :end_inline_setup_chuck__role__Keys } true; {21270#true} is VALID [2022-02-20 17:57:09,024 INFO L290 TraceCheckUtils]: 107: Hoare triple {21270#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {21270#true} is VALID [2022-02-20 17:57:09,024 INFO L290 TraceCheckUtils]: 108: Hoare triple {21270#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21706#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:57:09,024 INFO L290 TraceCheckUtils]: 109: Hoare triple {21706#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {21706#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:57:09,025 INFO L290 TraceCheckUtils]: 110: Hoare triple {21706#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {21271#false} is VALID [2022-02-20 17:57:09,025 INFO L290 TraceCheckUtils]: 111: Hoare triple {21271#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {21271#false} is VALID [2022-02-20 17:57:09,025 INFO L272 TraceCheckUtils]: 112: Hoare triple {21271#false} call sendEmail(~bob~0, ~rjh~0); {21271#false} is VALID [2022-02-20 17:57:09,025 INFO L290 TraceCheckUtils]: 113: Hoare triple {21271#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21271#false} is VALID [2022-02-20 17:57:09,025 INFO L272 TraceCheckUtils]: 114: Hoare triple {21271#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21271#false} is VALID [2022-02-20 17:57:09,025 INFO L290 TraceCheckUtils]: 115: Hoare triple {21271#false} ~handle := #in~handle;~value := #in~value; {21271#false} is VALID [2022-02-20 17:57:09,025 INFO L290 TraceCheckUtils]: 116: Hoare triple {21271#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L290 TraceCheckUtils]: 117: Hoare triple {21271#false} assume true; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21271#false} {21271#false} #1644#return; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L272 TraceCheckUtils]: 119: Hoare triple {21271#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L290 TraceCheckUtils]: 120: Hoare triple {21271#false} ~handle := #in~handle;~value := #in~value; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L290 TraceCheckUtils]: 121: Hoare triple {21271#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L290 TraceCheckUtils]: 122: Hoare triple {21271#false} assume true; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21271#false} {21271#false} #1646#return; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L290 TraceCheckUtils]: 124: Hoare triple {21271#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L290 TraceCheckUtils]: 125: Hoare triple {21271#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {21271#false} is VALID [2022-02-20 17:57:09,026 INFO L272 TraceCheckUtils]: 126: Hoare triple {21271#false} call outgoing(~sender#1, ~email~0#1); {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L290 TraceCheckUtils]: 127: Hoare triple {21271#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L290 TraceCheckUtils]: 128: Hoare triple {21271#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L272 TraceCheckUtils]: 129: Hoare triple {21271#false} call outgoing__before__Sign(~client#1, ~msg#1); {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L290 TraceCheckUtils]: 130: Hoare triple {21271#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L290 TraceCheckUtils]: 131: Hoare triple {21271#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L272 TraceCheckUtils]: 132: Hoare triple {21271#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L290 TraceCheckUtils]: 133: Hoare triple {21271#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L290 TraceCheckUtils]: 134: Hoare triple {21271#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L272 TraceCheckUtils]: 135: Hoare triple {21271#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {21271#false} is VALID [2022-02-20 17:57:09,027 INFO L290 TraceCheckUtils]: 136: Hoare triple {21271#false} ~handle := #in~handle;havoc ~retValue_acc~13; {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L290 TraceCheckUtils]: 137: Hoare triple {21271#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L290 TraceCheckUtils]: 138: Hoare triple {21271#false} assume true; {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {21271#false} {21271#false} #1610#return; {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L290 TraceCheckUtils]: 140: Hoare triple {21271#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L272 TraceCheckUtils]: 141: Hoare triple {21271#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L290 TraceCheckUtils]: 142: Hoare triple {21271#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L290 TraceCheckUtils]: 143: Hoare triple {21271#false} assume 1 == ~handle; {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L290 TraceCheckUtils]: 144: Hoare triple {21271#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {21271#false} is VALID [2022-02-20 17:57:09,028 INFO L290 TraceCheckUtils]: 145: Hoare triple {21271#false} assume true; {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {21271#false} {21271#false} #1612#return; {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L290 TraceCheckUtils]: 147: Hoare triple {21271#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L290 TraceCheckUtils]: 148: Hoare triple {21271#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L272 TraceCheckUtils]: 149: Hoare triple {21271#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L290 TraceCheckUtils]: 150: Hoare triple {21271#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L290 TraceCheckUtils]: 151: Hoare triple {21271#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L290 TraceCheckUtils]: 152: Hoare triple {21271#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L272 TraceCheckUtils]: 153: Hoare triple {21271#false} call setEmailFrom(~msg#1, ~tmp~8#1); {21271#false} is VALID [2022-02-20 17:57:09,029 INFO L290 TraceCheckUtils]: 154: Hoare triple {21271#false} ~handle := #in~handle;~value := #in~value; {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L290 TraceCheckUtils]: 155: Hoare triple {21271#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L290 TraceCheckUtils]: 156: Hoare triple {21271#false} assume true; {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21271#false} {21271#false} #1656#return; {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L290 TraceCheckUtils]: 158: Hoare triple {21271#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L290 TraceCheckUtils]: 159: Hoare triple {21271#false} assume !(-1 == ~mail_is_sensitive~0); {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L272 TraceCheckUtils]: 160: Hoare triple {21271#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L290 TraceCheckUtils]: 161: Hoare triple {21271#false} ~handle := #in~handle;havoc ~retValue_acc~16; {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L290 TraceCheckUtils]: 162: Hoare triple {21271#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L290 TraceCheckUtils]: 163: Hoare triple {21271#false} assume true; {21271#false} is VALID [2022-02-20 17:57:09,030 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21271#false} {21271#false} #1660#return; {21271#false} is VALID [2022-02-20 17:57:09,031 INFO L290 TraceCheckUtils]: 165: Hoare triple {21271#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {21271#false} is VALID [2022-02-20 17:57:09,031 INFO L290 TraceCheckUtils]: 166: Hoare triple {21271#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {21271#false} is VALID [2022-02-20 17:57:09,031 INFO L290 TraceCheckUtils]: 167: Hoare triple {21271#false} assume !false; {21271#false} is VALID [2022-02-20 17:57:09,031 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 17:57:09,031 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:57:09,032 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1876872079] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:09,032 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:57:09,032 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 17:57:09,032 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1347053627] [2022-02-20 17:57:09,032 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:09,033 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 168 [2022-02-20 17:57:09,033 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:09,033 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:57:09,141 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 139 edges. 139 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:09,141 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:57:09,141 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:09,142 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:57:09,142 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:57:09,142 INFO L87 Difference]: Start difference. First operand 591 states and 849 transitions. Second operand has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:57:09,796 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:09,796 INFO L93 Difference]: Finished difference Result 917 states and 1299 transitions. [2022-02-20 17:57:09,797 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:57:09,797 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 168 [2022-02-20 17:57:09,797 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:09,797 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:57:09,807 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1297 transitions. [2022-02-20 17:57:09,807 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:57:09,816 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1297 transitions. [2022-02-20 17:57:09,816 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1297 transitions. [2022-02-20 17:57:10,524 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1297 edges. 1297 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:10,542 INFO L225 Difference]: With dead ends: 917 [2022-02-20 17:57:10,542 INFO L226 Difference]: Without dead ends: 594 [2022-02-20 17:57:10,543 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 219 GetRequests, 208 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:57:10,543 INFO L933 BasicCegarLoop]: 845 mSDtfsCounter, 1 mSDsluCounter, 843 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1688 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:10,544 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1688 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:57:10,544 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 594 states. [2022-02-20 17:57:10,560 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 594 to 593. [2022-02-20 17:57:10,560 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:10,561 INFO L82 GeneralOperation]: Start isEquivalent. First operand 594 states. Second operand has 593 states, 445 states have (on average 1.451685393258427) internal successors, (646), 456 states have internal predecessors, (646), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 17:57:10,562 INFO L74 IsIncluded]: Start isIncluded. First operand 594 states. Second operand has 593 states, 445 states have (on average 1.451685393258427) internal successors, (646), 456 states have internal predecessors, (646), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 17:57:10,562 INFO L87 Difference]: Start difference. First operand 594 states. Second operand has 593 states, 445 states have (on average 1.451685393258427) internal successors, (646), 456 states have internal predecessors, (646), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 17:57:10,576 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:10,577 INFO L93 Difference]: Finished difference Result 594 states and 852 transitions. [2022-02-20 17:57:10,577 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 852 transitions. [2022-02-20 17:57:10,578 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:10,578 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:10,579 INFO L74 IsIncluded]: Start isIncluded. First operand has 593 states, 445 states have (on average 1.451685393258427) internal successors, (646), 456 states have internal predecessors, (646), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 594 states. [2022-02-20 17:57:10,580 INFO L87 Difference]: Start difference. First operand has 593 states, 445 states have (on average 1.451685393258427) internal successors, (646), 456 states have internal predecessors, (646), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 594 states. [2022-02-20 17:57:10,594 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:10,594 INFO L93 Difference]: Finished difference Result 594 states and 852 transitions. [2022-02-20 17:57:10,594 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 852 transitions. [2022-02-20 17:57:10,595 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:10,595 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:10,595 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:10,596 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:10,596 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 445 states have (on average 1.451685393258427) internal successors, (646), 456 states have internal predecessors, (646), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 17:57:10,615 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 851 transitions. [2022-02-20 17:57:10,615 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 851 transitions. Word has length 168 [2022-02-20 17:57:10,616 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:10,616 INFO L470 AbstractCegarLoop]: Abstraction has 593 states and 851 transitions. [2022-02-20 17:57:10,616 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:57:10,616 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 851 transitions. [2022-02-20 17:57:10,617 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 184 [2022-02-20 17:57:10,618 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:10,618 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:10,651 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:57:10,835 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2022-02-20 17:57:10,836 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:10,836 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:10,836 INFO L85 PathProgramCache]: Analyzing trace with hash 93123840, now seen corresponding path program 1 times [2022-02-20 17:57:10,836 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:10,836 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1763421665] [2022-02-20 17:57:10,836 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:10,837 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:10,879 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:10,906 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,908 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:10,908 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,908 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25158#true} {25158#true} #1730#return; {25158#true} is VALID [2022-02-20 17:57:10,908 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:10,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:10,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,915 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25158#true} {25158#true} #1732#return; {25158#true} is VALID [2022-02-20 17:57:10,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:10,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,918 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:10,918 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,918 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25158#true} {25158#true} #1734#return; {25158#true} is VALID [2022-02-20 17:57:10,918 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:10,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:10,922 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,922 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25158#true} {25158#true} #1736#return; {25158#true} is VALID [2022-02-20 17:57:10,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:10,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:10,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,925 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25158#true} {25158#true} #1738#return; {25158#true} is VALID [2022-02-20 17:57:10,925 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:10,927 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,928 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:10,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,928 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25158#true} {25158#true} #1740#return; {25158#true} is VALID [2022-02-20 17:57:10,929 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:10,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,934 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:10,934 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,934 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25158#true} {25158#true} #1742#return; {25158#true} is VALID [2022-02-20 17:57:10,934 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:10,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,937 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:10,937 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,938 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25158#true} {25158#true} #1744#return; {25158#true} is VALID [2022-02-20 17:57:10,943 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:57:10,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:10,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:10,959 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:10,959 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,959 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25158#true} #1728#return; {25158#true} is VALID [2022-02-20 17:57:10,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25158#true} is VALID [2022-02-20 17:57:10,960 INFO L272 TraceCheckUtils]: 1: Hoare triple {25158#true} call setClientId(~bob___0, ~bob___0); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:10,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:10,960 INFO L290 TraceCheckUtils]: 3: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:10,960 INFO L290 TraceCheckUtils]: 4: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,960 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25158#true} {25158#true} #1728#return; {25158#true} is VALID [2022-02-20 17:57:10,960 INFO L290 TraceCheckUtils]: 6: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,960 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25158#true} {25158#true} #1746#return; {25158#true} is VALID [2022-02-20 17:57:10,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:57:10,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:10,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:10,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:10,967 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25158#true} #1748#return; {25158#true} is VALID [2022-02-20 17:57:10,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:57:10,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:10,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:10,993 INFO L290 TraceCheckUtils]: 0: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25263#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:10,993 INFO L290 TraceCheckUtils]: 1: Hoare triple {25263#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25264#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:10,993 INFO L290 TraceCheckUtils]: 2: Hoare triple {25264#(= |setClientId_#in~handle| 1)} assume true; {25264#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:10,994 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25264#(= |setClientId_#in~handle| 1)} {25257#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:10,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25257#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:10,994 INFO L272 TraceCheckUtils]: 1: Hoare triple {25257#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:10,995 INFO L290 TraceCheckUtils]: 2: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25263#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:10,995 INFO L290 TraceCheckUtils]: 3: Hoare triple {25263#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25264#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:10,995 INFO L290 TraceCheckUtils]: 4: Hoare triple {25264#(= |setClientId_#in~handle| 1)} assume true; {25264#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:10,996 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25264#(= |setClientId_#in~handle| 1)} {25257#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:10,996 INFO L290 TraceCheckUtils]: 6: Hoare triple {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:10,996 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25197#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1752#return; {25159#false} is VALID [2022-02-20 17:57:10,996 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:57:10,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,001 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25159#false} #1754#return; {25159#false} is VALID [2022-02-20 17:57:11,001 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:57:11,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:11,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,022 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25158#true} #1622#return; {25158#true} is VALID [2022-02-20 17:57:11,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25158#true} is VALID [2022-02-20 17:57:11,023 INFO L272 TraceCheckUtils]: 1: Hoare triple {25158#true} call setClientId(~chuck___0, ~chuck___0); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:11,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,023 INFO L290 TraceCheckUtils]: 3: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,023 INFO L290 TraceCheckUtils]: 4: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,023 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25158#true} {25158#true} #1622#return; {25158#true} is VALID [2022-02-20 17:57:11,023 INFO L290 TraceCheckUtils]: 6: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,023 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25158#true} {25159#false} #1758#return; {25159#false} is VALID [2022-02-20 17:57:11,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:57:11,024 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,026 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25159#false} #1760#return; {25159#false} is VALID [2022-02-20 17:57:11,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:57:11,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,033 INFO L290 TraceCheckUtils]: 0: Hoare triple {25269#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,034 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25159#false} #1644#return; {25159#false} is VALID [2022-02-20 17:57:11,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:57:11,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {25270#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25159#false} #1646#return; {25159#false} is VALID [2022-02-20 17:57:11,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 140 [2022-02-20 17:57:11,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} ~handle := #in~handle;havoc ~retValue_acc~28; {25158#true} is VALID [2022-02-20 17:57:11,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~28; {25158#true} is VALID [2022-02-20 17:57:11,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,045 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25159#false} #1624#return; {25159#false} is VALID [2022-02-20 17:57:11,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 17:57:11,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} ~handle := #in~handle;havoc ~retValue_acc~13; {25158#true} is VALID [2022-02-20 17:57:11,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {25158#true} is VALID [2022-02-20 17:57:11,047 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,047 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25159#false} #1610#return; {25159#false} is VALID [2022-02-20 17:57:11,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 17:57:11,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {25158#true} is VALID [2022-02-20 17:57:11,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle; {25158#true} is VALID [2022-02-20 17:57:11,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {25158#true} is VALID [2022-02-20 17:57:11,049 INFO L290 TraceCheckUtils]: 3: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,049 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25158#true} {25159#false} #1612#return; {25159#false} is VALID [2022-02-20 17:57:11,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 168 [2022-02-20 17:57:11,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {25269#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,051 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,051 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25159#false} #1656#return; {25159#false} is VALID [2022-02-20 17:57:11,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 175 [2022-02-20 17:57:11,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} ~handle := #in~handle;havoc ~retValue_acc~16; {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25158#true} {25159#false} #1660#return; {25159#false} is VALID [2022-02-20 17:57:11,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L272 TraceCheckUtils]: 3: Hoare triple {25158#true} call select_features_#t~ret117#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L290 TraceCheckUtils]: 4: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L290 TraceCheckUtils]: 5: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,068 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25158#true} {25158#true} #1730#return; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 7: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L272 TraceCheckUtils]: 8: Hoare triple {25158#true} call select_features_#t~ret118#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 9: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 10: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25158#true} {25158#true} #1732#return; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 12: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L272 TraceCheckUtils]: 13: Hoare triple {25158#true} call select_features_#t~ret119#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 14: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 15: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25158#true} {25158#true} #1734#return; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 17: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L272 TraceCheckUtils]: 18: Hoare triple {25158#true} call select_features_#t~ret120#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 19: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 20: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25158#true} {25158#true} #1736#return; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 22: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L272 TraceCheckUtils]: 23: Hoare triple {25158#true} call select_features_#t~ret121#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,069 INFO L290 TraceCheckUtils]: 24: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 25: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25158#true} {25158#true} #1738#return; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 27: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L272 TraceCheckUtils]: 28: Hoare triple {25158#true} call select_features_#t~ret122#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 29: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 30: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25158#true} {25158#true} #1740#return; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 32: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L272 TraceCheckUtils]: 33: Hoare triple {25158#true} call select_features_#t~ret123#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 34: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 35: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25158#true} {25158#true} #1742#return; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 37: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L272 TraceCheckUtils]: 38: Hoare triple {25158#true} call select_features_#t~ret124#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 39: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 40: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25158#true} {25158#true} #1744#return; {25158#true} is VALID [2022-02-20 17:57:11,070 INFO L290 TraceCheckUtils]: 42: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 43: Hoare triple {25158#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 44: Hoare triple {25158#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 45: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 46: Hoare triple {25158#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 47: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 48: Hoare triple {25158#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 49: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 50: Hoare triple {25158#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 51: Hoare triple {25158#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 52: Hoare triple {25158#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 53: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 54: Hoare triple {25158#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 55: Hoare triple {25158#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 56: Hoare triple {25158#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25158#true} is