./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec27_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec27_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash fe4506e3d5e012e1662dc0aa7741c8e3f8f99dc7c5ccf1f202c2f95071bfbf64 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:57:38,518 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:57:38,519 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:57:38,561 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:57:38,562 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:57:38,565 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:57:38,567 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:57:38,571 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:57:38,573 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:57:38,576 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:57:38,576 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:57:38,578 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:57:38,578 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:57:38,580 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:57:38,581 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:57:38,582 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:57:38,583 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:57:38,583 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:57:38,586 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:57:38,591 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:57:38,591 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:57:38,592 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:57:38,593 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:57:38,594 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:57:38,599 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:57:38,599 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:57:38,599 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:57:38,600 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:57:38,601 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:57:38,601 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:57:38,602 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:57:38,602 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:57:38,603 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:57:38,604 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:57:38,605 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:57:38,605 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:57:38,606 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:57:38,606 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:57:38,606 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:57:38,607 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:57:38,607 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:57:38,609 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:57:38,632 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:57:38,632 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:57:38,633 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:57:38,633 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:57:38,633 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:57:38,634 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:57:38,634 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:57:38,634 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:57:38,634 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:57:38,634 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:57:38,635 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:57:38,635 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:57:38,635 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:57:38,636 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:57:38,636 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:57:38,636 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:57:38,636 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:57:38,636 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:57:38,636 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:57:38,636 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:57:38,637 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:57:38,637 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:57:38,637 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:57:38,637 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:57:38,637 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:57:38,637 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:57:38,638 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:57:38,638 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:57:38,638 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:57:38,638 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:57:38,638 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:57:38,638 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:57:38,639 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:57:38,639 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> fe4506e3d5e012e1662dc0aa7741c8e3f8f99dc7c5ccf1f202c2f95071bfbf64 [2022-02-20 17:57:38,805 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:57:38,821 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:57:38,823 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:57:38,824 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:57:38,824 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:57:38,825 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec27_productSimulator.cil.c [2022-02-20 17:57:38,888 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9fcc406db/b886739a39484e529a68148203dedb79/FLAG11d9009d1 [2022-02-20 17:57:39,438 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:57:39,438 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec27_productSimulator.cil.c [2022-02-20 17:57:39,469 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9fcc406db/b886739a39484e529a68148203dedb79/FLAG11d9009d1 [2022-02-20 17:57:39,722 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9fcc406db/b886739a39484e529a68148203dedb79 [2022-02-20 17:57:39,725 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:57:39,726 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:57:39,729 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:57:39,729 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:57:39,731 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:57:39,732 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:57:39" (1/1) ... [2022-02-20 17:57:39,733 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@9f64bb0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:39, skipping insertion in model container [2022-02-20 17:57:39,733 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:57:39" (1/1) ... [2022-02-20 17:57:39,738 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:57:39,794 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:57:40,001 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec27_productSimulator.cil.c[11237,11250] [2022-02-20 17:57:40,255 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:57:40,269 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:57:40,292 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec27_productSimulator.cil.c[11237,11250] [2022-02-20 17:57:40,349 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:57:40,375 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:57:40,376 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40 WrapperNode [2022-02-20 17:57:