VALID [2022-02-20 17:57:11,071 INFO L290 TraceCheckUtils]: 57: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25158#true} is VALID [2022-02-20 17:57:11,072 INFO L272 TraceCheckUtils]: 58: Hoare triple {25158#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:11,072 INFO L290 TraceCheckUtils]: 59: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25158#true} is VALID [2022-02-20 17:57:11,073 INFO L272 TraceCheckUtils]: 60: Hoare triple {25158#true} call setClientId(~bob___0, ~bob___0); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:11,073 INFO L290 TraceCheckUtils]: 61: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,073 INFO L290 TraceCheckUtils]: 62: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,073 INFO L290 TraceCheckUtils]: 63: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,073 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25158#true} {25158#true} #1728#return; {25158#true} is VALID [2022-02-20 17:57:11,073 INFO L290 TraceCheckUtils]: 65: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,073 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25158#true} {25158#true} #1746#return; {25158#true} is VALID [2022-02-20 17:57:11,074 INFO L272 TraceCheckUtils]: 67: Hoare triple {25158#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:11,074 INFO L290 TraceCheckUtils]: 68: Hoare triple {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,074 INFO L290 TraceCheckUtils]: 69: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,074 INFO L290 TraceCheckUtils]: 70: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,074 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25158#true} {25158#true} #1748#return; {25158#true} is VALID [2022-02-20 17:57:11,074 INFO L290 TraceCheckUtils]: 72: Hoare triple {25158#true} assume { :end_inline_setup_bob__role__Keys } true; {25158#true} is VALID [2022-02-20 17:57:11,074 INFO L290 TraceCheckUtils]: 73: Hoare triple {25158#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25196#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:57:11,075 INFO L290 TraceCheckUtils]: 74: Hoare triple {25196#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25197#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:57:11,075 INFO L272 TraceCheckUtils]: 75: Hoare triple {25197#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:11,076 INFO L290 TraceCheckUtils]: 76: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25257#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:11,076 INFO L272 TraceCheckUtils]: 77: Hoare triple {25257#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:11,077 INFO L290 TraceCheckUtils]: 78: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25263#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:11,077 INFO L290 TraceCheckUtils]: 79: Hoare triple {25263#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25264#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:11,077 INFO L290 TraceCheckUtils]: 80: Hoare triple {25264#(= |setClientId_#in~handle| 1)} assume true; {25264#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:11,078 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25264#(= |setClientId_#in~handle| 1)} {25257#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:11,078 INFO L290 TraceCheckUtils]: 82: Hoare triple {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:11,078 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25262#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25197#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1752#return; {25159#false} is VALID [2022-02-20 17:57:11,079 INFO L272 TraceCheckUtils]: 84: Hoare triple {25159#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:11,079 INFO L290 TraceCheckUtils]: 85: Hoare triple {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,079 INFO L290 TraceCheckUtils]: 86: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,079 INFO L290 TraceCheckUtils]: 87: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,079 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25158#true} {25159#false} #1754#return; {25159#false} is VALID [2022-02-20 17:57:11,079 INFO L290 TraceCheckUtils]: 89: Hoare triple {25159#false} assume { :end_inline_setup_rjh__role__Keys } true; {25159#false} is VALID [2022-02-20 17:57:11,079 INFO L290 TraceCheckUtils]: 90: Hoare triple {25159#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25159#false} is VALID [2022-02-20 17:57:11,079 INFO L290 TraceCheckUtils]: 91: Hoare triple {25159#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25159#false} is VALID [2022-02-20 17:57:11,079 INFO L272 TraceCheckUtils]: 92: Hoare triple {25159#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:11,079 INFO L290 TraceCheckUtils]: 93: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25158#true} is VALID [2022-02-20 17:57:11,080 INFO L272 TraceCheckUtils]: 94: Hoare triple {25158#true} call setClientId(~chuck___0, ~chuck___0); {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:11,080 INFO L290 TraceCheckUtils]: 95: Hoare triple {25251#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,080 INFO L290 TraceCheckUtils]: 96: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,080 INFO L290 TraceCheckUtils]: 97: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,081 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25158#true} {25158#true} #1622#return; {25158#true} is VALID [2022-02-20 17:57:11,081 INFO L290 TraceCheckUtils]: 99: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,081 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25158#true} {25159#false} #1758#return; {25159#false} is VALID [2022-02-20 17:57:11,081 INFO L272 TraceCheckUtils]: 101: Hoare triple {25159#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:11,081 INFO L290 TraceCheckUtils]: 102: Hoare triple {25256#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,081 INFO L290 TraceCheckUtils]: 103: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,081 INFO L290 TraceCheckUtils]: 104: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,081 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25158#true} {25159#false} #1760#return; {25159#false} is VALID [2022-02-20 17:57:11,081 INFO L290 TraceCheckUtils]: 106: Hoare triple {25159#false} assume { :end_inline_setup_chuck__role__Keys } true; {25159#false} is VALID [2022-02-20 17:57:11,081 INFO L290 TraceCheckUtils]: 107: Hoare triple {25159#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 108: Hoare triple {25159#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 109: Hoare triple {25159#false} assume !false; {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 110: Hoare triple {25159#false} assume test_~splverifierCounter~0#1 < 4; {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 111: Hoare triple {25159#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 112: Hoare triple {25159#false} assume !(0 == test_~op1~0#1); {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 113: Hoare triple {25159#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet8#1 && test_#t~nondet8#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet8#1;havoc test_#t~nondet8#1; {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 114: Hoare triple {25159#false} assume 0 != test_~tmp___8~0#1; {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 115: Hoare triple {25159#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 116: Hoare triple {25159#false} test_~op2~0#1 := 1; {25159#false} is VALID [2022-02-20 17:57:11,082 INFO L290 TraceCheckUtils]: 117: Hoare triple {25159#false} assume !false; {25159#false} is VALID [2022-02-20 17:57:11,083 INFO L290 TraceCheckUtils]: 118: Hoare triple {25159#false} assume !(test_~splverifierCounter~0#1 < 4); {25159#false} is VALID [2022-02-20 17:57:11,083 INFO L290 TraceCheckUtils]: 119: Hoare triple {25159#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {25159#false} is VALID [2022-02-20 17:57:11,083 INFO L272 TraceCheckUtils]: 120: Hoare triple {25159#false} call sendEmail(~bob~0, ~rjh~0); {25159#false} is VALID [2022-02-20 17:57:11,083 INFO L290 TraceCheckUtils]: 121: Hoare triple {25159#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25159#false} is VALID [2022-02-20 17:57:11,083 INFO L272 TraceCheckUtils]: 122: Hoare triple {25159#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25269#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:11,083 INFO L290 TraceCheckUtils]: 123: Hoare triple {25269#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,083 INFO L290 TraceCheckUtils]: 124: Hoare triple {25158#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,083 INFO L290 TraceCheckUtils]: 125: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,083 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25158#true} {25159#false} #1644#return; {25159#false} is VALID [2022-02-20 17:57:11,084 INFO L272 TraceCheckUtils]: 127: Hoare triple {25159#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25270#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:11,084 INFO L290 TraceCheckUtils]: 128: Hoare triple {25270#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,084 INFO L290 TraceCheckUtils]: 129: Hoare triple {25158#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,084 INFO L290 TraceCheckUtils]: 130: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,084 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25158#true} {25159#false} #1646#return; {25159#false} is VALID [2022-02-20 17:57:11,084 INFO L290 TraceCheckUtils]: 132: Hoare triple {25159#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {25159#false} is VALID [2022-02-20 17:57:11,084 INFO L290 TraceCheckUtils]: 133: Hoare triple {25159#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {25159#false} is VALID [2022-02-20 17:57:11,084 INFO L272 TraceCheckUtils]: 134: Hoare triple {25159#false} call outgoing(~sender#1, ~email~0#1); {25159#false} is VALID [2022-02-20 17:57:11,084 INFO L290 TraceCheckUtils]: 135: Hoare triple {25159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25159#false} is VALID [2022-02-20 17:57:11,084 INFO L290 TraceCheckUtils]: 136: Hoare triple {25159#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25159#false} is VALID [2022-02-20 17:57:11,085 INFO L272 TraceCheckUtils]: 137: Hoare triple {25159#false} call outgoing__before__Sign(~client#1, ~msg#1); {25159#false} is VALID [2022-02-20 17:57:11,085 INFO L290 TraceCheckUtils]: 138: Hoare triple {25159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25159#false} is VALID [2022-02-20 17:57:11,085 INFO L290 TraceCheckUtils]: 139: Hoare triple {25159#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret45#1, outgoing__role__AddressBook_#t~ret46#1, outgoing__role__AddressBook_#t~ret47#1, outgoing__role__AddressBook_#t~ret48#1, outgoing__role__AddressBook_#t~ret49#1, outgoing__role__AddressBook_#t~ret50#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~0#1, outgoing__role__AddressBook_~tmp~10#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~0#1;havoc outgoing__role__AddressBook_~tmp~10#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {25159#false} is VALID [2022-02-20 17:57:11,085 INFO L272 TraceCheckUtils]: 140: Hoare triple {25159#false} call outgoing__role__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {25158#true} is VALID [2022-02-20 17:57:11,085 INFO L290 TraceCheckUtils]: 141: Hoare triple {25158#true} ~handle := #in~handle;havoc ~retValue_acc~28; {25158#true} is VALID [2022-02-20 17:57:11,085 INFO L290 TraceCheckUtils]: 142: Hoare triple {25158#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~28; {25158#true} is VALID [2022-02-20 17:57:11,085 INFO L290 TraceCheckUtils]: 143: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,085 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {25158#true} {25159#false} #1624#return; {25159#false} is VALID [2022-02-20 17:57:11,085 INFO L290 TraceCheckUtils]: 145: Hoare triple {25159#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret45#1 && outgoing__role__AddressBook_#t~ret45#1 <= 2147483647;outgoing__role__AddressBook_~tmp~10#1 := outgoing__role__AddressBook_#t~ret45#1;havoc outgoing__role__AddressBook_#t~ret45#1;outgoing__role__AddressBook_~size~0#1 := outgoing__role__AddressBook_~tmp~10#1; {25159#false} is VALID [2022-02-20 17:57:11,085 INFO L290 TraceCheckUtils]: 146: Hoare triple {25159#false} assume !(0 != outgoing__role__AddressBook_~size~0#1); {25159#false} is VALID [2022-02-20 17:57:11,086 INFO L272 TraceCheckUtils]: 147: Hoare triple {25159#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {25159#false} is VALID [2022-02-20 17:57:11,086 INFO L290 TraceCheckUtils]: 148: Hoare triple {25159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25159#false} is VALID [2022-02-20 17:57:11,086 INFO L290 TraceCheckUtils]: 149: Hoare triple {25159#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {25159#false} is VALID [2022-02-20 17:57:11,086 INFO L272 TraceCheckUtils]: 150: Hoare triple {25159#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {25158#true} is VALID [2022-02-20 17:57:11,086 INFO L290 TraceCheckUtils]: 151: Hoare triple {25158#true} ~handle := #in~handle;havoc ~retValue_acc~13; {25158#true} is VALID [2022-02-20 17:57:11,086 INFO L290 TraceCheckUtils]: 152: Hoare triple {25158#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {25158#true} is VALID [2022-02-20 17:57:11,086 INFO L290 TraceCheckUtils]: 153: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,086 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25158#true} {25159#false} #1610#return; {25159#false} is VALID [2022-02-20 17:57:11,086 INFO L290 TraceCheckUtils]: 155: Hoare triple {25159#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {25159#false} is VALID [2022-02-20 17:57:11,086 INFO L272 TraceCheckUtils]: 156: Hoare triple {25159#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {25158#true} is VALID [2022-02-20 17:57:11,087 INFO L290 TraceCheckUtils]: 157: Hoare triple {25158#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {25158#true} is VALID [2022-02-20 17:57:11,087 INFO L290 TraceCheckUtils]: 158: Hoare triple {25158#true} assume 1 == ~handle; {25158#true} is VALID [2022-02-20 17:57:11,087 INFO L290 TraceCheckUtils]: 159: Hoare triple {25158#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {25158#true} is VALID [2022-02-20 17:57:11,087 INFO L290 TraceCheckUtils]: 160: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,087 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {25158#true} {25159#false} #1612#return; {25159#false} is VALID [2022-02-20 17:57:11,087 INFO L290 TraceCheckUtils]: 162: Hoare triple {25159#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {25159#false} is VALID [2022-02-20 17:57:11,087 INFO L290 TraceCheckUtils]: 163: Hoare triple {25159#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {25159#false} is VALID [2022-02-20 17:57:11,087 INFO L272 TraceCheckUtils]: 164: Hoare triple {25159#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {25159#false} is VALID [2022-02-20 17:57:11,087 INFO L290 TraceCheckUtils]: 165: Hoare triple {25159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {25159#false} is VALID [2022-02-20 17:57:11,087 INFO L290 TraceCheckUtils]: 166: Hoare triple {25159#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {25159#false} is VALID [2022-02-20 17:57:11,088 INFO L290 TraceCheckUtils]: 167: Hoare triple {25159#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {25159#false} is VALID [2022-02-20 17:57:11,088 INFO L272 TraceCheckUtils]: 168: Hoare triple {25159#false} call setEmailFrom(~msg#1, ~tmp~8#1); {25269#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:11,088 INFO L290 TraceCheckUtils]: 169: Hoare triple {25269#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,088 INFO L290 TraceCheckUtils]: 170: Hoare triple {25158#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,088 INFO L290 TraceCheckUtils]: 171: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,088 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25158#true} {25159#false} #1656#return; {25159#false} is VALID [2022-02-20 17:57:11,088 INFO L290 TraceCheckUtils]: 173: Hoare triple {25159#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {25159#false} is VALID [2022-02-20 17:57:11,088 INFO L290 TraceCheckUtils]: 174: Hoare triple {25159#false} assume !(-1 == ~mail_is_sensitive~0); {25159#false} is VALID [2022-02-20 17:57:11,088 INFO L272 TraceCheckUtils]: 175: Hoare triple {25159#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {25158#true} is VALID [2022-02-20 17:57:11,088 INFO L290 TraceCheckUtils]: 176: Hoare triple {25158#true} ~handle := #in~handle;havoc ~retValue_acc~16; {25158#true} is VALID [2022-02-20 17:57:11,089 INFO L290 TraceCheckUtils]: 177: Hoare triple {25158#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {25158#true} is VALID [2022-02-20 17:57:11,089 INFO L290 TraceCheckUtils]: 178: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,089 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {25158#true} {25159#false} #1660#return; {25159#false} is VALID [2022-02-20 17:57:11,089 INFO L290 TraceCheckUtils]: 180: Hoare triple {25159#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {25159#false} is VALID [2022-02-20 17:57:11,089 INFO L290 TraceCheckUtils]: 181: Hoare triple {25159#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {25159#false} is VALID [2022-02-20 17:57:11,089 INFO L290 TraceCheckUtils]: 182: Hoare triple {25159#false} assume !false; {25159#false} is VALID [2022-02-20 17:57:11,089 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 17:57:11,090 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:11,090 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1763421665] [2022-02-20 17:57:11,090 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1763421665] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:57:11,090 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [966196772] [2022-02-20 17:57:11,090 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:11,090 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:57:11,090 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:57:11,091 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:57:11,092 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:57:11,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,359 INFO L263 TraceCheckSpWp]: Trace formula consists of 1486 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:57:11,416 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:11,424 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:57:11,745 INFO L290 TraceCheckUtils]: 0: Hoare triple {25158#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {25158#true} is VALID [2022-02-20 17:57:11,745 INFO L290 TraceCheckUtils]: 1: Hoare triple {25158#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L290 TraceCheckUtils]: 2: Hoare triple {25158#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L272 TraceCheckUtils]: 3: Hoare triple {25158#true} call select_features_#t~ret117#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L290 TraceCheckUtils]: 4: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L290 TraceCheckUtils]: 5: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25158#true} {25158#true} #1730#return; {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L290 TraceCheckUtils]: 7: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L272 TraceCheckUtils]: 8: Hoare triple {25158#true} call select_features_#t~ret118#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L290 TraceCheckUtils]: 9: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,746 INFO L290 TraceCheckUtils]: 10: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25158#true} {25158#true} #1732#return; {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L290 TraceCheckUtils]: 12: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L272 TraceCheckUtils]: 13: Hoare triple {25158#true} call select_features_#t~ret119#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L290 TraceCheckUtils]: 14: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L290 TraceCheckUtils]: 15: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25158#true} {25158#true} #1734#return; {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L290 TraceCheckUtils]: 17: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L272 TraceCheckUtils]: 18: Hoare triple {25158#true} call select_features_#t~ret120#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L290 TraceCheckUtils]: 19: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,747 INFO L290 TraceCheckUtils]: 20: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25158#true} {25158#true} #1736#return; {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L290 TraceCheckUtils]: 22: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L272 TraceCheckUtils]: 23: Hoare triple {25158#true} call select_features_#t~ret121#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L290 TraceCheckUtils]: 24: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L290 TraceCheckUtils]: 25: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25158#true} {25158#true} #1738#return; {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L290 TraceCheckUtils]: 27: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L272 TraceCheckUtils]: 28: Hoare triple {25158#true} call select_features_#t~ret122#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L290 TraceCheckUtils]: 29: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,748 INFO L290 TraceCheckUtils]: 30: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25158#true} {25158#true} #1740#return; {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L290 TraceCheckUtils]: 32: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L272 TraceCheckUtils]: 33: Hoare triple {25158#true} call select_features_#t~ret123#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L290 TraceCheckUtils]: 34: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L290 TraceCheckUtils]: 35: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25158#true} {25158#true} #1742#return; {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L290 TraceCheckUtils]: 37: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L272 TraceCheckUtils]: 38: Hoare triple {25158#true} call select_features_#t~ret124#1 := select_one(); {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L290 TraceCheckUtils]: 39: Hoare triple {25158#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {25158#true} is VALID [2022-02-20 17:57:11,749 INFO L290 TraceCheckUtils]: 40: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25158#true} {25158#true} #1744#return; {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L290 TraceCheckUtils]: 42: Hoare triple {25158#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L290 TraceCheckUtils]: 43: Hoare triple {25158#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L290 TraceCheckUtils]: 44: Hoare triple {25158#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L290 TraceCheckUtils]: 45: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L290 TraceCheckUtils]: 46: Hoare triple {25158#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L290 TraceCheckUtils]: 47: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L290 TraceCheckUtils]: 48: Hoare triple {25158#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25158#true} is VALID [2022-02-20 17:57:11,750 INFO L290 TraceCheckUtils]: 49: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 50: Hoare triple {25158#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 51: Hoare triple {25158#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 52: Hoare triple {25158#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 53: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 54: Hoare triple {25158#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 55: Hoare triple {25158#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 56: Hoare triple {25158#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 57: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L272 TraceCheckUtils]: 58: Hoare triple {25158#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25158#true} is VALID [2022-02-20 17:57:11,751 INFO L290 TraceCheckUtils]: 59: Hoare triple {25158#true} ~bob___0 := #in~bob___0; {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L272 TraceCheckUtils]: 60: Hoare triple {25158#true} call setClientId(~bob___0, ~bob___0); {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L290 TraceCheckUtils]: 61: Hoare triple {25158#true} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L290 TraceCheckUtils]: 62: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L290 TraceCheckUtils]: 63: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25158#true} {25158#true} #1728#return; {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L290 TraceCheckUtils]: 65: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25158#true} {25158#true} #1746#return; {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L272 TraceCheckUtils]: 67: Hoare triple {25158#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25158#true} is VALID [2022-02-20 17:57:11,752 INFO L290 TraceCheckUtils]: 68: Hoare triple {25158#true} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L290 TraceCheckUtils]: 69: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L290 TraceCheckUtils]: 70: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25158#true} {25158#true} #1748#return; {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L290 TraceCheckUtils]: 72: Hoare triple {25158#true} assume { :end_inline_setup_bob__role__Keys } true; {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L290 TraceCheckUtils]: 73: Hoare triple {25158#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L290 TraceCheckUtils]: 74: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L272 TraceCheckUtils]: 75: Hoare triple {25158#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L290 TraceCheckUtils]: 76: Hoare triple {25158#true} ~rjh___0 := #in~rjh___0; {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L272 TraceCheckUtils]: 77: Hoare triple {25158#true} call setClientId(~rjh___0, ~rjh___0); {25158#true} is VALID [2022-02-20 17:57:11,753 INFO L290 TraceCheckUtils]: 78: Hoare triple {25158#true} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L290 TraceCheckUtils]: 79: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L290 TraceCheckUtils]: 80: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25158#true} {25158#true} #1680#return; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L290 TraceCheckUtils]: 82: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25158#true} {25158#true} #1752#return; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L272 TraceCheckUtils]: 84: Hoare triple {25158#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L290 TraceCheckUtils]: 85: Hoare triple {25158#true} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L290 TraceCheckUtils]: 86: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L290 TraceCheckUtils]: 87: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,754 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25158#true} {25158#true} #1754#return; {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L290 TraceCheckUtils]: 89: Hoare triple {25158#true} assume { :end_inline_setup_rjh__role__Keys } true; {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L290 TraceCheckUtils]: 90: Hoare triple {25158#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L290 TraceCheckUtils]: 91: Hoare triple {25158#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L272 TraceCheckUtils]: 92: Hoare triple {25158#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L290 TraceCheckUtils]: 93: Hoare triple {25158#true} ~chuck___0 := #in~chuck___0; {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L272 TraceCheckUtils]: 94: Hoare triple {25158#true} call setClientId(~chuck___0, ~chuck___0); {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L290 TraceCheckUtils]: 95: Hoare triple {25158#true} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L290 TraceCheckUtils]: 96: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,755 INFO L290 TraceCheckUtils]: 97: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25158#true} {25158#true} #1622#return; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L290 TraceCheckUtils]: 99: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25158#true} {25158#true} #1758#return; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L272 TraceCheckUtils]: 101: Hoare triple {25158#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L290 TraceCheckUtils]: 102: Hoare triple {25158#true} ~handle := #in~handle;~value := #in~value; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L290 TraceCheckUtils]: 103: Hoare triple {25158#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L290 TraceCheckUtils]: 104: Hoare triple {25158#true} assume true; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25158#true} {25158#true} #1760#return; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L290 TraceCheckUtils]: 106: Hoare triple {25158#true} assume { :end_inline_setup_chuck__role__Keys } true; {25158#true} is VALID [2022-02-20 17:57:11,756 INFO L290 TraceCheckUtils]: 107: Hoare triple {25158#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {25158#true} is VALID [2022-02-20 17:57:11,767 INFO L290 TraceCheckUtils]: 108: Hoare triple {25158#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25598#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:57:11,768 INFO L290 TraceCheckUtils]: 109: Hoare triple {25598#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {25598#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:57:11,768 INFO L290 TraceCheckUtils]: 110: Hoare triple {25598#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25598#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:57:11,768 INFO L290 TraceCheckUtils]: 111: Hoare triple {25598#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25598#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:57:11,768 INFO L290 TraceCheckUtils]: 112: Hoare triple {25598#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {25159#false} is VALID [2022-02-20 17:57:11,768 INFO L290 TraceCheckUtils]: 113: Hoare triple {25159#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet8#1 && test_#t~nondet8#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet8#1;havoc test_#t~nondet8#1; {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L290 TraceCheckUtils]: 114: Hoare triple {25159#false} assume 0 != test_~tmp___8~0#1; {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L290 TraceCheckUtils]: 115: Hoare triple {25159#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L290 TraceCheckUtils]: 116: Hoare triple {25159#false} test_~op2~0#1 := 1; {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L290 TraceCheckUtils]: 117: Hoare triple {25159#false} assume !false; {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L290 TraceCheckUtils]: 118: Hoare triple {25159#false} assume !(test_~splverifierCounter~0#1 < 4); {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L290 TraceCheckUtils]: 119: Hoare triple {25159#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L272 TraceCheckUtils]: 120: Hoare triple {25159#false} call sendEmail(~bob~0, ~rjh~0); {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L290 TraceCheckUtils]: 121: Hoare triple {25159#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25159#false} is VALID [2022-02-20 17:57:11,769 INFO L272 TraceCheckUtils]: 122: Hoare triple {25159#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L290 TraceCheckUtils]: 123: Hoare triple {25159#false} ~handle := #in~handle;~value := #in~value; {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L290 TraceCheckUtils]: 124: Hoare triple {25159#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L290 TraceCheckUtils]: 125: Hoare triple {25159#false} assume true; {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25159#false} {25159#false} #1644#return; {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L272 TraceCheckUtils]: 127: Hoare triple {25159#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L290 TraceCheckUtils]: 128: Hoare triple {25159#false} ~handle := #in~handle;~value := #in~value; {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L290 TraceCheckUtils]: 129: Hoare triple {25159#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L290 TraceCheckUtils]: 130: Hoare triple {25159#false} assume true; {25159#false} is VALID [2022-02-20 17:57:11,770 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25159#false} {25159#false} #1646#return; {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L290 TraceCheckUtils]: 132: Hoare triple {25159#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L290 TraceCheckUtils]: 133: Hoare triple {25159#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L272 TraceCheckUtils]: 134: Hoare triple {25159#false} call outgoing(~sender#1, ~email~0#1); {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L290 TraceCheckUtils]: 135: Hoare triple {25159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L290 TraceCheckUtils]: 136: Hoare triple {25159#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L272 TraceCheckUtils]: 137: Hoare triple {25159#false} call outgoing__before__Sign(~client#1, ~msg#1); {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L290 TraceCheckUtils]: 138: Hoare triple {25159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L290 TraceCheckUtils]: 139: Hoare triple {25159#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret45#1, outgoing__role__AddressBook_#t~ret46#1, outgoing__role__AddressBook_#t~ret47#1, outgoing__role__AddressBook_#t~ret48#1, outgoing__role__AddressBook_#t~ret49#1, outgoing__role__AddressBook_#t~ret50#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~0#1, outgoing__role__AddressBook_~tmp~10#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~0#1;havoc outgoing__role__AddressBook_~tmp~10#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L272 TraceCheckUtils]: 140: Hoare triple {25159#false} call outgoing__role__AddressBook_#t~ret45#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {25159#false} is VALID [2022-02-20 17:57:11,771 INFO L290 TraceCheckUtils]: 141: Hoare triple {25159#false} ~handle := #in~handle;havoc ~retValue_acc~28; {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L290 TraceCheckUtils]: 142: Hoare triple {25159#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~28; {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L290 TraceCheckUtils]: 143: Hoare triple {25159#false} assume true; {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {25159#false} {25159#false} #1624#return; {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L290 TraceCheckUtils]: 145: Hoare triple {25159#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret45#1 && outgoing__role__AddressBook_#t~ret45#1 <= 2147483647;outgoing__role__AddressBook_~tmp~10#1 := outgoing__role__AddressBook_#t~ret45#1;havoc outgoing__role__AddressBook_#t~ret45#1;outgoing__role__AddressBook_~size~0#1 := outgoing__role__AddressBook_~tmp~10#1; {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L290 TraceCheckUtils]: 146: Hoare triple {25159#false} assume !(0 != outgoing__role__AddressBook_~size~0#1); {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L272 TraceCheckUtils]: 147: Hoare triple {25159#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L290 TraceCheckUtils]: 148: Hoare triple {25159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L290 TraceCheckUtils]: 149: Hoare triple {25159#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {25159#false} is VALID [2022-02-20 17:57:11,772 INFO L272 TraceCheckUtils]: 150: Hoare triple {25159#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L290 TraceCheckUtils]: 151: Hoare triple {25159#false} ~handle := #in~handle;havoc ~retValue_acc~13; {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L290 TraceCheckUtils]: 152: Hoare triple {25159#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L290 TraceCheckUtils]: 153: Hoare triple {25159#false} assume true; {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25159#false} {25159#false} #1610#return; {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L290 TraceCheckUtils]: 155: Hoare triple {25159#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L272 TraceCheckUtils]: 156: Hoare triple {25159#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L290 TraceCheckUtils]: 157: Hoare triple {25159#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L290 TraceCheckUtils]: 158: Hoare triple {25159#false} assume 1 == ~handle; {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L290 TraceCheckUtils]: 159: Hoare triple {25159#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {25159#false} is VALID [2022-02-20 17:57:11,773 INFO L290 TraceCheckUtils]: 160: Hoare triple {25159#false} assume true; {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {25159#false} {25159#false} #1612#return; {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L290 TraceCheckUtils]: 162: Hoare triple {25159#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L290 TraceCheckUtils]: 163: Hoare triple {25159#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L272 TraceCheckUtils]: 164: Hoare triple {25159#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L290 TraceCheckUtils]: 165: Hoare triple {25159#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L290 TraceCheckUtils]: 166: Hoare triple {25159#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L290 TraceCheckUtils]: 167: Hoare triple {25159#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L272 TraceCheckUtils]: 168: Hoare triple {25159#false} call setEmailFrom(~msg#1, ~tmp~8#1); {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L290 TraceCheckUtils]: 169: Hoare triple {25159#false} ~handle := #in~handle;~value := #in~value; {25159#false} is VALID [2022-02-20 17:57:11,774 INFO L290 TraceCheckUtils]: 170: Hoare triple {25159#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25159#false} is VALID [2022-02-20 17:57:11,775 INFO L290 TraceCheckUtils]: 171: Hoare triple {25159#false} assume true; {25159#false} is VALID [2022-02-20 17:57:11,775 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25159#false} {25159#false} #1656#return; {25159#false} is VALID [2022-02-20 17:57:11,775 INFO L290 TraceCheckUtils]: 173: Hoare triple {25159#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {25159#false} is VALID [2022-02-20 17:57:11,775 INFO L290 TraceCheckUtils]: 174: Hoare triple {25159#false} assume !(-1 == ~mail_is_sensitive~0); {25159#false} is VALID [2022-02-20 17:57:11,775 INFO L272 TraceCheckUtils]: 175: Hoare triple {25159#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {25159#false} is VALID [2022-02-20 17:57:11,775 INFO L290 TraceCheckUtils]: 176: Hoare triple {25159#false} ~handle := #in~handle;havoc ~retValue_acc~16; {25159#false} is VALID [2022-02-20 17:57:11,776 INFO L290 TraceCheckUtils]: 177: Hoare triple {25159#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {25159#false} is VALID [2022-02-20 17:57:11,776 INFO L290 TraceCheckUtils]: 178: Hoare triple {25159#false} assume true; {25159#false} is VALID [2022-02-20 17:57:11,776 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {25159#false} {25159#false} #1660#return; {25159#false} is VALID [2022-02-20 17:57:11,776 INFO L290 TraceCheckUtils]: 180: Hoare triple {25159#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {25159#false} is VALID [2022-02-20 17:57:11,776 INFO L290 TraceCheckUtils]: 181: Hoare triple {25159#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {25159#false} is VALID [2022-02-20 17:57:11,776 INFO L290 TraceCheckUtils]: 182: Hoare triple {25159#false} assume !false; {25159#false} is VALID [2022-02-20 17:57:11,776 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 17:57:11,777 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:57:11,777 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [966196772] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:11,777 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:57:11,777 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 17:57:11,777 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [863122099] [2022-02-20 17:57:11,777 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:11,778 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 183 [2022-02-20 17:57:11,778 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:11,778 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:57:11,866 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 154 edges. 154 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:11,866 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:57:11,866 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:11,867 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:57:11,867 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:57:11,867 INFO L87 Difference]: Start difference. First operand 593 states and 851 transitions. Second operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:57:12,424 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:12,424 INFO L93 Difference]: Finished difference Result 1206 states and 1763 transitions. [2022-02-20 17:57:12,424 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:57:12,424 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 183 [2022-02-20 17:57:12,426 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:12,426 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:57:12,445 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1759 transitions. [2022-02-20 17:57:12,445 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:57:12,465 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1759 transitions. [2022-02-20 17:57:12,465 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1759 transitions. [2022-02-20 17:57:13,397 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1759 edges. 1759 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:13,419 INFO L225 Difference]: With dead ends: 1206 [2022-02-20 17:57:13,419 INFO L226 Difference]: Without dead ends: 691 [2022-02-20 17:57:13,420 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 236 GetRequests, 225 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:57:13,421 INFO L933 BasicCegarLoop]: 872 mSDtfsCounter, 165 mSDsluCounter, 799 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1671 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:13,421 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 1671 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:57:13,422 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 691 states. [2022-02-20 17:57:13,439 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 691 to 683. [2022-02-20 17:57:13,439 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:13,440 INFO L82 GeneralOperation]: Start isEquivalent. First operand 691 states. Second operand has 683 states, 521 states have (on average 1.4664107485604607) internal successors, (764), 532 states have internal predecessors, (764), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 17:57:13,441 INFO L74 IsIncluded]: Start isIncluded. First operand 691 states. Second operand has 683 states, 521 states have (on average 1.4664107485604607) internal successors, (764), 532 states have internal predecessors, (764), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 17:57:13,441 INFO L87 Difference]: Start difference. First operand 691 states. Second operand has 683 states, 521 states have (on average 1.4664107485604607) internal successors, (764), 532 states have internal predecessors, (764), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 17:57:13,458 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:13,459 INFO L93 Difference]: Finished difference Result 691 states and 1006 transitions. [2022-02-20 17:57:13,459 INFO L276 IsEmpty]: Start isEmpty. Operand 691 states and 1006 transitions. [2022-02-20 17:57:13,460 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:13,460 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:13,461 INFO L74 IsIncluded]: Start isIncluded. First operand has 683 states, 521 states have (on average 1.4664107485604607) internal successors, (764), 532 states have internal predecessors, (764), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) Second operand 691 states. [2022-02-20 17:57:13,462 INFO L87 Difference]: Start difference. First operand has 683 states, 521 states have (on average 1.4664107485604607) internal successors, (764), 532 states have internal predecessors, (764), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) Second operand 691 states. [2022-02-20 17:57:13,479 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:13,479 INFO L93 Difference]: Finished difference Result 691 states and 1006 transitions. [2022-02-20 17:57:13,479 INFO L276 IsEmpty]: Start isEmpty. Operand 691 states and 1006 transitions. [2022-02-20 17:57:13,481 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:13,481 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:13,481 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:13,481 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:13,482 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 683 states, 521 states have (on average 1.4664107485604607) internal successors, (764), 532 states have internal predecessors, (764), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 17:57:13,506 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 683 states to 683 states and 997 transitions. [2022-02-20 17:57:13,506 INFO L78 Accepts]: Start accepts. Automaton has 683 states and 997 transitions. Word has length 183 [2022-02-20 17:57:13,506 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:13,506 INFO L470 AbstractCegarLoop]: Abstraction has 683 states and 997 transitions. [2022-02-20 17:57:13,506 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:57:13,507 INFO L276 IsEmpty]: Start isEmpty. Operand 683 states and 997 transitions. [2022-02-20 17:57:13,509 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 178 [2022-02-20 17:57:13,509 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:13,509 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:13,547 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:57:13,723 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2022-02-20 17:57:13,724 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:13,724 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:13,724 INFO L85 PathProgramCache]: Analyzing trace with hash -2019074569, now seen corresponding path program 1 times [2022-02-20 17:57:13,724 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:13,724 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [227218082] [2022-02-20 17:57:13,724 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:13,725 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:13,787 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:13,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,840 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29801#true} {29801#true} #1730#return; {29801#true} is VALID [2022-02-20 17:57:13,840 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:13,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,843 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29801#true} {29801#true} #1732#return; {29801#true} is VALID [2022-02-20 17:57:13,843 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:13,844 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,845 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,845 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,845 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29801#true} {29801#true} #1734#return; {29801#true} is VALID [2022-02-20 17:57:13,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:13,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,848 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29801#true} {29801#true} #1736#return; {29801#true} is VALID [2022-02-20 17:57:13,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:13,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,851 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29801#true} {29801#true} #1738#return; {29801#true} is VALID [2022-02-20 17:57:13,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:13,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,854 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29801#true} {29801#true} #1740#return; {29801#true} is VALID [2022-02-20 17:57:13,854 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:13,855 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,857 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,857 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,857 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29801#true} {29801#true} #1742#return; {29801#true} is VALID [2022-02-20 17:57:13,857 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:13,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,876 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,876 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,876 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29801#true} {29801#true} #1744#return; {29801#true} is VALID [2022-02-20 17:57:13,880 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:57:13,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:13,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,884 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,884 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29801#true} #1728#return; {29801#true} is VALID [2022-02-20 17:57:13,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {29801#true} is VALID [2022-02-20 17:57:13,885 INFO L272 TraceCheckUtils]: 1: Hoare triple {29801#true} call setClientId(~bob___0, ~bob___0); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,885 INFO L290 TraceCheckUtils]: 2: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,885 INFO L290 TraceCheckUtils]: 3: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,885 INFO L290 TraceCheckUtils]: 4: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,885 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29801#true} {29801#true} #1728#return; {29801#true} is VALID [2022-02-20 17:57:13,885 INFO L290 TraceCheckUtils]: 6: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,885 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29801#true} {29801#true} #1746#return; {29801#true} is VALID [2022-02-20 17:57:13,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:57:13,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,892 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,892 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,892 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,892 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29801#true} #1748#return; {29801#true} is VALID [2022-02-20 17:57:13,892 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:57:13,895 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:13,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,919 INFO L290 TraceCheckUtils]: 0: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29902#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:13,919 INFO L290 TraceCheckUtils]: 1: Hoare triple {29902#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29903#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:13,919 INFO L290 TraceCheckUtils]: 2: Hoare triple {29903#(= |setClientId_#in~handle| 1)} assume true; {29903#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:13,920 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29903#(= |setClientId_#in~handle| 1)} {29896#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:13,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {29896#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:13,921 INFO L272 TraceCheckUtils]: 1: Hoare triple {29896#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29902#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:13,921 INFO L290 TraceCheckUtils]: 3: Hoare triple {29902#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29903#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:13,921 INFO L290 TraceCheckUtils]: 4: Hoare triple {29903#(= |setClientId_#in~handle| 1)} assume true; {29903#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:13,922 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29903#(= |setClientId_#in~handle| 1)} {29896#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:13,922 INFO L290 TraceCheckUtils]: 6: Hoare triple {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:13,922 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {29840#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1752#return; {29802#false} is VALID [2022-02-20 17:57:13,923 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:57:13,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,925 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,925 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29802#false} #1754#return; {29802#false} is VALID [2022-02-20 17:57:13,925 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:57:13,927 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,936 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:13,937 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,938 INFO L290 TraceCheckUtils]: 0: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,939 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,939 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,939 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29801#true} #1622#return; {29801#true} is VALID [2022-02-20 17:57:13,939 INFO L290 TraceCheckUtils]: 0: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {29801#true} is VALID [2022-02-20 17:57:13,940 INFO L272 TraceCheckUtils]: 1: Hoare triple {29801#true} call setClientId(~chuck___0, ~chuck___0); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,940 INFO L290 TraceCheckUtils]: 2: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,940 INFO L290 TraceCheckUtils]: 3: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,940 INFO L290 TraceCheckUtils]: 4: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,940 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29801#true} {29801#true} #1622#return; {29801#true} is VALID [2022-02-20 17:57:13,940 INFO L290 TraceCheckUtils]: 6: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,940 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29801#true} {29802#false} #1758#return; {29802#false} is VALID [2022-02-20 17:57:13,940 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:57:13,942 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,943 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,943 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,943 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,943 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29802#false} #1760#return; {29802#false} is VALID [2022-02-20 17:57:13,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:57:13,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {29908#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,954 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29802#false} #1644#return; {29802#false} is VALID [2022-02-20 17:57:13,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:57:13,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,964 INFO L290 TraceCheckUtils]: 0: Hoare triple {29909#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,964 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,964 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29802#false} #1646#return; {29802#false} is VALID [2022-02-20 17:57:13,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 17:57:13,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} ~handle := #in~handle;havoc ~retValue_acc~13; {29801#true} is VALID [2022-02-20 17:57:13,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {29801#true} is VALID [2022-02-20 17:57:13,968 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,968 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29802#false} #1610#return; {29802#false} is VALID [2022-02-20 17:57:13,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 17:57:13,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {29801#true} is VALID [2022-02-20 17:57:13,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle; {29801#true} is VALID [2022-02-20 17:57:13,970 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {29801#true} is VALID [2022-02-20 17:57:13,970 INFO L290 TraceCheckUtils]: 3: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,970 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29801#true} {29802#false} #1612#return; {29802#false} is VALID [2022-02-20 17:57:13,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-02-20 17:57:13,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {29908#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,972 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,972 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29802#false} #1656#return; {29802#false} is VALID [2022-02-20 17:57:13,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-02-20 17:57:13,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:13,974 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} ~handle := #in~handle;havoc ~retValue_acc~16; {29801#true} is VALID [2022-02-20 17:57:13,974 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {29801#true} is VALID [2022-02-20 17:57:13,974 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,974 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29801#true} {29802#false} #1660#return; {29802#false} is VALID [2022-02-20 17:57:13,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {29801#true} is VALID [2022-02-20 17:57:13,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {29801#true} is VALID [2022-02-20 17:57:13,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {29801#true} is VALID [2022-02-20 17:57:13,975 INFO L272 TraceCheckUtils]: 3: Hoare triple {29801#true} call select_features_#t~ret117#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:13,975 INFO L290 TraceCheckUtils]: 4: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,975 INFO L290 TraceCheckUtils]: 5: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,975 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {29801#true} {29801#true} #1730#return; {29801#true} is VALID [2022-02-20 17:57:13,975 INFO L290 TraceCheckUtils]: 7: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {29801#true} is VALID [2022-02-20 17:57:13,975 INFO L272 TraceCheckUtils]: 8: Hoare triple {29801#true} call select_features_#t~ret118#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L290 TraceCheckUtils]: 9: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L290 TraceCheckUtils]: 10: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {29801#true} {29801#true} #1732#return; {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L290 TraceCheckUtils]: 12: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L272 TraceCheckUtils]: 13: Hoare triple {29801#true} call select_features_#t~ret119#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L290 TraceCheckUtils]: 14: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L290 TraceCheckUtils]: 15: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29801#true} {29801#true} #1734#return; {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L290 TraceCheckUtils]: 17: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {29801#true} is VALID [2022-02-20 17:57:13,976 INFO L272 TraceCheckUtils]: 18: Hoare triple {29801#true} call select_features_#t~ret120#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L290 TraceCheckUtils]: 19: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L290 TraceCheckUtils]: 20: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {29801#true} {29801#true} #1736#return; {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L290 TraceCheckUtils]: 22: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L272 TraceCheckUtils]: 23: Hoare triple {29801#true} call select_features_#t~ret121#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L290 TraceCheckUtils]: 24: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L290 TraceCheckUtils]: 25: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {29801#true} {29801#true} #1738#return; {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L290 TraceCheckUtils]: 27: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {29801#true} is VALID [2022-02-20 17:57:13,977 INFO L272 TraceCheckUtils]: 28: Hoare triple {29801#true} call select_features_#t~ret122#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L290 TraceCheckUtils]: 29: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L290 TraceCheckUtils]: 30: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {29801#true} {29801#true} #1740#return; {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L290 TraceCheckUtils]: 32: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L272 TraceCheckUtils]: 33: Hoare triple {29801#true} call select_features_#t~ret123#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L290 TraceCheckUtils]: 34: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L290 TraceCheckUtils]: 35: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {29801#true} {29801#true} #1742#return; {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L290 TraceCheckUtils]: 37: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L272 TraceCheckUtils]: 38: Hoare triple {29801#true} call select_features_#t~ret124#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:13,978 INFO L290 TraceCheckUtils]: 39: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L290 TraceCheckUtils]: 40: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {29801#true} {29801#true} #1744#return; {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L290 TraceCheckUtils]: 42: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L290 TraceCheckUtils]: 43: Hoare triple {29801#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L290 TraceCheckUtils]: 44: Hoare triple {29801#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L290 TraceCheckUtils]: 45: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L290 TraceCheckUtils]: 46: Hoare triple {29801#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L290 TraceCheckUtils]: 47: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {29801#true} is VALID [2022-02-20 17:57:13,979 INFO L290 TraceCheckUtils]: 48: Hoare triple {29801#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 49: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 50: Hoare triple {29801#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 51: Hoare triple {29801#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 52: Hoare triple {29801#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 53: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 54: Hoare triple {29801#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 55: Hoare triple {29801#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 56: Hoare triple {29801#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {29801#true} is VALID [2022-02-20 17:57:13,980 INFO L290 TraceCheckUtils]: 57: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {29801#true} is VALID [2022-02-20 17:57:13,981 INFO L272 TraceCheckUtils]: 58: Hoare triple {29801#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,981 INFO L290 TraceCheckUtils]: 59: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {29801#true} is VALID [2022-02-20 17:57:13,982 INFO L272 TraceCheckUtils]: 60: Hoare triple {29801#true} call setClientId(~bob___0, ~bob___0); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,982 INFO L290 TraceCheckUtils]: 61: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,982 INFO L290 TraceCheckUtils]: 62: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,982 INFO L290 TraceCheckUtils]: 63: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,982 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {29801#true} {29801#true} #1728#return; {29801#true} is VALID [2022-02-20 17:57:13,982 INFO L290 TraceCheckUtils]: 65: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,982 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {29801#true} {29801#true} #1746#return; {29801#true} is VALID [2022-02-20 17:57:13,983 INFO L272 TraceCheckUtils]: 67: Hoare triple {29801#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:13,983 INFO L290 TraceCheckUtils]: 68: Hoare triple {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,983 INFO L290 TraceCheckUtils]: 69: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,983 INFO L290 TraceCheckUtils]: 70: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,983 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29801#true} {29801#true} #1748#return; {29801#true} is VALID [2022-02-20 17:57:13,983 INFO L290 TraceCheckUtils]: 72: Hoare triple {29801#true} assume { :end_inline_setup_bob__role__Keys } true; {29801#true} is VALID [2022-02-20 17:57:13,984 INFO L290 TraceCheckUtils]: 73: Hoare triple {29801#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {29839#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:57:13,984 INFO L290 TraceCheckUtils]: 74: Hoare triple {29839#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {29840#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:57:13,985 INFO L272 TraceCheckUtils]: 75: Hoare triple {29840#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,985 INFO L290 TraceCheckUtils]: 76: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {29896#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:13,986 INFO L272 TraceCheckUtils]: 77: Hoare triple {29896#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,986 INFO L290 TraceCheckUtils]: 78: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29902#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:13,986 INFO L290 TraceCheckUtils]: 79: Hoare triple {29902#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29903#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:13,987 INFO L290 TraceCheckUtils]: 80: Hoare triple {29903#(= |setClientId_#in~handle| 1)} assume true; {29903#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:13,987 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {29903#(= |setClientId_#in~handle| 1)} {29896#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:13,987 INFO L290 TraceCheckUtils]: 82: Hoare triple {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:13,988 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {29901#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {29840#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1752#return; {29802#false} is VALID [2022-02-20 17:57:13,988 INFO L272 TraceCheckUtils]: 84: Hoare triple {29802#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:13,988 INFO L290 TraceCheckUtils]: 85: Hoare triple {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,988 INFO L290 TraceCheckUtils]: 86: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,988 INFO L290 TraceCheckUtils]: 87: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,988 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {29801#true} {29802#false} #1754#return; {29802#false} is VALID [2022-02-20 17:57:13,988 INFO L290 TraceCheckUtils]: 89: Hoare triple {29802#false} assume { :end_inline_setup_rjh__role__Keys } true; {29802#false} is VALID [2022-02-20 17:57:13,988 INFO L290 TraceCheckUtils]: 90: Hoare triple {29802#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {29802#false} is VALID [2022-02-20 17:57:13,989 INFO L290 TraceCheckUtils]: 91: Hoare triple {29802#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {29802#false} is VALID [2022-02-20 17:57:13,989 INFO L272 TraceCheckUtils]: 92: Hoare triple {29802#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,989 INFO L290 TraceCheckUtils]: 93: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {29801#true} is VALID [2022-02-20 17:57:13,989 INFO L272 TraceCheckUtils]: 94: Hoare triple {29801#true} call setClientId(~chuck___0, ~chuck___0); {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:13,989 INFO L290 TraceCheckUtils]: 95: Hoare triple {29890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,989 INFO L290 TraceCheckUtils]: 96: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,990 INFO L290 TraceCheckUtils]: 97: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,990 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {29801#true} {29801#true} #1622#return; {29801#true} is VALID [2022-02-20 17:57:13,990 INFO L290 TraceCheckUtils]: 99: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,990 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29801#true} {29802#false} #1758#return; {29802#false} is VALID [2022-02-20 17:57:13,990 INFO L272 TraceCheckUtils]: 101: Hoare triple {29802#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:13,990 INFO L290 TraceCheckUtils]: 102: Hoare triple {29895#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,990 INFO L290 TraceCheckUtils]: 103: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,990 INFO L290 TraceCheckUtils]: 104: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,990 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {29801#true} {29802#false} #1760#return; {29802#false} is VALID [2022-02-20 17:57:13,991 INFO L290 TraceCheckUtils]: 106: Hoare triple {29802#false} assume { :end_inline_setup_chuck__role__Keys } true; {29802#false} is VALID [2022-02-20 17:57:13,991 INFO L290 TraceCheckUtils]: 107: Hoare triple {29802#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {29802#false} is VALID [2022-02-20 17:57:13,991 INFO L290 TraceCheckUtils]: 108: Hoare triple {29802#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29802#false} is VALID [2022-02-20 17:57:13,991 INFO L290 TraceCheckUtils]: 109: Hoare triple {29802#false} assume !false; {29802#false} is VALID [2022-02-20 17:57:13,991 INFO L290 TraceCheckUtils]: 110: Hoare triple {29802#false} assume test_~splverifierCounter~0#1 < 4; {29802#false} is VALID [2022-02-20 17:57:13,991 INFO L290 TraceCheckUtils]: 111: Hoare triple {29802#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29802#false} is VALID [2022-02-20 17:57:13,991 INFO L290 TraceCheckUtils]: 112: Hoare triple {29802#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {29802#false} is VALID [2022-02-20 17:57:13,992 INFO L290 TraceCheckUtils]: 113: Hoare triple {29802#false} assume !(0 != test_~tmp___9~0#1); {29802#false} is VALID [2022-02-20 17:57:13,992 INFO L290 TraceCheckUtils]: 114: Hoare triple {29802#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet8#1 && test_#t~nondet8#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet8#1;havoc test_#t~nondet8#1; {29802#false} is VALID [2022-02-20 17:57:13,992 INFO L290 TraceCheckUtils]: 115: Hoare triple {29802#false} assume 0 != test_~tmp___8~0#1; {29802#false} is VALID [2022-02-20 17:57:13,992 INFO L290 TraceCheckUtils]: 116: Hoare triple {29802#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {29802#false} is VALID [2022-02-20 17:57:13,992 INFO L290 TraceCheckUtils]: 117: Hoare triple {29802#false} test_~op2~0#1 := 1; {29802#false} is VALID [2022-02-20 17:57:13,993 INFO L290 TraceCheckUtils]: 118: Hoare triple {29802#false} assume !false; {29802#false} is VALID [2022-02-20 17:57:13,993 INFO L290 TraceCheckUtils]: 119: Hoare triple {29802#false} assume !(test_~splverifierCounter~0#1 < 4); {29802#false} is VALID [2022-02-20 17:57:13,993 INFO L290 TraceCheckUtils]: 120: Hoare triple {29802#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {29802#false} is VALID [2022-02-20 17:57:13,993 INFO L272 TraceCheckUtils]: 121: Hoare triple {29802#false} call sendEmail(~bob~0, ~rjh~0); {29802#false} is VALID [2022-02-20 17:57:13,993 INFO L290 TraceCheckUtils]: 122: Hoare triple {29802#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29802#false} is VALID [2022-02-20 17:57:13,993 INFO L272 TraceCheckUtils]: 123: Hoare triple {29802#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29908#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:13,993 INFO L290 TraceCheckUtils]: 124: Hoare triple {29908#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,993 INFO L290 TraceCheckUtils]: 125: Hoare triple {29801#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,993 INFO L290 TraceCheckUtils]: 126: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,993 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {29801#true} {29802#false} #1644#return; {29802#false} is VALID [2022-02-20 17:57:13,994 INFO L272 TraceCheckUtils]: 128: Hoare triple {29802#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29909#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:13,994 INFO L290 TraceCheckUtils]: 129: Hoare triple {29909#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,994 INFO L290 TraceCheckUtils]: 130: Hoare triple {29801#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,994 INFO L290 TraceCheckUtils]: 131: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,994 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {29801#true} {29802#false} #1646#return; {29802#false} is VALID [2022-02-20 17:57:13,994 INFO L290 TraceCheckUtils]: 133: Hoare triple {29802#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {29802#false} is VALID [2022-02-20 17:57:13,994 INFO L290 TraceCheckUtils]: 134: Hoare triple {29802#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {29802#false} is VALID [2022-02-20 17:57:13,994 INFO L272 TraceCheckUtils]: 135: Hoare triple {29802#false} call outgoing(~sender#1, ~email~0#1); {29802#false} is VALID [2022-02-20 17:57:13,994 INFO L290 TraceCheckUtils]: 136: Hoare triple {29802#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29802#false} is VALID [2022-02-20 17:57:13,994 INFO L290 TraceCheckUtils]: 137: Hoare triple {29802#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {29802#false} is VALID [2022-02-20 17:57:13,995 INFO L272 TraceCheckUtils]: 138: Hoare triple {29802#false} call outgoing__before__Sign(~client#1, ~msg#1); {29802#false} is VALID [2022-02-20 17:57:13,995 INFO L290 TraceCheckUtils]: 139: Hoare triple {29802#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29802#false} is VALID [2022-02-20 17:57:13,995 INFO L290 TraceCheckUtils]: 140: Hoare triple {29802#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {29802#false} is VALID [2022-02-20 17:57:13,995 INFO L272 TraceCheckUtils]: 141: Hoare triple {29802#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {29802#false} is VALID [2022-02-20 17:57:13,995 INFO L290 TraceCheckUtils]: 142: Hoare triple {29802#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29802#false} is VALID [2022-02-20 17:57:13,995 INFO L290 TraceCheckUtils]: 143: Hoare triple {29802#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {29802#false} is VALID [2022-02-20 17:57:13,995 INFO L272 TraceCheckUtils]: 144: Hoare triple {29802#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {29801#true} is VALID [2022-02-20 17:57:13,995 INFO L290 TraceCheckUtils]: 145: Hoare triple {29801#true} ~handle := #in~handle;havoc ~retValue_acc~13; {29801#true} is VALID [2022-02-20 17:57:13,995 INFO L290 TraceCheckUtils]: 146: Hoare triple {29801#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {29801#true} is VALID [2022-02-20 17:57:13,996 INFO L290 TraceCheckUtils]: 147: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,996 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {29801#true} {29802#false} #1610#return; {29802#false} is VALID [2022-02-20 17:57:13,996 INFO L290 TraceCheckUtils]: 149: Hoare triple {29802#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {29802#false} is VALID [2022-02-20 17:57:13,996 INFO L272 TraceCheckUtils]: 150: Hoare triple {29802#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {29801#true} is VALID [2022-02-20 17:57:13,996 INFO L290 TraceCheckUtils]: 151: Hoare triple {29801#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {29801#true} is VALID [2022-02-20 17:57:13,996 INFO L290 TraceCheckUtils]: 152: Hoare triple {29801#true} assume 1 == ~handle; {29801#true} is VALID [2022-02-20 17:57:13,996 INFO L290 TraceCheckUtils]: 153: Hoare triple {29801#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {29801#true} is VALID [2022-02-20 17:57:13,996 INFO L290 TraceCheckUtils]: 154: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,996 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {29801#true} {29802#false} #1612#return; {29802#false} is VALID [2022-02-20 17:57:13,996 INFO L290 TraceCheckUtils]: 156: Hoare triple {29802#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {29802#false} is VALID [2022-02-20 17:57:13,997 INFO L290 TraceCheckUtils]: 157: Hoare triple {29802#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {29802#false} is VALID [2022-02-20 17:57:13,997 INFO L272 TraceCheckUtils]: 158: Hoare triple {29802#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {29802#false} is VALID [2022-02-20 17:57:13,997 INFO L290 TraceCheckUtils]: 159: Hoare triple {29802#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {29802#false} is VALID [2022-02-20 17:57:13,997 INFO L290 TraceCheckUtils]: 160: Hoare triple {29802#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {29802#false} is VALID [2022-02-20 17:57:13,997 INFO L290 TraceCheckUtils]: 161: Hoare triple {29802#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {29802#false} is VALID [2022-02-20 17:57:13,997 INFO L272 TraceCheckUtils]: 162: Hoare triple {29802#false} call setEmailFrom(~msg#1, ~tmp~8#1); {29908#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:13,997 INFO L290 TraceCheckUtils]: 163: Hoare triple {29908#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:13,997 INFO L290 TraceCheckUtils]: 164: Hoare triple {29801#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:13,997 INFO L290 TraceCheckUtils]: 165: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,998 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {29801#true} {29802#false} #1656#return; {29802#false} is VALID [2022-02-20 17:57:13,998 INFO L290 TraceCheckUtils]: 167: Hoare triple {29802#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {29802#false} is VALID [2022-02-20 17:57:13,998 INFO L290 TraceCheckUtils]: 168: Hoare triple {29802#false} assume !(-1 == ~mail_is_sensitive~0); {29802#false} is VALID [2022-02-20 17:57:13,998 INFO L272 TraceCheckUtils]: 169: Hoare triple {29802#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {29801#true} is VALID [2022-02-20 17:57:13,998 INFO L290 TraceCheckUtils]: 170: Hoare triple {29801#true} ~handle := #in~handle;havoc ~retValue_acc~16; {29801#true} is VALID [2022-02-20 17:57:13,998 INFO L290 TraceCheckUtils]: 171: Hoare triple {29801#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {29801#true} is VALID [2022-02-20 17:57:13,998 INFO L290 TraceCheckUtils]: 172: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:13,998 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {29801#true} {29802#false} #1660#return; {29802#false} is VALID [2022-02-20 17:57:13,998 INFO L290 TraceCheckUtils]: 174: Hoare triple {29802#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {29802#false} is VALID [2022-02-20 17:57:13,999 INFO L290 TraceCheckUtils]: 175: Hoare triple {29802#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {29802#false} is VALID [2022-02-20 17:57:13,999 INFO L290 TraceCheckUtils]: 176: Hoare triple {29802#false} assume !false; {29802#false} is VALID [2022-02-20 17:57:14,000 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 17:57:14,000 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:14,000 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [227218082] [2022-02-20 17:57:14,000 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [227218082] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:57:14,000 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1849093778] [2022-02-20 17:57:14,000 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:14,000 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:57:14,000 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:57:14,001 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:57:14,060 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:57:14,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:14,302 INFO L263 TraceCheckSpWp]: Trace formula consists of 1463 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 17:57:14,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:14,360 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:57:14,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {29801#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {29801#true} is VALID [2022-02-20 17:57:14,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {29801#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {29801#true} is VALID [2022-02-20 17:57:14,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {29801#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {29801#true} is VALID [2022-02-20 17:57:14,705 INFO L272 TraceCheckUtils]: 3: Hoare triple {29801#true} call select_features_#t~ret117#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:14,705 INFO L290 TraceCheckUtils]: 4: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:14,705 INFO L290 TraceCheckUtils]: 5: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,705 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {29801#true} {29801#true} #1730#return; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 7: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L272 TraceCheckUtils]: 8: Hoare triple {29801#true} call select_features_#t~ret118#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 9: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 10: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {29801#true} {29801#true} #1732#return; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 12: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L272 TraceCheckUtils]: 13: Hoare triple {29801#true} call select_features_#t~ret119#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 14: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 15: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29801#true} {29801#true} #1734#return; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 17: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L272 TraceCheckUtils]: 18: Hoare triple {29801#true} call select_features_#t~ret120#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 19: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 20: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {29801#true} {29801#true} #1736#return; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 22: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L272 TraceCheckUtils]: 23: Hoare triple {29801#true} call select_features_#t~ret121#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 24: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 25: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {29801#true} {29801#true} #1738#return; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L290 TraceCheckUtils]: 27: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {29801#true} is VALID [2022-02-20 17:57:14,706 INFO L272 TraceCheckUtils]: 28: Hoare triple {29801#true} call select_features_#t~ret122#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 29: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 30: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {29801#true} {29801#true} #1740#return; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 32: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L272 TraceCheckUtils]: 33: Hoare triple {29801#true} call select_features_#t~ret123#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 34: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 35: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {29801#true} {29801#true} #1742#return; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 37: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L272 TraceCheckUtils]: 38: Hoare triple {29801#true} call select_features_#t~ret124#1 := select_one(); {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 39: Hoare triple {29801#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 40: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {29801#true} {29801#true} #1744#return; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 42: Hoare triple {29801#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 43: Hoare triple {29801#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 44: Hoare triple {29801#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 45: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 46: Hoare triple {29801#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 47: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 48: Hoare triple {29801#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 49: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 50: Hoare triple {29801#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 51: Hoare triple {29801#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {29801#true} is VALID [2022-02-20 17:57:14,707 INFO L290 TraceCheckUtils]: 52: Hoare triple {29801#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 53: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 54: Hoare triple {29801#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 55: Hoare triple {29801#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 56: Hoare triple {29801#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 57: Hoare triple {29801#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L272 TraceCheckUtils]: 58: Hoare triple {29801#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 59: Hoare triple {29801#true} ~bob___0 := #in~bob___0; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L272 TraceCheckUtils]: 60: Hoare triple {29801#true} call setClientId(~bob___0, ~bob___0); {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 61: Hoare triple {29801#true} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 62: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 63: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {29801#true} {29801#true} #1728#return; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 65: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {29801#true} {29801#true} #1746#return; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L272 TraceCheckUtils]: 67: Hoare triple {29801#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 68: Hoare triple {29801#true} ~handle := #in~handle;~value := #in~value; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 69: Hoare triple {29801#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 70: Hoare triple {29801#true} assume true; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29801#true} {29801#true} #1748#return; {29801#true} is VALID [2022-02-20 17:57:14,708 INFO L290 TraceCheckUtils]: 72: Hoare triple {29801#true} assume { :end_inline_setup_bob__role__Keys } true; {29801#true} is VALID [2022-02-20 17:57:14,709 INFO L290 TraceCheckUtils]: 73: Hoare triple {29801#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {30132#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:57:14,710 INFO L290 TraceCheckUtils]: 74: Hoare triple {30132#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {30136#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 17:57:14,710 INFO L272 TraceCheckUtils]: 75: Hoare triple {30136#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {29801#true} is VALID [2022-02-20 17:57:14,710 INFO L290 TraceCheckUtils]: 76: Hoare triple {29801#true} ~rjh___0 := #in~rjh___0; {30143#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 17:57:14,710 INFO L272 TraceCheckUtils]: 77: Hoare triple {30143#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {29801#true} is VALID [2022-02-20 17:57:14,710 INFO L290 TraceCheckUtils]: 78: Hoare triple {29801#true} ~handle := #in~handle;~value := #in~value; {30150#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:57:14,711 INFO L290 TraceCheckUtils]: 79: Hoare triple {30150#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30154#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:14,711 INFO L290 TraceCheckUtils]: 80: Hoare triple {30154#(<= |setClientId_#in~handle| 1)} assume true; {30154#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:14,711 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30154#(<= |setClientId_#in~handle| 1)} {30143#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1680#return; {30161#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:14,712 INFO L290 TraceCheckUtils]: 82: Hoare triple {30161#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30161#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:57:14,712 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {30161#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30136#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1752#return; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L272 TraceCheckUtils]: 84: Hoare triple {29802#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L290 TraceCheckUtils]: 85: Hoare triple {29802#false} ~handle := #in~handle;~value := #in~value; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L290 TraceCheckUtils]: 86: Hoare triple {29802#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L290 TraceCheckUtils]: 87: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {29802#false} {29802#false} #1754#return; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L290 TraceCheckUtils]: 89: Hoare triple {29802#false} assume { :end_inline_setup_rjh__role__Keys } true; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L290 TraceCheckUtils]: 90: Hoare triple {29802#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L290 TraceCheckUtils]: 91: Hoare triple {29802#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L272 TraceCheckUtils]: 92: Hoare triple {29802#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L290 TraceCheckUtils]: 93: Hoare triple {29802#false} ~chuck___0 := #in~chuck___0; {29802#false} is VALID [2022-02-20 17:57:14,712 INFO L272 TraceCheckUtils]: 94: Hoare triple {29802#false} call setClientId(~chuck___0, ~chuck___0); {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 95: Hoare triple {29802#false} ~handle := #in~handle;~value := #in~value; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 96: Hoare triple {29802#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 97: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {29802#false} {29802#false} #1622#return; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 99: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29802#false} {29802#false} #1758#return; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L272 TraceCheckUtils]: 101: Hoare triple {29802#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 102: Hoare triple {29802#false} ~handle := #in~handle;~value := #in~value; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 103: Hoare triple {29802#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 104: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {29802#false} {29802#false} #1760#return; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 106: Hoare triple {29802#false} assume { :end_inline_setup_chuck__role__Keys } true; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 107: Hoare triple {29802#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 108: Hoare triple {29802#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 109: Hoare triple {29802#false} assume !false; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 110: Hoare triple {29802#false} assume test_~splverifierCounter~0#1 < 4; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 111: Hoare triple {29802#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 112: Hoare triple {29802#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 113: Hoare triple {29802#false} assume !(0 != test_~tmp___9~0#1); {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 114: Hoare triple {29802#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet8#1 && test_#t~nondet8#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet8#1;havoc test_#t~nondet8#1; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 115: Hoare triple {29802#false} assume 0 != test_~tmp___8~0#1; {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 116: Hoare triple {29802#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {29802#false} is VALID [2022-02-20 17:57:14,713 INFO L290 TraceCheckUtils]: 117: Hoare triple {29802#false} test_~op2~0#1 := 1; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 118: Hoare triple {29802#false} assume !false; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 119: Hoare triple {29802#false} assume !(test_~splverifierCounter~0#1 < 4); {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 120: Hoare triple {29802#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L272 TraceCheckUtils]: 121: Hoare triple {29802#false} call sendEmail(~bob~0, ~rjh~0); {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 122: Hoare triple {29802#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L272 TraceCheckUtils]: 123: Hoare triple {29802#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 124: Hoare triple {29802#false} ~handle := #in~handle;~value := #in~value; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 125: Hoare triple {29802#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 126: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {29802#false} {29802#false} #1644#return; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L272 TraceCheckUtils]: 128: Hoare triple {29802#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 129: Hoare triple {29802#false} ~handle := #in~handle;~value := #in~value; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 130: Hoare triple {29802#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 131: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {29802#false} {29802#false} #1646#return; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 133: Hoare triple {29802#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 134: Hoare triple {29802#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L272 TraceCheckUtils]: 135: Hoare triple {29802#false} call outgoing(~sender#1, ~email~0#1); {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 136: Hoare triple {29802#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 137: Hoare triple {29802#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L272 TraceCheckUtils]: 138: Hoare triple {29802#false} call outgoing__before__Sign(~client#1, ~msg#1); {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 139: Hoare triple {29802#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29802#false} is VALID [2022-02-20 17:57:14,714 INFO L290 TraceCheckUtils]: 140: Hoare triple {29802#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L272 TraceCheckUtils]: 141: Hoare triple {29802#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 142: Hoare triple {29802#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 143: Hoare triple {29802#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L272 TraceCheckUtils]: 144: Hoare triple {29802#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 145: Hoare triple {29802#false} ~handle := #in~handle;havoc ~retValue_acc~13; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 146: Hoare triple {29802#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 147: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {29802#false} {29802#false} #1610#return; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 149: Hoare triple {29802#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L272 TraceCheckUtils]: 150: Hoare triple {29802#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 151: Hoare triple {29802#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 152: Hoare triple {29802#false} assume 1 == ~handle; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 153: Hoare triple {29802#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 154: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {29802#false} {29802#false} #1612#return; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 156: Hoare triple {29802#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 157: Hoare triple {29802#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L272 TraceCheckUtils]: 158: Hoare triple {29802#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 159: Hoare triple {29802#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 160: Hoare triple {29802#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 161: Hoare triple {29802#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L272 TraceCheckUtils]: 162: Hoare triple {29802#false} call setEmailFrom(~msg#1, ~tmp~8#1); {29802#false} is VALID [2022-02-20 17:57:14,715 INFO L290 TraceCheckUtils]: 163: Hoare triple {29802#false} ~handle := #in~handle;~value := #in~value; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 164: Hoare triple {29802#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 165: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {29802#false} {29802#false} #1656#return; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 167: Hoare triple {29802#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 168: Hoare triple {29802#false} assume !(-1 == ~mail_is_sensitive~0); {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L272 TraceCheckUtils]: 169: Hoare triple {29802#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 170: Hoare triple {29802#false} ~handle := #in~handle;havoc ~retValue_acc~16; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 171: Hoare triple {29802#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 172: Hoare triple {29802#false} assume true; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {29802#false} {29802#false} #1660#return; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 174: Hoare triple {29802#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 175: Hoare triple {29802#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L290 TraceCheckUtils]: 176: Hoare triple {29802#false} assume !false; {29802#false} is VALID [2022-02-20 17:57:14,716 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 17:57:14,716 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:57:14,717 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1849093778] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:14,717 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:57:14,717 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [12] total 18 [2022-02-20 17:57:14,717 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [513484627] [2022-02-20 17:57:14,717 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:14,718 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 17:57:14,718 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:14,718 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:57:14,794 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 156 edges. 156 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:14,794 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:57:14,794 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:14,794 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:57:14,794 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=267, Unknown=0, NotChecked=0, Total=306 [2022-02-20 17:57:14,795 INFO L87 Difference]: Start difference. First operand 683 states and 997 transitions. Second operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:57:16,722 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:16,722 INFO L93 Difference]: Finished difference Result 1313 states and 1931 transitions. [2022-02-20 17:57:16,722 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:57:16,723 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 17:57:16,723 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:16,723 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:57:16,734 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1633 transitions. [2022-02-20 17:57:16,734 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:57:16,744 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1633 transitions. [2022-02-20 17:57:16,745 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 1633 transitions. [2022-02-20 17:57:17,549 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1633 edges. 1633 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:17,570 INFO L225 Difference]: With dead ends: 1313 [2022-02-20 17:57:17,570 INFO L226 Difference]: Without dead ends: 685 [2022-02-20 17:57:17,572 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 231 GetRequests, 212 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=51, Invalid=369, Unknown=0, NotChecked=0, Total=420 [2022-02-20 17:57:17,572 INFO L933 BasicCegarLoop]: 836 mSDtfsCounter, 363 mSDsluCounter, 4607 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 44 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 365 SdHoareTripleChecker+Valid, 5443 SdHoareTripleChecker+Invalid, 119 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 44 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:17,572 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [365 Valid, 5443 Invalid, 119 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [44 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 17:57:17,573 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 685 states. [2022-02-20 17:57:17,656 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 685 to 685. [2022-02-20 17:57:17,657 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:17,658 INFO L82 GeneralOperation]: Start isEquivalent. First operand 685 states. Second operand has 685 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 534 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 17:57:17,658 INFO L74 IsIncluded]: Start isIncluded. First operand 685 states. Second operand has 685 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 534 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 17:57:17,660 INFO L87 Difference]: Start difference. First operand 685 states. Second operand has 685 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 534 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 17:57:17,677 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:17,678 INFO L93 Difference]: Finished difference Result 685 states and 1000 transitions. [2022-02-20 17:57:17,678 INFO L276 IsEmpty]: Start isEmpty. Operand 685 states and 1000 transitions. [2022-02-20 17:57:17,680 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:17,680 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:17,681 INFO L74 IsIncluded]: Start isIncluded. First operand has 685 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 534 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) Second operand 685 states. [2022-02-20 17:57:17,681 INFO L87 Difference]: Start difference. First operand has 685 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 534 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) Second operand 685 states. [2022-02-20 17:57:17,699 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:17,699 INFO L93 Difference]: Finished difference Result 685 states and 1000 transitions. [2022-02-20 17:57:17,699 INFO L276 IsEmpty]: Start isEmpty. Operand 685 states and 1000 transitions. [2022-02-20 17:57:17,701 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:17,701 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:17,701 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:17,701 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:17,702 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 685 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 534 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 17:57:17,726 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 685 states to 685 states and 1000 transitions. [2022-02-20 17:57:17,726 INFO L78 Accepts]: Start accepts. Automaton has 685 states and 1000 transitions. Word has length 177 [2022-02-20 17:57:17,726 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:17,726 INFO L470 AbstractCegarLoop]: Abstraction has 685 states and 1000 transitions. [2022-02-20 17:57:17,726 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:57:17,727 INFO L276 IsEmpty]: Start isEmpty. Operand 685 states and 1000 transitions. [2022-02-20 17:57:17,728 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 179 [2022-02-20 17:57:17,728 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:17,728 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:17,749 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:57:17,947 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:57:17,947 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:17,947 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:17,947 INFO L85 PathProgramCache]: Analyzing trace with hash -297613258, now seen corresponding path program 1 times [2022-02-20 17:57:17,948 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:17,948 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2075894536] [2022-02-20 17:57:17,948 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:17,948 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:17,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:18,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,029 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34572#true} {34572#true} #1730#return; {34572#true} is VALID [2022-02-20 17:57:18,029 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:18,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,031 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34572#true} {34572#true} #1732#return; {34572#true} is VALID [2022-02-20 17:57:18,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:18,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,034 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34572#true} {34572#true} #1734#return; {34572#true} is VALID [2022-02-20 17:57:18,034 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:18,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,036 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,036 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34572#true} {34572#true} #1736#return; {34572#true} is VALID [2022-02-20 17:57:18,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:18,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,038 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34572#true} {34572#true} #1738#return; {34572#true} is VALID [2022-02-20 17:57:18,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:18,039 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,041 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,041 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34572#true} {34572#true} #1740#return; {34572#true} is VALID [2022-02-20 17:57:18,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:18,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,057 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34572#true} {34572#true} #1742#return; {34572#true} is VALID [2022-02-20 17:57:18,057 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:18,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,063 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,063 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,063 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34572#true} {34572#true} #1744#return; {34572#true} is VALID [2022-02-20 17:57:18,066 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:57:18,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:18,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,070 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,070 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,070 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34572#true} #1728#return; {34572#true} is VALID [2022-02-20 17:57:18,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {34572#true} is VALID [2022-02-20 17:57:18,091 INFO L272 TraceCheckUtils]: 1: Hoare triple {34572#true} call setClientId(~bob___0, ~bob___0); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,091 INFO L290 TraceCheckUtils]: 2: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,091 INFO L290 TraceCheckUtils]: 3: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,091 INFO L290 TraceCheckUtils]: 4: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,091 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34572#true} {34572#true} #1728#return; {34572#true} is VALID [2022-02-20 17:57:18,091 INFO L290 TraceCheckUtils]: 6: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,091 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {34572#true} {34572#true} #1746#return; {34572#true} is VALID [2022-02-20 17:57:18,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:57:18,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,097 INFO L290 TraceCheckUtils]: 0: Hoare triple {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,097 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,097 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,097 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34572#true} #1748#return; {34572#true} is VALID [2022-02-20 17:57:18,097 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:57:18,098 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:18,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,117 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34674#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34675#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,118 INFO L290 TraceCheckUtils]: 3: Hoare triple {34675#(= 2 |setClientId_#in~handle|)} assume true; {34675#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,118 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34675#(= 2 |setClientId_#in~handle|)} {34667#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:18,119 INFO L290 TraceCheckUtils]: 0: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {34667#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:18,119 INFO L272 TraceCheckUtils]: 1: Hoare triple {34667#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,119 INFO L290 TraceCheckUtils]: 2: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,120 INFO L290 TraceCheckUtils]: 3: Hoare triple {34674#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34674#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,120 INFO L290 TraceCheckUtils]: 4: Hoare triple {34674#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34675#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,120 INFO L290 TraceCheckUtils]: 5: Hoare triple {34675#(= 2 |setClientId_#in~handle|)} assume true; {34675#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,121 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34675#(= 2 |setClientId_#in~handle|)} {34667#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:18,121 INFO L290 TraceCheckUtils]: 7: Hoare triple {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:18,121 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {34572#true} #1752#return; {34619#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 17:57:18,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:57:18,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,149 INFO L290 TraceCheckUtils]: 0: Hoare triple {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34676#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:57:18,149 INFO L290 TraceCheckUtils]: 1: Hoare triple {34676#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34677#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:57:18,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {34677#(= |setClientPrivateKey_#in~handle| 1)} assume true; {34677#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:57:18,150 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34677#(= |setClientPrivateKey_#in~handle| 1)} {34619#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1754#return; {34573#false} is VALID [2022-02-20 17:57:18,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:57:18,151 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,153 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:18,153 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,155 INFO L290 TraceCheckUtils]: 0: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,155 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,155 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,155 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34572#true} #1622#return; {34572#true} is VALID [2022-02-20 17:57:18,155 INFO L290 TraceCheckUtils]: 0: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {34572#true} is VALID [2022-02-20 17:57:18,155 INFO L272 TraceCheckUtils]: 1: Hoare triple {34572#true} call setClientId(~chuck___0, ~chuck___0); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,155 INFO L290 TraceCheckUtils]: 2: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,155 INFO L290 TraceCheckUtils]: 3: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,155 INFO L290 TraceCheckUtils]: 4: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,156 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34572#true} {34572#true} #1622#return; {34572#true} is VALID [2022-02-20 17:57:18,156 INFO L290 TraceCheckUtils]: 6: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,156 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {34572#true} {34573#false} #1758#return; {34573#false} is VALID [2022-02-20 17:57:18,156 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:57:18,157 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,158 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34573#false} #1760#return; {34573#false} is VALID [2022-02-20 17:57:18,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:57:18,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,166 INFO L290 TraceCheckUtils]: 0: Hoare triple {34682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,166 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,166 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,166 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34573#false} #1644#return; {34573#false} is VALID [2022-02-20 17:57:18,172 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:57:18,173 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,174 INFO L290 TraceCheckUtils]: 0: Hoare triple {34683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,174 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34573#false} #1646#return; {34573#false} is VALID [2022-02-20 17:57:18,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 145 [2022-02-20 17:57:18,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,176 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} ~handle := #in~handle;havoc ~retValue_acc~13; {34572#true} is VALID [2022-02-20 17:57:18,176 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {34572#true} is VALID [2022-02-20 17:57:18,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,176 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34573#false} #1610#return; {34573#false} is VALID [2022-02-20 17:57:18,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 151 [2022-02-20 17:57:18,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,178 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {34572#true} is VALID [2022-02-20 17:57:18,178 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle; {34572#true} is VALID [2022-02-20 17:57:18,178 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {34572#true} is VALID [2022-02-20 17:57:18,178 INFO L290 TraceCheckUtils]: 3: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,178 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34572#true} {34573#false} #1612#return; {34573#false} is VALID [2022-02-20 17:57:18,178 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 17:57:18,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {34682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,180 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,180 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34573#false} #1656#return; {34573#false} is VALID [2022-02-20 17:57:18,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 170 [2022-02-20 17:57:18,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} ~handle := #in~handle;havoc ~retValue_acc~16; {34572#true} is VALID [2022-02-20 17:57:18,181 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {34572#true} is VALID [2022-02-20 17:57:18,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,181 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34572#true} {34573#false} #1660#return; {34573#false} is VALID [2022-02-20 17:57:18,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {34572#true} is VALID [2022-02-20 17:57:18,182 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {34572#true} is VALID [2022-02-20 17:57:18,182 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {34572#true} is VALID [2022-02-20 17:57:18,182 INFO L272 TraceCheckUtils]: 3: Hoare triple {34572#true} call select_features_#t~ret117#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,182 INFO L290 TraceCheckUtils]: 4: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,182 INFO L290 TraceCheckUtils]: 5: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,182 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34572#true} {34572#true} #1730#return; {34572#true} is VALID [2022-02-20 17:57:18,182 INFO L290 TraceCheckUtils]: 7: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {34572#true} is VALID [2022-02-20 17:57:18,182 INFO L272 TraceCheckUtils]: 8: Hoare triple {34572#true} call select_features_#t~ret118#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L290 TraceCheckUtils]: 9: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L290 TraceCheckUtils]: 10: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {34572#true} {34572#true} #1732#return; {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L290 TraceCheckUtils]: 12: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L272 TraceCheckUtils]: 13: Hoare triple {34572#true} call select_features_#t~ret119#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L290 TraceCheckUtils]: 14: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L290 TraceCheckUtils]: 15: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34572#true} {34572#true} #1734#return; {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L290 TraceCheckUtils]: 17: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {34572#true} is VALID [2022-02-20 17:57:18,183 INFO L272 TraceCheckUtils]: 18: Hoare triple {34572#true} call select_features_#t~ret120#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L290 TraceCheckUtils]: 19: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L290 TraceCheckUtils]: 20: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34572#true} {34572#true} #1736#return; {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L290 TraceCheckUtils]: 22: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L272 TraceCheckUtils]: 23: Hoare triple {34572#true} call select_features_#t~ret121#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L290 TraceCheckUtils]: 24: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L290 TraceCheckUtils]: 25: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {34572#true} {34572#true} #1738#return; {34572#true} is VALID [2022-02-20 17:57:18,184 INFO L290 TraceCheckUtils]: 27: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L272 TraceCheckUtils]: 28: Hoare triple {34572#true} call select_features_#t~ret122#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L290 TraceCheckUtils]: 29: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L290 TraceCheckUtils]: 30: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {34572#true} {34572#true} #1740#return; {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L290 TraceCheckUtils]: 32: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L272 TraceCheckUtils]: 33: Hoare triple {34572#true} call select_features_#t~ret123#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L290 TraceCheckUtils]: 34: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L290 TraceCheckUtils]: 35: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {34572#true} {34572#true} #1742#return; {34572#true} is VALID [2022-02-20 17:57:18,185 INFO L290 TraceCheckUtils]: 37: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L272 TraceCheckUtils]: 38: Hoare triple {34572#true} call select_features_#t~ret124#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L290 TraceCheckUtils]: 39: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L290 TraceCheckUtils]: 40: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {34572#true} {34572#true} #1744#return; {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L290 TraceCheckUtils]: 42: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L290 TraceCheckUtils]: 43: Hoare triple {34572#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L290 TraceCheckUtils]: 44: Hoare triple {34572#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L290 TraceCheckUtils]: 45: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L290 TraceCheckUtils]: 46: Hoare triple {34572#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {34572#true} is VALID [2022-02-20 17:57:18,186 INFO L290 TraceCheckUtils]: 47: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 48: Hoare triple {34572#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 49: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 50: Hoare triple {34572#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 51: Hoare triple {34572#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 52: Hoare triple {34572#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 53: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 54: Hoare triple {34572#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 55: Hoare triple {34572#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 56: Hoare triple {34572#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34572#true} is VALID [2022-02-20 17:57:18,187 INFO L290 TraceCheckUtils]: 57: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {34572#true} is VALID [2022-02-20 17:57:18,188 INFO L272 TraceCheckUtils]: 58: Hoare triple {34572#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,188 INFO L290 TraceCheckUtils]: 59: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {34572#true} is VALID [2022-02-20 17:57:18,189 INFO L272 TraceCheckUtils]: 60: Hoare triple {34572#true} call setClientId(~bob___0, ~bob___0); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,189 INFO L290 TraceCheckUtils]: 61: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,189 INFO L290 TraceCheckUtils]: 62: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,189 INFO L290 TraceCheckUtils]: 63: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,189 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {34572#true} {34572#true} #1728#return; {34572#true} is VALID [2022-02-20 17:57:18,189 INFO L290 TraceCheckUtils]: 65: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,189 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {34572#true} {34572#true} #1746#return; {34572#true} is VALID [2022-02-20 17:57:18,190 INFO L272 TraceCheckUtils]: 67: Hoare triple {34572#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:18,190 INFO L290 TraceCheckUtils]: 68: Hoare triple {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,190 INFO L290 TraceCheckUtils]: 69: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,190 INFO L290 TraceCheckUtils]: 70: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,190 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {34572#true} {34572#true} #1748#return; {34572#true} is VALID [2022-02-20 17:57:18,190 INFO L290 TraceCheckUtils]: 72: Hoare triple {34572#true} assume { :end_inline_setup_bob__role__Keys } true; {34572#true} is VALID [2022-02-20 17:57:18,191 INFO L290 TraceCheckUtils]: 73: Hoare triple {34572#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {34572#true} is VALID [2022-02-20 17:57:18,191 INFO L290 TraceCheckUtils]: 74: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {34572#true} is VALID [2022-02-20 17:57:18,191 INFO L272 TraceCheckUtils]: 75: Hoare triple {34572#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,192 INFO L290 TraceCheckUtils]: 76: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {34667#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:18,192 INFO L272 TraceCheckUtils]: 77: Hoare triple {34667#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,193 INFO L290 TraceCheckUtils]: 78: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,193 INFO L290 TraceCheckUtils]: 79: Hoare triple {34674#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34674#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,193 INFO L290 TraceCheckUtils]: 80: Hoare triple {34674#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34675#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,193 INFO L290 TraceCheckUtils]: 81: Hoare triple {34675#(= 2 |setClientId_#in~handle|)} assume true; {34675#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:18,194 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34675#(= 2 |setClientId_#in~handle|)} {34667#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1680#return; {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:18,194 INFO L290 TraceCheckUtils]: 83: Hoare triple {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:57:18,195 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {34673#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {34572#true} #1752#return; {34619#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 17:57:18,195 INFO L272 TraceCheckUtils]: 85: Hoare triple {34619#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:18,196 INFO L290 TraceCheckUtils]: 86: Hoare triple {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34676#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:57:18,196 INFO L290 TraceCheckUtils]: 87: Hoare triple {34676#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34677#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:57:18,196 INFO L290 TraceCheckUtils]: 88: Hoare triple {34677#(= |setClientPrivateKey_#in~handle| 1)} assume true; {34677#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:57:18,197 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {34677#(= |setClientPrivateKey_#in~handle| 1)} {34619#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1754#return; {34573#false} is VALID [2022-02-20 17:57:18,197 INFO L290 TraceCheckUtils]: 90: Hoare triple {34573#false} assume { :end_inline_setup_rjh__role__Keys } true; {34573#false} is VALID [2022-02-20 17:57:18,197 INFO L290 TraceCheckUtils]: 91: Hoare triple {34573#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34573#false} is VALID [2022-02-20 17:57:18,197 INFO L290 TraceCheckUtils]: 92: Hoare triple {34573#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {34573#false} is VALID [2022-02-20 17:57:18,197 INFO L272 TraceCheckUtils]: 93: Hoare triple {34573#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,197 INFO L290 TraceCheckUtils]: 94: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {34572#true} is VALID [2022-02-20 17:57:18,198 INFO L272 TraceCheckUtils]: 95: Hoare triple {34572#true} call setClientId(~chuck___0, ~chuck___0); {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:18,198 INFO L290 TraceCheckUtils]: 96: Hoare triple {34661#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,198 INFO L290 TraceCheckUtils]: 97: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,198 INFO L290 TraceCheckUtils]: 98: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,198 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34572#true} {34572#true} #1622#return; {34572#true} is VALID [2022-02-20 17:57:18,198 INFO L290 TraceCheckUtils]: 100: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,198 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {34572#true} {34573#false} #1758#return; {34573#false} is VALID [2022-02-20 17:57:18,199 INFO L272 TraceCheckUtils]: 102: Hoare triple {34573#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:18,199 INFO L290 TraceCheckUtils]: 103: Hoare triple {34666#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,199 INFO L290 TraceCheckUtils]: 104: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,199 INFO L290 TraceCheckUtils]: 105: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,199 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34572#true} {34573#false} #1760#return; {34573#false} is VALID [2022-02-20 17:57:18,199 INFO L290 TraceCheckUtils]: 107: Hoare triple {34573#false} assume { :end_inline_setup_chuck__role__Keys } true; {34573#false} is VALID [2022-02-20 17:57:18,199 INFO L290 TraceCheckUtils]: 108: Hoare triple {34573#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {34573#false} is VALID [2022-02-20 17:57:18,199 INFO L290 TraceCheckUtils]: 109: Hoare triple {34573#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34573#false} is VALID [2022-02-20 17:57:18,199 INFO L290 TraceCheckUtils]: 110: Hoare triple {34573#false} assume !false; {34573#false} is VALID [2022-02-20 17:57:18,199 INFO L290 TraceCheckUtils]: 111: Hoare triple {34573#false} assume test_~splverifierCounter~0#1 < 4; {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 112: Hoare triple {34573#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 113: Hoare triple {34573#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 114: Hoare triple {34573#false} assume !(0 != test_~tmp___9~0#1); {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 115: Hoare triple {34573#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet8#1 && test_#t~nondet8#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet8#1;havoc test_#t~nondet8#1; {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 116: Hoare triple {34573#false} assume 0 != test_~tmp___8~0#1; {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 117: Hoare triple {34573#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 118: Hoare triple {34573#false} test_~op2~0#1 := 1; {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 119: Hoare triple {34573#false} assume !false; {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 120: Hoare triple {34573#false} assume !(test_~splverifierCounter~0#1 < 4); {34573#false} is VALID [2022-02-20 17:57:18,200 INFO L290 TraceCheckUtils]: 121: Hoare triple {34573#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {34573#false} is VALID [2022-02-20 17:57:18,201 INFO L272 TraceCheckUtils]: 122: Hoare triple {34573#false} call sendEmail(~bob~0, ~rjh~0); {34573#false} is VALID [2022-02-20 17:57:18,201 INFO L290 TraceCheckUtils]: 123: Hoare triple {34573#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34573#false} is VALID [2022-02-20 17:57:18,201 INFO L272 TraceCheckUtils]: 124: Hoare triple {34573#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:18,201 INFO L290 TraceCheckUtils]: 125: Hoare triple {34682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,201 INFO L290 TraceCheckUtils]: 126: Hoare triple {34572#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,201 INFO L290 TraceCheckUtils]: 127: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,201 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {34572#true} {34573#false} #1644#return; {34573#false} is VALID [2022-02-20 17:57:18,201 INFO L272 TraceCheckUtils]: 129: Hoare triple {34573#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:18,201 INFO L290 TraceCheckUtils]: 130: Hoare triple {34683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,201 INFO L290 TraceCheckUtils]: 131: Hoare triple {34572#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,202 INFO L290 TraceCheckUtils]: 132: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,202 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {34572#true} {34573#false} #1646#return; {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L290 TraceCheckUtils]: 134: Hoare triple {34573#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L290 TraceCheckUtils]: 135: Hoare triple {34573#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L272 TraceCheckUtils]: 136: Hoare triple {34573#false} call outgoing(~sender#1, ~email~0#1); {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L290 TraceCheckUtils]: 137: Hoare triple {34573#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L290 TraceCheckUtils]: 138: Hoare triple {34573#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L272 TraceCheckUtils]: 139: Hoare triple {34573#false} call outgoing__before__Sign(~client#1, ~msg#1); {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L290 TraceCheckUtils]: 140: Hoare triple {34573#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L290 TraceCheckUtils]: 141: Hoare triple {34573#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {34573#false} is VALID [2022-02-20 17:57:18,202 INFO L272 TraceCheckUtils]: 142: Hoare triple {34573#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {34573#false} is VALID [2022-02-20 17:57:18,203 INFO L290 TraceCheckUtils]: 143: Hoare triple {34573#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34573#false} is VALID [2022-02-20 17:57:18,203 INFO L290 TraceCheckUtils]: 144: Hoare triple {34573#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {34573#false} is VALID [2022-02-20 17:57:18,203 INFO L272 TraceCheckUtils]: 145: Hoare triple {34573#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {34572#true} is VALID [2022-02-20 17:57:18,203 INFO L290 TraceCheckUtils]: 146: Hoare triple {34572#true} ~handle := #in~handle;havoc ~retValue_acc~13; {34572#true} is VALID [2022-02-20 17:57:18,203 INFO L290 TraceCheckUtils]: 147: Hoare triple {34572#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {34572#true} is VALID [2022-02-20 17:57:18,203 INFO L290 TraceCheckUtils]: 148: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,203 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {34572#true} {34573#false} #1610#return; {34573#false} is VALID [2022-02-20 17:57:18,203 INFO L290 TraceCheckUtils]: 150: Hoare triple {34573#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {34573#false} is VALID [2022-02-20 17:57:18,203 INFO L272 TraceCheckUtils]: 151: Hoare triple {34573#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {34572#true} is VALID [2022-02-20 17:57:18,203 INFO L290 TraceCheckUtils]: 152: Hoare triple {34572#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {34572#true} is VALID [2022-02-20 17:57:18,204 INFO L290 TraceCheckUtils]: 153: Hoare triple {34572#true} assume 1 == ~handle; {34572#true} is VALID [2022-02-20 17:57:18,204 INFO L290 TraceCheckUtils]: 154: Hoare triple {34572#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {34572#true} is VALID [2022-02-20 17:57:18,204 INFO L290 TraceCheckUtils]: 155: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,204 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {34572#true} {34573#false} #1612#return; {34573#false} is VALID [2022-02-20 17:57:18,204 INFO L290 TraceCheckUtils]: 157: Hoare triple {34573#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {34573#false} is VALID [2022-02-20 17:57:18,204 INFO L290 TraceCheckUtils]: 158: Hoare triple {34573#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {34573#false} is VALID [2022-02-20 17:57:18,204 INFO L272 TraceCheckUtils]: 159: Hoare triple {34573#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {34573#false} is VALID [2022-02-20 17:57:18,204 INFO L290 TraceCheckUtils]: 160: Hoare triple {34573#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {34573#false} is VALID [2022-02-20 17:57:18,204 INFO L290 TraceCheckUtils]: 161: Hoare triple {34573#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {34573#false} is VALID [2022-02-20 17:57:18,204 INFO L290 TraceCheckUtils]: 162: Hoare triple {34573#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {34573#false} is VALID [2022-02-20 17:57:18,205 INFO L272 TraceCheckUtils]: 163: Hoare triple {34573#false} call setEmailFrom(~msg#1, ~tmp~8#1); {34682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:18,205 INFO L290 TraceCheckUtils]: 164: Hoare triple {34682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,205 INFO L290 TraceCheckUtils]: 165: Hoare triple {34572#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,205 INFO L290 TraceCheckUtils]: 166: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,205 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {34572#true} {34573#false} #1656#return; {34573#false} is VALID [2022-02-20 17:57:18,205 INFO L290 TraceCheckUtils]: 168: Hoare triple {34573#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {34573#false} is VALID [2022-02-20 17:57:18,205 INFO L290 TraceCheckUtils]: 169: Hoare triple {34573#false} assume !(-1 == ~mail_is_sensitive~0); {34573#false} is VALID [2022-02-20 17:57:18,205 INFO L272 TraceCheckUtils]: 170: Hoare triple {34573#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {34572#true} is VALID [2022-02-20 17:57:18,205 INFO L290 TraceCheckUtils]: 171: Hoare triple {34572#true} ~handle := #in~handle;havoc ~retValue_acc~16; {34572#true} is VALID [2022-02-20 17:57:18,205 INFO L290 TraceCheckUtils]: 172: Hoare triple {34572#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {34572#true} is VALID [2022-02-20 17:57:18,206 INFO L290 TraceCheckUtils]: 173: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,206 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {34572#true} {34573#false} #1660#return; {34573#false} is VALID [2022-02-20 17:57:18,206 INFO L290 TraceCheckUtils]: 175: Hoare triple {34573#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {34573#false} is VALID [2022-02-20 17:57:18,206 INFO L290 TraceCheckUtils]: 176: Hoare triple {34573#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {34573#false} is VALID [2022-02-20 17:57:18,206 INFO L290 TraceCheckUtils]: 177: Hoare triple {34573#false} assume !false; {34573#false} is VALID [2022-02-20 17:57:18,206 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 102 trivial. 0 not checked. [2022-02-20 17:57:18,206 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:18,207 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2075894536] [2022-02-20 17:57:18,207 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2075894536] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:57:18,207 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [314275562] [2022-02-20 17:57:18,207 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:18,207 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:57:18,207 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:57:18,225 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:57:18,226 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:57:18,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,480 INFO L263 TraceCheckSpWp]: Trace formula consists of 1464 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:57:18,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:18,542 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:57:18,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {34572#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {34572#true} is VALID [2022-02-20 17:57:18,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {34572#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {34572#true} is VALID [2022-02-20 17:57:18,925 INFO L290 TraceCheckUtils]: 2: Hoare triple {34572#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {34572#true} is VALID [2022-02-20 17:57:18,925 INFO L272 TraceCheckUtils]: 3: Hoare triple {34572#true} call select_features_#t~ret117#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,925 INFO L290 TraceCheckUtils]: 4: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L290 TraceCheckUtils]: 5: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34572#true} {34572#true} #1730#return; {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L290 TraceCheckUtils]: 7: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L272 TraceCheckUtils]: 8: Hoare triple {34572#true} call select_features_#t~ret118#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L290 TraceCheckUtils]: 9: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L290 TraceCheckUtils]: 10: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {34572#true} {34572#true} #1732#return; {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L290 TraceCheckUtils]: 12: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L272 TraceCheckUtils]: 13: Hoare triple {34572#true} call select_features_#t~ret119#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,926 INFO L290 TraceCheckUtils]: 14: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L290 TraceCheckUtils]: 15: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34572#true} {34572#true} #1734#return; {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L290 TraceCheckUtils]: 17: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L272 TraceCheckUtils]: 18: Hoare triple {34572#true} call select_features_#t~ret120#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L290 TraceCheckUtils]: 19: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L290 TraceCheckUtils]: 20: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34572#true} {34572#true} #1736#return; {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L290 TraceCheckUtils]: 22: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L272 TraceCheckUtils]: 23: Hoare triple {34572#true} call select_features_#t~ret121#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,927 INFO L290 TraceCheckUtils]: 24: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L290 TraceCheckUtils]: 25: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {34572#true} {34572#true} #1738#return; {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L290 TraceCheckUtils]: 27: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L272 TraceCheckUtils]: 28: Hoare triple {34572#true} call select_features_#t~ret122#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L290 TraceCheckUtils]: 29: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L290 TraceCheckUtils]: 30: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {34572#true} {34572#true} #1740#return; {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L290 TraceCheckUtils]: 32: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L272 TraceCheckUtils]: 33: Hoare triple {34572#true} call select_features_#t~ret123#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,928 INFO L290 TraceCheckUtils]: 34: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L290 TraceCheckUtils]: 35: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {34572#true} {34572#true} #1742#return; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L290 TraceCheckUtils]: 37: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L272 TraceCheckUtils]: 38: Hoare triple {34572#true} call select_features_#t~ret124#1 := select_one(); {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L290 TraceCheckUtils]: 39: Hoare triple {34572#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L290 TraceCheckUtils]: 40: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {34572#true} {34572#true} #1744#return; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L290 TraceCheckUtils]: 42: Hoare triple {34572#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L290 TraceCheckUtils]: 43: Hoare triple {34572#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L290 TraceCheckUtils]: 44: Hoare triple {34572#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34572#true} is VALID [2022-02-20 17:57:18,929 INFO L290 TraceCheckUtils]: 45: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 46: Hoare triple {34572#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 47: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 48: Hoare triple {34572#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 49: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 50: Hoare triple {34572#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 51: Hoare triple {34572#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 52: Hoare triple {34572#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 53: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {34572#true} is VALID [2022-02-20 17:57:18,930 INFO L290 TraceCheckUtils]: 54: Hoare triple {34572#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L290 TraceCheckUtils]: 55: Hoare triple {34572#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L290 TraceCheckUtils]: 56: Hoare triple {34572#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L290 TraceCheckUtils]: 57: Hoare triple {34572#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L272 TraceCheckUtils]: 58: Hoare triple {34572#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L290 TraceCheckUtils]: 59: Hoare triple {34572#true} ~bob___0 := #in~bob___0; {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L272 TraceCheckUtils]: 60: Hoare triple {34572#true} call setClientId(~bob___0, ~bob___0); {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L290 TraceCheckUtils]: 61: Hoare triple {34572#true} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L290 TraceCheckUtils]: 62: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L290 TraceCheckUtils]: 63: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,931 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {34572#true} {34572#true} #1728#return; {34572#true} is VALID [2022-02-20 17:57:18,932 INFO L290 TraceCheckUtils]: 65: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,932 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {34572#true} {34572#true} #1746#return; {34572#true} is VALID [2022-02-20 17:57:18,932 INFO L272 TraceCheckUtils]: 67: Hoare triple {34572#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {34572#true} is VALID [2022-02-20 17:57:18,932 INFO L290 TraceCheckUtils]: 68: Hoare triple {34572#true} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,932 INFO L290 TraceCheckUtils]: 69: Hoare triple {34572#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,932 INFO L290 TraceCheckUtils]: 70: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,932 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {34572#true} {34572#true} #1748#return; {34572#true} is VALID [2022-02-20 17:57:18,932 INFO L290 TraceCheckUtils]: 72: Hoare triple {34572#true} assume { :end_inline_setup_bob__role__Keys } true; {34572#true} is VALID [2022-02-20 17:57:18,943 INFO L290 TraceCheckUtils]: 73: Hoare triple {34572#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {34906#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:57:18,944 INFO L290 TraceCheckUtils]: 74: Hoare triple {34906#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {34910#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 17:57:18,944 INFO L272 TraceCheckUtils]: 75: Hoare triple {34910#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {34572#true} is VALID [2022-02-20 17:57:18,944 INFO L290 TraceCheckUtils]: 76: Hoare triple {34572#true} ~rjh___0 := #in~rjh___0; {34572#true} is VALID [2022-02-20 17:57:18,944 INFO L272 TraceCheckUtils]: 77: Hoare triple {34572#true} call setClientId(~rjh___0, ~rjh___0); {34572#true} is VALID [2022-02-20 17:57:18,944 INFO L290 TraceCheckUtils]: 78: Hoare triple {34572#true} ~handle := #in~handle;~value := #in~value; {34572#true} is VALID [2022-02-20 17:57:18,944 INFO L290 TraceCheckUtils]: 79: Hoare triple {34572#true} assume !(1 == ~handle); {34572#true} is VALID [2022-02-20 17:57:18,944 INFO L290 TraceCheckUtils]: 80: Hoare triple {34572#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34572#true} is VALID [2022-02-20 17:57:18,944 INFO L290 TraceCheckUtils]: 81: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,944 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34572#true} {34572#true} #1680#return; {34572#true} is VALID [2022-02-20 17:57:18,944 INFO L290 TraceCheckUtils]: 83: Hoare triple {34572#true} assume true; {34572#true} is VALID [2022-02-20 17:57:18,945 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {34572#true} {34910#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1752#return; {34910#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 17:57:18,945 INFO L272 TraceCheckUtils]: 85: Hoare triple {34910#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {34572#true} is VALID [2022-02-20 17:57:18,945 INFO L290 TraceCheckUtils]: 86: Hoare triple {34572#true} ~handle := #in~handle;~value := #in~value; {34947#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:57:18,946 INFO L290 TraceCheckUtils]: 87: Hoare triple {34947#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34951#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:57:18,946 INFO L290 TraceCheckUtils]: 88: Hoare triple {34951#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {34951#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:57:18,946 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {34951#(<= |setClientPrivateKey_#in~handle| 1)} {34910#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1754#return; {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L290 TraceCheckUtils]: 90: Hoare triple {34573#false} assume { :end_inline_setup_rjh__role__Keys } true; {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L290 TraceCheckUtils]: 91: Hoare triple {34573#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L290 TraceCheckUtils]: 92: Hoare triple {34573#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L272 TraceCheckUtils]: 93: Hoare triple {34573#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L290 TraceCheckUtils]: 94: Hoare triple {34573#false} ~chuck___0 := #in~chuck___0; {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L272 TraceCheckUtils]: 95: Hoare triple {34573#false} call setClientId(~chuck___0, ~chuck___0); {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L290 TraceCheckUtils]: 96: Hoare triple {34573#false} ~handle := #in~handle;~value := #in~value; {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L290 TraceCheckUtils]: 97: Hoare triple {34573#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L290 TraceCheckUtils]: 98: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,947 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34573#false} {34573#false} #1622#return; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L290 TraceCheckUtils]: 100: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {34573#false} {34573#false} #1758#return; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L272 TraceCheckUtils]: 102: Hoare triple {34573#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L290 TraceCheckUtils]: 103: Hoare triple {34573#false} ~handle := #in~handle;~value := #in~value; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L290 TraceCheckUtils]: 104: Hoare triple {34573#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L290 TraceCheckUtils]: 105: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34573#false} {34573#false} #1760#return; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L290 TraceCheckUtils]: 107: Hoare triple {34573#false} assume { :end_inline_setup_chuck__role__Keys } true; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L290 TraceCheckUtils]: 108: Hoare triple {34573#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {34573#false} is VALID [2022-02-20 17:57:18,948 INFO L290 TraceCheckUtils]: 109: Hoare triple {34573#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 110: Hoare triple {34573#false} assume !false; {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 111: Hoare triple {34573#false} assume test_~splverifierCounter~0#1 < 4; {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 112: Hoare triple {34573#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 113: Hoare triple {34573#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 114: Hoare triple {34573#false} assume !(0 != test_~tmp___9~0#1); {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 115: Hoare triple {34573#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet8#1 && test_#t~nondet8#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet8#1;havoc test_#t~nondet8#1; {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 116: Hoare triple {34573#false} assume 0 != test_~tmp___8~0#1; {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 117: Hoare triple {34573#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 118: Hoare triple {34573#false} test_~op2~0#1 := 1; {34573#false} is VALID [2022-02-20 17:57:18,949 INFO L290 TraceCheckUtils]: 119: Hoare triple {34573#false} assume !false; {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L290 TraceCheckUtils]: 120: Hoare triple {34573#false} assume !(test_~splverifierCounter~0#1 < 4); {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L290 TraceCheckUtils]: 121: Hoare triple {34573#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L272 TraceCheckUtils]: 122: Hoare triple {34573#false} call sendEmail(~bob~0, ~rjh~0); {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L290 TraceCheckUtils]: 123: Hoare triple {34573#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L272 TraceCheckUtils]: 124: Hoare triple {34573#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L290 TraceCheckUtils]: 125: Hoare triple {34573#false} ~handle := #in~handle;~value := #in~value; {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L290 TraceCheckUtils]: 126: Hoare triple {34573#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L290 TraceCheckUtils]: 127: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {34573#false} {34573#false} #1644#return; {34573#false} is VALID [2022-02-20 17:57:18,950 INFO L272 TraceCheckUtils]: 129: Hoare triple {34573#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L290 TraceCheckUtils]: 130: Hoare triple {34573#false} ~handle := #in~handle;~value := #in~value; {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L290 TraceCheckUtils]: 131: Hoare triple {34573#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L290 TraceCheckUtils]: 132: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {34573#false} {34573#false} #1646#return; {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L290 TraceCheckUtils]: 134: Hoare triple {34573#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L290 TraceCheckUtils]: 135: Hoare triple {34573#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L272 TraceCheckUtils]: 136: Hoare triple {34573#false} call outgoing(~sender#1, ~email~0#1); {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L290 TraceCheckUtils]: 137: Hoare triple {34573#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L290 TraceCheckUtils]: 138: Hoare triple {34573#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {34573#false} is VALID [2022-02-20 17:57:18,951 INFO L272 TraceCheckUtils]: 139: Hoare triple {34573#false} call outgoing__before__Sign(~client#1, ~msg#1); {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L290 TraceCheckUtils]: 140: Hoare triple {34573#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L290 TraceCheckUtils]: 141: Hoare triple {34573#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L272 TraceCheckUtils]: 142: Hoare triple {34573#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L290 TraceCheckUtils]: 143: Hoare triple {34573#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L290 TraceCheckUtils]: 144: Hoare triple {34573#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L272 TraceCheckUtils]: 145: Hoare triple {34573#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L290 TraceCheckUtils]: 146: Hoare triple {34573#false} ~handle := #in~handle;havoc ~retValue_acc~13; {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L290 TraceCheckUtils]: 147: Hoare triple {34573#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L290 TraceCheckUtils]: 148: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,952 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {34573#false} {34573#false} #1610#return; {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L290 TraceCheckUtils]: 150: Hoare triple {34573#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L272 TraceCheckUtils]: 151: Hoare triple {34573#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L290 TraceCheckUtils]: 152: Hoare triple {34573#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L290 TraceCheckUtils]: 153: Hoare triple {34573#false} assume 1 == ~handle; {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L290 TraceCheckUtils]: 154: Hoare triple {34573#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L290 TraceCheckUtils]: 155: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {34573#false} {34573#false} #1612#return; {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L290 TraceCheckUtils]: 157: Hoare triple {34573#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L290 TraceCheckUtils]: 158: Hoare triple {34573#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {34573#false} is VALID [2022-02-20 17:57:18,953 INFO L272 TraceCheckUtils]: 159: Hoare triple {34573#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L290 TraceCheckUtils]: 160: Hoare triple {34573#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L290 TraceCheckUtils]: 161: Hoare triple {34573#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L290 TraceCheckUtils]: 162: Hoare triple {34573#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L272 TraceCheckUtils]: 163: Hoare triple {34573#false} call setEmailFrom(~msg#1, ~tmp~8#1); {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L290 TraceCheckUtils]: 164: Hoare triple {34573#false} ~handle := #in~handle;~value := #in~value; {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L290 TraceCheckUtils]: 165: Hoare triple {34573#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L290 TraceCheckUtils]: 166: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {34573#false} {34573#false} #1656#return; {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L290 TraceCheckUtils]: 168: Hoare triple {34573#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {34573#false} is VALID [2022-02-20 17:57:18,954 INFO L290 TraceCheckUtils]: 169: Hoare triple {34573#false} assume !(-1 == ~mail_is_sensitive~0); {34573#false} is VALID [2022-02-20 17:57:18,955 INFO L272 TraceCheckUtils]: 170: Hoare triple {34573#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {34573#false} is VALID [2022-02-20 17:57:18,955 INFO L290 TraceCheckUtils]: 171: Hoare triple {34573#false} ~handle := #in~handle;havoc ~retValue_acc~16; {34573#false} is VALID [2022-02-20 17:57:18,955 INFO L290 TraceCheckUtils]: 172: Hoare triple {34573#false} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {34573#false} is VALID [2022-02-20 17:57:18,955 INFO L290 TraceCheckUtils]: 173: Hoare triple {34573#false} assume true; {34573#false} is VALID [2022-02-20 17:57:18,955 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {34573#false} {34573#false} #1660#return; {34573#false} is VALID [2022-02-20 17:57:18,955 INFO L290 TraceCheckUtils]: 175: Hoare triple {34573#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {34573#false} is VALID [2022-02-20 17:57:18,955 INFO L290 TraceCheckUtils]: 176: Hoare triple {34573#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {34573#false} is VALID [2022-02-20 17:57:18,955 INFO L290 TraceCheckUtils]: 177: Hoare triple {34573#false} assume !false; {34573#false} is VALID [2022-02-20 17:57:18,956 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 17:57:18,956 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:57:18,956 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [314275562] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:18,956 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:57:18,956 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [13] total 17 [2022-02-20 17:57:18,956 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1664946106] [2022-02-20 17:57:18,956 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:18,957 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) Word has length 178 [2022-02-20 17:57:18,957 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:18,957 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 17:57:19,045 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 158 edges. 158 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:19,045 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:57:19,045 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:19,046 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:57:19,046 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=238, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:57:19,046 INFO L87 Difference]: Start difference. First operand 685 states and 1000 transitions. Second operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 17:57:20,753 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:20,753 INFO L93 Difference]: Finished difference Result 1314 states and 1935 transitions. [2022-02-20 17:57:20,753 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 17:57:20,754 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) Word has length 178 [2022-02-20 17:57:20,754 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:20,754 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 17:57:20,768 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1631 transitions. [2022-02-20 17:57:20,768 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 17:57:20,782 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1631 transitions. [2022-02-20 17:57:20,782 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 1631 transitions. [2022-02-20 17:57:21,699 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1631 edges. 1631 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:21,730 INFO L225 Difference]: With dead ends: 1314 [2022-02-20 17:57:21,730 INFO L226 Difference]: Without dead ends: 687 [2022-02-20 17:57:21,732 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 231 GetRequests, 214 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=299, Unknown=0, NotChecked=0, Total=342 [2022-02-20 17:57:21,732 INFO L933 BasicCegarLoop]: 835 mSDtfsCounter, 361 mSDsluCounter, 2936 mSDsCounter, 0 mSdLazyCounter, 56 mSolverCounterSat, 47 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 361 SdHoareTripleChecker+Valid, 3771 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 47 IncrementalHoareTripleChecker+Valid, 56 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:21,732 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [361 Valid, 3771 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [47 Valid, 56 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 17:57:21,733 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 687 states. [2022-02-20 17:57:21,830 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 687 to 687. [2022-02-20 17:57:21,831 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:21,832 INFO L82 GeneralOperation]: Start isEquivalent. First operand 687 states. Second operand has 687 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 536 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 17:57:21,833 INFO L74 IsIncluded]: Start isIncluded. First operand 687 states. Second operand has 687 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 536 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 17:57:21,833 INFO L87 Difference]: Start difference. First operand 687 states. Second operand has 687 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 536 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 17:57:21,850 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:21,850 INFO L93 Difference]: Finished difference Result 687 states and 1006 transitions. [2022-02-20 17:57:21,851 INFO L276 IsEmpty]: Start isEmpty. Operand 687 states and 1006 transitions. [2022-02-20 17:57:21,852 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:21,852 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:21,853 INFO L74 IsIncluded]: Start isIncluded. First operand has 687 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 536 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) Second operand 687 states. [2022-02-20 17:57:21,854 INFO L87 Difference]: Start difference. First operand has 687 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 536 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) Second operand 687 states. [2022-02-20 17:57:21,871 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:21,872 INFO L93 Difference]: Finished difference Result 687 states and 1006 transitions. [2022-02-20 17:57:21,872 INFO L276 IsEmpty]: Start isEmpty. Operand 687 states and 1006 transitions. [2022-02-20 17:57:21,873 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:21,873 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:21,873 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:21,874 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:21,875 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 687 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 536 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 17:57:21,898 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 687 states to 687 states and 1006 transitions. [2022-02-20 17:57:21,898 INFO L78 Accepts]: Start accepts. Automaton has 687 states and 1006 transitions. Word has length 178 [2022-02-20 17:57:21,899 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:21,899 INFO L470 AbstractCegarLoop]: Abstraction has 687 states and 1006 transitions. [2022-02-20 17:57:21,899 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 17:57:21,899 INFO L276 IsEmpty]: Start isEmpty. Operand 687 states and 1006 transitions. [2022-02-20 17:57:21,901 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 180 [2022-02-20 17:57:21,901 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:21,901 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:21,932 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2022-02-20 17:57:22,115 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:57:22,116 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:22,116 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:22,116 INFO L85 PathProgramCache]: Analyzing trace with hash 1341623100, now seen corresponding path program 1 times [2022-02-20 17:57:22,116 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:22,116 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [872334699] [2022-02-20 17:57:22,117 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:22,117 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:22,160 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,195 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:22,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,198 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,198 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39351#true} {39351#true} #1730#return; {39351#true} is VALID [2022-02-20 17:57:22,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:22,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,201 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,201 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,201 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39351#true} {39351#true} #1732#return; {39351#true} is VALID [2022-02-20 17:57:22,202 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:22,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,206 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,206 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,206 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39351#true} {39351#true} #1734#return; {39351#true} is VALID [2022-02-20 17:57:22,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:22,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,209 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39351#true} {39351#true} #1736#return; {39351#true} is VALID [2022-02-20 17:57:22,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:22,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,212 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39351#true} {39351#true} #1738#return; {39351#true} is VALID [2022-02-20 17:57:22,212 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:22,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,215 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,215 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,215 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39351#true} {39351#true} #1740#return; {39351#true} is VALID [2022-02-20 17:57:22,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:22,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,218 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,218 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,218 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39351#true} {39351#true} #1742#return; {39351#true} is VALID [2022-02-20 17:57:22,218 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:22,219 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,221 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,221 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,221 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39351#true} {39351#true} #1744#return; {39351#true} is VALID [2022-02-20 17:57:22,226 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:57:22,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:22,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,233 INFO L290 TraceCheckUtils]: 0: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,233 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,233 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,233 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39351#true} {39351#true} #1728#return; {39351#true} is VALID [2022-02-20 17:57:22,233 INFO L290 TraceCheckUtils]: 0: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {39351#true} is VALID [2022-02-20 17:57:22,234 INFO L272 TraceCheckUtils]: 1: Hoare triple {39351#true} call setClientId(~bob___0, ~bob___0); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,234 INFO L290 TraceCheckUtils]: 3: Hoare triple {39351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,234 INFO L290 TraceCheckUtils]: 4: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,234 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {39351#true} {39351#true} #1728#return; {39351#true} is VALID [2022-02-20 17:57:22,234 INFO L290 TraceCheckUtils]: 6: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,234 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {39351#true} {39351#true} #1746#return; {39351#true} is VALID [2022-02-20 17:57:22,239 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:57:22,242 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,243 INFO L290 TraceCheckUtils]: 0: Hoare triple {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,244 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39351#true} {39351#true} #1748#return; {39351#true} is VALID [2022-02-20 17:57:22,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:57:22,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:22,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,248 INFO L290 TraceCheckUtils]: 0: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,248 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume !(1 == ~handle); {39351#true} is VALID [2022-02-20 17:57:22,249 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,249 INFO L290 TraceCheckUtils]: 3: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,249 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39351#true} {39351#true} #1680#return; {39351#true} is VALID [2022-02-20 17:57:22,249 INFO L290 TraceCheckUtils]: 0: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {39351#true} is VALID [2022-02-20 17:57:22,249 INFO L272 TraceCheckUtils]: 1: Hoare triple {39351#true} call setClientId(~rjh___0, ~rjh___0); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,250 INFO L290 TraceCheckUtils]: 3: Hoare triple {39351#true} assume !(1 == ~handle); {39351#true} is VALID [2022-02-20 17:57:22,250 INFO L290 TraceCheckUtils]: 4: Hoare triple {39351#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,250 INFO L290 TraceCheckUtils]: 5: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,250 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {39351#true} {39351#true} #1680#return; {39351#true} is VALID [2022-02-20 17:57:22,250 INFO L290 TraceCheckUtils]: 7: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,250 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {39351#true} {39351#true} #1752#return; {39351#true} is VALID [2022-02-20 17:57:22,250 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:57:22,252 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,253 INFO L290 TraceCheckUtils]: 0: Hoare triple {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,253 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume !(1 == ~handle); {39351#true} is VALID [2022-02-20 17:57:22,253 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,253 INFO L290 TraceCheckUtils]: 3: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,254 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39351#true} {39351#true} #1754#return; {39351#true} is VALID [2022-02-20 17:57:22,254 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:57:22,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,271 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:22,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,286 INFO L290 TraceCheckUtils]: 0: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39459#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:22,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {39459#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39460#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:22,287 INFO L290 TraceCheckUtils]: 2: Hoare triple {39460#(= |setClientId_#in~handle| 1)} assume true; {39460#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:22,288 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39460#(= |setClientId_#in~handle| 1)} {39453#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1622#return; {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:57:22,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {39453#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:57:22,289 INFO L272 TraceCheckUtils]: 1: Hoare triple {39453#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39459#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:22,289 INFO L290 TraceCheckUtils]: 3: Hoare triple {39459#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39460#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:22,289 INFO L290 TraceCheckUtils]: 4: Hoare triple {39460#(= |setClientId_#in~handle| 1)} assume true; {39460#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:22,290 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {39460#(= |setClientId_#in~handle| 1)} {39453#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1622#return; {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:57:22,290 INFO L290 TraceCheckUtils]: 6: Hoare triple {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:57:22,291 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {39404#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} #1758#return; {39352#false} is VALID [2022-02-20 17:57:22,291 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:57:22,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,295 INFO L290 TraceCheckUtils]: 0: Hoare triple {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,295 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,295 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39351#true} {39352#false} #1760#return; {39352#false} is VALID [2022-02-20 17:57:22,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:57:22,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,304 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,304 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,305 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,305 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39351#true} {39352#false} #1644#return; {39352#false} is VALID [2022-02-20 17:57:22,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 17:57:22,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {39462#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,314 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,315 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39351#true} {39352#false} #1646#return; {39352#false} is VALID [2022-02-20 17:57:22,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 146 [2022-02-20 17:57:22,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} ~handle := #in~handle;havoc ~retValue_acc~13; {39351#true} is VALID [2022-02-20 17:57:22,317 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {39351#true} is VALID [2022-02-20 17:57:22,317 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,317 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39351#true} {39352#false} #1610#return; {39352#false} is VALID [2022-02-20 17:57:22,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 152 [2022-02-20 17:57:22,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {39351#true} is VALID [2022-02-20 17:57:22,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle; {39351#true} is VALID [2022-02-20 17:57:22,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {39351#true} is VALID [2022-02-20 17:57:22,320 INFO L290 TraceCheckUtils]: 3: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,320 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39351#true} {39352#false} #1612#return; {39352#false} is VALID [2022-02-20 17:57:22,320 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 164 [2022-02-20 17:57:22,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,323 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,323 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,323 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,323 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39351#true} {39352#false} #1656#return; {39352#false} is VALID [2022-02-20 17:57:22,323 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 171 [2022-02-20 17:57:22,324 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:22,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} ~handle := #in~handle;havoc ~retValue_acc~16; {39351#true} is VALID [2022-02-20 17:57:22,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {39351#true} is VALID [2022-02-20 17:57:22,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,325 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39351#true} {39352#false} #1660#return; {39352#false} is VALID [2022-02-20 17:57:22,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {39351#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(12, 6);call #Ultimate.allocInit(10, 7);call #Ultimate.allocInit(18, 8);call #Ultimate.allocInit(16, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(13, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(34, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(20, 18);call #Ultimate.allocInit(22, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(44, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(11, 25);call #Ultimate.allocInit(19, 26);call #Ultimate.allocInit(4, 27);call write~init~int(37, 27, 0, 1);call write~init~int(100, 27, 1, 1);call write~init~int(10, 27, 2, 1);call write~init~int(0, 27, 3, 1);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {39351#true} is VALID [2022-02-20 17:57:22,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {39351#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret79#1, main_~retValue_acc~21#1, main_~tmp~20#1;havoc main_~retValue_acc~21#1;havoc main_~tmp~20#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L290 TraceCheckUtils]: 2: Hoare triple {39351#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret117#1, select_features_#t~ret118#1, select_features_#t~ret119#1, select_features_#t~ret120#1, select_features_#t~ret121#1, select_features_#t~ret122#1, select_features_#t~ret123#1, select_features_#t~ret124#1; {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L272 TraceCheckUtils]: 3: Hoare triple {39351#true} call select_features_#t~ret117#1 := select_one(); {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L290 TraceCheckUtils]: 4: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L290 TraceCheckUtils]: 5: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {39351#true} {39351#true} #1730#return; {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L290 TraceCheckUtils]: 7: Hoare triple {39351#true} assume -2147483648 <= select_features_#t~ret117#1 && select_features_#t~ret117#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret117#1;havoc select_features_#t~ret117#1; {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L272 TraceCheckUtils]: 8: Hoare triple {39351#true} call select_features_#t~ret118#1 := select_one(); {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L290 TraceCheckUtils]: 9: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L290 TraceCheckUtils]: 10: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,326 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {39351#true} {39351#true} #1732#return; {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L290 TraceCheckUtils]: 12: Hoare triple {39351#true} assume -2147483648 <= select_features_#t~ret118#1 && select_features_#t~ret118#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret118#1;havoc select_features_#t~ret118#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L272 TraceCheckUtils]: 13: Hoare triple {39351#true} call select_features_#t~ret119#1 := select_one(); {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L290 TraceCheckUtils]: 14: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L290 TraceCheckUtils]: 15: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {39351#true} {39351#true} #1734#return; {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L290 TraceCheckUtils]: 17: Hoare triple {39351#true} assume -2147483648 <= select_features_#t~ret119#1 && select_features_#t~ret119#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret119#1;havoc select_features_#t~ret119#1; {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L272 TraceCheckUtils]: 18: Hoare triple {39351#true} call select_features_#t~ret120#1 := select_one(); {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L290 TraceCheckUtils]: 19: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,327 INFO L290 TraceCheckUtils]: 20: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {39351#true} {39351#true} #1736#return; {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L290 TraceCheckUtils]: 22: Hoare triple {39351#true} assume -2147483648 <= select_features_#t~ret120#1 && select_features_#t~ret120#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret120#1;havoc select_features_#t~ret120#1; {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L272 TraceCheckUtils]: 23: Hoare triple {39351#true} call select_features_#t~ret121#1 := select_one(); {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L290 TraceCheckUtils]: 24: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L290 TraceCheckUtils]: 25: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {39351#true} {39351#true} #1738#return; {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L290 TraceCheckUtils]: 27: Hoare triple {39351#true} assume -2147483648 <= select_features_#t~ret121#1 && select_features_#t~ret121#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret121#1;havoc select_features_#t~ret121#1; {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L272 TraceCheckUtils]: 28: Hoare triple {39351#true} call select_features_#t~ret122#1 := select_one(); {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L290 TraceCheckUtils]: 29: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,328 INFO L290 TraceCheckUtils]: 30: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {39351#true} {39351#true} #1740#return; {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L290 TraceCheckUtils]: 32: Hoare triple {39351#true} assume -2147483648 <= select_features_#t~ret122#1 && select_features_#t~ret122#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret122#1;havoc select_features_#t~ret122#1; {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L272 TraceCheckUtils]: 33: Hoare triple {39351#true} call select_features_#t~ret123#1 := select_one(); {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L290 TraceCheckUtils]: 34: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L290 TraceCheckUtils]: 35: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {39351#true} {39351#true} #1742#return; {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L290 TraceCheckUtils]: 37: Hoare triple {39351#true} assume -2147483648 <= select_features_#t~ret123#1 && select_features_#t~ret123#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret123#1;havoc select_features_#t~ret123#1; {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L272 TraceCheckUtils]: 38: Hoare triple {39351#true} call select_features_#t~ret124#1 := select_one(); {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L290 TraceCheckUtils]: 39: Hoare triple {39351#true} havoc ~retValue_acc~42;assume -2147483648 <= #t~nondet116 && #t~nondet116 <= 2147483647;~choice~0 := #t~nondet116;havoc #t~nondet116;~retValue_acc~42 := ~choice~0;#res := ~retValue_acc~42; {39351#true} is VALID [2022-02-20 17:57:22,329 INFO L290 TraceCheckUtils]: 40: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {39351#true} {39351#true} #1744#return; {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 42: Hoare triple {39351#true} assume -2147483648 <= select_features_#t~ret124#1 && select_features_#t~ret124#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret124#1;havoc select_features_#t~ret124#1; {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 43: Hoare triple {39351#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1, valid_product_~tmp~27#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~tmp~27#1; {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 44: Hoare triple {39351#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 45: Hoare triple {39351#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 46: Hoare triple {39351#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 47: Hoare triple {39351#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 48: Hoare triple {39351#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 49: Hoare triple {39351#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {39351#true} is VALID [2022-02-20 17:57:22,330 INFO L290 TraceCheckUtils]: 50: Hoare triple {39351#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {39351#true} is VALID [2022-02-20 17:57:22,331 INFO L290 TraceCheckUtils]: 51: Hoare triple {39351#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {39351#true} is VALID [2022-02-20 17:57:22,331 INFO L290 TraceCheckUtils]: 52: Hoare triple {39351#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {39351#true} is VALID [2022-02-20 17:57:22,331 INFO L290 TraceCheckUtils]: 53: Hoare triple {39351#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~27#1 := 1; {39351#true} is VALID [2022-02-20 17:57:22,331 INFO L290 TraceCheckUtils]: 54: Hoare triple {39351#true} valid_product_~retValue_acc~43#1 := valid_product_~tmp~27#1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {39351#true} is VALID [2022-02-20 17:57:22,331 INFO L290 TraceCheckUtils]: 55: Hoare triple {39351#true} main_#t~ret79#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret79#1 && main_#t~ret79#1 <= 2147483647;main_~tmp~20#1 := main_#t~ret79#1;havoc main_#t~ret79#1; {39351#true} is VALID [2022-02-20 17:57:22,331 INFO L290 TraceCheckUtils]: 56: Hoare triple {39351#true} assume 0 != main_~tmp~20#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet76#1, setup_#t~nondet77#1, setup_#t~nondet78#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {39351#true} is VALID [2022-02-20 17:57:22,331 INFO L290 TraceCheckUtils]: 57: Hoare triple {39351#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {39351#true} is VALID [2022-02-20 17:57:22,332 INFO L272 TraceCheckUtils]: 58: Hoare triple {39351#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,332 INFO L290 TraceCheckUtils]: 59: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {39351#true} is VALID [2022-02-20 17:57:22,332 INFO L272 TraceCheckUtils]: 60: Hoare triple {39351#true} call setClientId(~bob___0, ~bob___0); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,332 INFO L290 TraceCheckUtils]: 61: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,333 INFO L290 TraceCheckUtils]: 62: Hoare triple {39351#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,333 INFO L290 TraceCheckUtils]: 63: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,333 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {39351#true} {39351#true} #1728#return; {39351#true} is VALID [2022-02-20 17:57:22,333 INFO L290 TraceCheckUtils]: 65: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,333 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {39351#true} {39351#true} #1746#return; {39351#true} is VALID [2022-02-20 17:57:22,334 INFO L272 TraceCheckUtils]: 67: Hoare triple {39351#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:22,334 INFO L290 TraceCheckUtils]: 68: Hoare triple {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,334 INFO L290 TraceCheckUtils]: 69: Hoare triple {39351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,334 INFO L290 TraceCheckUtils]: 70: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,334 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {39351#true} {39351#true} #1748#return; {39351#true} is VALID [2022-02-20 17:57:22,334 INFO L290 TraceCheckUtils]: 72: Hoare triple {39351#true} assume { :end_inline_setup_bob__role__Keys } true; {39351#true} is VALID [2022-02-20 17:57:22,334 INFO L290 TraceCheckUtils]: 73: Hoare triple {39351#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 23, 0;havoc setup_#t~nondet76#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {39351#true} is VALID [2022-02-20 17:57:22,334 INFO L290 TraceCheckUtils]: 74: Hoare triple {39351#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {39351#true} is VALID [2022-02-20 17:57:22,335 INFO L272 TraceCheckUtils]: 75: Hoare triple {39351#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,335 INFO L290 TraceCheckUtils]: 76: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {39351#true} is VALID [2022-02-20 17:57:22,335 INFO L272 TraceCheckUtils]: 77: Hoare triple {39351#true} call setClientId(~rjh___0, ~rjh___0); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,336 INFO L290 TraceCheckUtils]: 78: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,336 INFO L290 TraceCheckUtils]: 79: Hoare triple {39351#true} assume !(1 == ~handle); {39351#true} is VALID [2022-02-20 17:57:22,336 INFO L290 TraceCheckUtils]: 80: Hoare triple {39351#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,336 INFO L290 TraceCheckUtils]: 81: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,336 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {39351#true} {39351#true} #1680#return; {39351#true} is VALID [2022-02-20 17:57:22,336 INFO L290 TraceCheckUtils]: 83: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,336 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {39351#true} {39351#true} #1752#return; {39351#true} is VALID [2022-02-20 17:57:22,337 INFO L272 TraceCheckUtils]: 85: Hoare triple {39351#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:22,337 INFO L290 TraceCheckUtils]: 86: Hoare triple {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,337 INFO L290 TraceCheckUtils]: 87: Hoare triple {39351#true} assume !(1 == ~handle); {39351#true} is VALID [2022-02-20 17:57:22,337 INFO L290 TraceCheckUtils]: 88: Hoare triple {39351#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,337 INFO L290 TraceCheckUtils]: 89: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,337 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {39351#true} {39351#true} #1754#return; {39351#true} is VALID [2022-02-20 17:57:22,337 INFO L290 TraceCheckUtils]: 91: Hoare triple {39351#true} assume { :end_inline_setup_rjh__role__Keys } true; {39351#true} is VALID [2022-02-20 17:57:22,338 INFO L290 TraceCheckUtils]: 92: Hoare triple {39351#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 24, 0;havoc setup_#t~nondet77#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {39403#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 17:57:22,338 INFO L290 TraceCheckUtils]: 93: Hoare triple {39403#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {39404#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} is VALID [2022-02-20 17:57:22,339 INFO L272 TraceCheckUtils]: 94: Hoare triple {39404#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,339 INFO L290 TraceCheckUtils]: 95: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {39453#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 17:57:22,339 INFO L272 TraceCheckUtils]: 96: Hoare triple {39453#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:22,340 INFO L290 TraceCheckUtils]: 97: Hoare triple {39442#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39459#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:22,340 INFO L290 TraceCheckUtils]: 98: Hoare triple {39459#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39460#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:22,340 INFO L290 TraceCheckUtils]: 99: Hoare triple {39460#(= |setClientId_#in~handle| 1)} assume true; {39460#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:22,341 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {39460#(= |setClientId_#in~handle| 1)} {39453#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1622#return; {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:57:22,341 INFO L290 TraceCheckUtils]: 101: Hoare triple {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 17:57:22,341 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {39458#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {39404#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} #1758#return; {39352#false} is VALID [2022-02-20 17:57:22,342 INFO L272 TraceCheckUtils]: 103: Hoare triple {39352#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:22,342 INFO L290 TraceCheckUtils]: 104: Hoare triple {39447#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,342 INFO L290 TraceCheckUtils]: 105: Hoare triple {39351#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,342 INFO L290 TraceCheckUtils]: 106: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,342 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {39351#true} {39352#false} #1760#return; {39352#false} is VALID [2022-02-20 17:57:22,342 INFO L290 TraceCheckUtils]: 108: Hoare triple {39352#false} assume { :end_inline_setup_chuck__role__Keys } true; {39352#false} is VALID [2022-02-20 17:57:22,342 INFO L290 TraceCheckUtils]: 109: Hoare triple {39352#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 25, 0;havoc setup_#t~nondet78#1; {39352#false} is VALID [2022-02-20 17:57:22,342 INFO L290 TraceCheckUtils]: 110: Hoare triple {39352#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {39352#false} is VALID [2022-02-20 17:57:22,342 INFO L290 TraceCheckUtils]: 111: Hoare triple {39352#false} assume !false; {39352#false} is VALID [2022-02-20 17:57:22,342 INFO L290 TraceCheckUtils]: 112: Hoare triple {39352#false} assume test_~splverifierCounter~0#1 < 4; {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 113: Hoare triple {39352#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 114: Hoare triple {39352#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 115: Hoare triple {39352#false} assume !(0 != test_~tmp___9~0#1); {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 116: Hoare triple {39352#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet8#1 && test_#t~nondet8#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet8#1;havoc test_#t~nondet8#1; {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 117: Hoare triple {39352#false} assume 0 != test_~tmp___8~0#1; {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 118: Hoare triple {39352#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 119: Hoare triple {39352#false} test_~op2~0#1 := 1; {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 120: Hoare triple {39352#false} assume !false; {39352#false} is VALID [2022-02-20 17:57:22,343 INFO L290 TraceCheckUtils]: 121: Hoare triple {39352#false} assume !(test_~splverifierCounter~0#1 < 4); {39352#false} is VALID [2022-02-20 17:57:22,344 INFO L290 TraceCheckUtils]: 122: Hoare triple {39352#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_#t~ret73#1, bobToRjh_#t~ret74#1, bobToRjh_~tmp~19#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~19#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret71#1 := puts(21, 0);assume -2147483648 <= bobToRjh_#t~ret71#1 && bobToRjh_#t~ret71#1 <= 2147483647;havoc bobToRjh_#t~ret71#1; {39352#false} is VALID [2022-02-20 17:57:22,344 INFO L272 TraceCheckUtils]: 123: Hoare triple {39352#false} call sendEmail(~bob~0, ~rjh~0); {39352#false} is VALID [2022-02-20 17:57:22,344 INFO L290 TraceCheckUtils]: 124: Hoare triple {39352#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {39352#false} is VALID [2022-02-20 17:57:22,344 INFO L272 TraceCheckUtils]: 125: Hoare triple {39352#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {39461#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:22,344 INFO L290 TraceCheckUtils]: 126: Hoare triple {39461#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,344 INFO L290 TraceCheckUtils]: 127: Hoare triple {39351#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,344 INFO L290 TraceCheckUtils]: 128: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,344 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {39351#true} {39352#false} #1644#return; {39352#false} is VALID [2022-02-20 17:57:22,344 INFO L272 TraceCheckUtils]: 130: Hoare triple {39352#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {39462#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:22,344 INFO L290 TraceCheckUtils]: 131: Hoare triple {39462#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,345 INFO L290 TraceCheckUtils]: 132: Hoare triple {39351#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,345 INFO L290 TraceCheckUtils]: 133: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,345 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {39351#true} {39352#false} #1646#return; {39352#false} is VALID [2022-02-20 17:57:22,345 INFO L290 TraceCheckUtils]: 135: Hoare triple {39352#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {39352#false} is VALID [2022-02-20 17:57:22,345 INFO L290 TraceCheckUtils]: 136: Hoare triple {39352#false} #t~ret59#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret59#1 && #t~ret59#1 <= 2147483647;~tmp~15#1 := #t~ret59#1;havoc #t~ret59#1;~email~0#1 := ~tmp~15#1; {39352#false} is VALID [2022-02-20 17:57:22,345 INFO L272 TraceCheckUtils]: 137: Hoare triple {39352#false} call outgoing(~sender#1, ~email~0#1); {39352#false} is VALID [2022-02-20 17:57:22,345 INFO L290 TraceCheckUtils]: 138: Hoare triple {39352#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39352#false} is VALID [2022-02-20 17:57:22,345 INFO L290 TraceCheckUtils]: 139: Hoare triple {39352#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {39352#false} is VALID [2022-02-20 17:57:22,345 INFO L272 TraceCheckUtils]: 140: Hoare triple {39352#false} call outgoing__before__Sign(~client#1, ~msg#1); {39352#false} is VALID [2022-02-20 17:57:22,345 INFO L290 TraceCheckUtils]: 141: Hoare triple {39352#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39352#false} is VALID [2022-02-20 17:57:22,346 INFO L290 TraceCheckUtils]: 142: Hoare triple {39352#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {39352#false} is VALID [2022-02-20 17:57:22,346 INFO L272 TraceCheckUtils]: 143: Hoare triple {39352#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {39352#false} is VALID [2022-02-20 17:57:22,346 INFO L290 TraceCheckUtils]: 144: Hoare triple {39352#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39352#false} is VALID [2022-02-20 17:57:22,346 INFO L290 TraceCheckUtils]: 145: Hoare triple {39352#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret43#1, outgoing__role__Encrypt_#t~ret44#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~9#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~9#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {39352#false} is VALID [2022-02-20 17:57:22,346 INFO L272 TraceCheckUtils]: 146: Hoare triple {39352#false} call outgoing__role__Encrypt_#t~ret43#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {39351#true} is VALID [2022-02-20 17:57:22,346 INFO L290 TraceCheckUtils]: 147: Hoare triple {39351#true} ~handle := #in~handle;havoc ~retValue_acc~13; {39351#true} is VALID [2022-02-20 17:57:22,346 INFO L290 TraceCheckUtils]: 148: Hoare triple {39351#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_to0~0;#res := ~retValue_acc~13; {39351#true} is VALID [2022-02-20 17:57:22,346 INFO L290 TraceCheckUtils]: 149: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,346 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {39351#true} {39352#false} #1610#return; {39352#false} is VALID [2022-02-20 17:57:22,346 INFO L290 TraceCheckUtils]: 151: Hoare triple {39352#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret43#1 && outgoing__role__Encrypt_#t~ret43#1 <= 2147483647;outgoing__role__Encrypt_~tmp~9#1 := outgoing__role__Encrypt_#t~ret43#1;havoc outgoing__role__Encrypt_#t~ret43#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~9#1; {39352#false} is VALID [2022-02-20 17:57:22,347 INFO L272 TraceCheckUtils]: 152: Hoare triple {39352#false} call outgoing__role__Encrypt_#t~ret44#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {39351#true} is VALID [2022-02-20 17:57:22,347 INFO L290 TraceCheckUtils]: 153: Hoare triple {39351#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~39; {39351#true} is VALID [2022-02-20 17:57:22,347 INFO L290 TraceCheckUtils]: 154: Hoare triple {39351#true} assume 1 == ~handle; {39351#true} is VALID [2022-02-20 17:57:22,347 INFO L290 TraceCheckUtils]: 155: Hoare triple {39351#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~39 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~39; {39351#true} is VALID [2022-02-20 17:57:22,347 INFO L290 TraceCheckUtils]: 156: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,347 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {39351#true} {39352#false} #1612#return; {39352#false} is VALID [2022-02-20 17:57:22,347 INFO L290 TraceCheckUtils]: 158: Hoare triple {39352#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret44#1 && outgoing__role__Encrypt_#t~ret44#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret44#1;havoc outgoing__role__Encrypt_#t~ret44#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {39352#false} is VALID [2022-02-20 17:57:22,347 INFO L290 TraceCheckUtils]: 159: Hoare triple {39352#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {39352#false} is VALID [2022-02-20 17:57:22,347 INFO L272 TraceCheckUtils]: 160: Hoare triple {39352#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {39352#false} is VALID [2022-02-20 17:57:22,348 INFO L290 TraceCheckUtils]: 161: Hoare triple {39352#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~8#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~41#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~41#1; {39352#false} is VALID [2022-02-20 17:57:22,354 INFO L290 TraceCheckUtils]: 162: Hoare triple {39352#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~41#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~41#1; {39352#false} is VALID [2022-02-20 17:57:22,354 INFO L290 TraceCheckUtils]: 163: Hoare triple {39352#false} #t~ret42#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1; {39352#false} is VALID [2022-02-20 17:57:22,354 INFO L272 TraceCheckUtils]: 164: Hoare triple {39352#false} call setEmailFrom(~msg#1, ~tmp~8#1); {39461#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:22,354 INFO L290 TraceCheckUtils]: 165: Hoare triple {39461#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39351#true} is VALID [2022-02-20 17:57:22,355 INFO L290 TraceCheckUtils]: 166: Hoare triple {39351#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39351#true} is VALID [2022-02-20 17:57:22,355 INFO L290 TraceCheckUtils]: 167: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,355 INFO L284 TraceCheckUtils]: 168: Hoare quadruple {39351#true} {39352#false} #1656#return; {39352#false} is VALID [2022-02-20 17:57:22,355 INFO L290 TraceCheckUtils]: 169: Hoare triple {39352#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret40#1, mail_#t~ret41#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~7#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~7#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret5#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret4#1; {39352#false} is VALID [2022-02-20 17:57:22,355 INFO L290 TraceCheckUtils]: 170: Hoare triple {39352#false} assume !(-1 == ~mail_is_sensitive~0); {39352#false} is VALID [2022-02-20 17:57:22,355 INFO L272 TraceCheckUtils]: 171: Hoare triple {39352#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {39351#true} is VALID [2022-02-20 17:57:22,355 INFO L290 TraceCheckUtils]: 172: Hoare triple {39351#true} ~handle := #in~handle;havoc ~retValue_acc~16; {39351#true} is VALID [2022-02-20 17:57:22,355 INFO L290 TraceCheckUtils]: 173: Hoare triple {39351#true} assume 1 == ~handle;~retValue_acc~16 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~16; {39351#true} is VALID [2022-02-20 17:57:22,355 INFO L290 TraceCheckUtils]: 174: Hoare triple {39351#true} assume true; {39351#true} is VALID [2022-02-20 17:57:22,355 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {39351#true} {39352#false} #1660#return; {39352#false} is VALID [2022-02-20 17:57:22,356 INFO L290 TraceCheckUtils]: 176: Hoare triple {39352#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {39352#false} is VALID [2022-02-20 17:57:22,356 INFO L290 TraceCheckUtils]: 177: Hoare triple {39352#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~0#1;assume { :begin_inline___automaton_fail } true; {39352#false} is VALID [2022-02-20 17:57:22,356 INFO L290 TraceCheckUtils]: 178: Hoare triple {39352#false} assume !false; {39352#false} is VALID [2022-02-20 17:57:22,356 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 17:57:22,357 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:22,357 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [872334699] [2022-02-20 17:57:22,357 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [872334699] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:22,357 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:57:22,357 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:57:22,357 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1750509703] [2022-02-20 17:57:22,357 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:22,358 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 10 states have (on average 10.3) internal successors, (103), 8 states have internal predecessors, (103), 4 states have call successors, (28), 6 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 179 [2022-02-20 17:57:22,358 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:22,358 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 10 states have (on average 10.3) internal successors, (103), 8 states have internal predecessors, (103), 4 states have call successors, (28), 6 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 17:57:22,445 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 154 edges. 154 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:22,445 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:57:22,446 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:22,446 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:57:22,446 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:57:22,446 INFO L87 Difference]: Start difference. First operand 687 states and 1006 transitions. Second operand has 12 states, 10 states have (on average 10.3) internal successors, (103), 8 states have internal predecessors, (103), 4 states have call successors, (28), 6 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23)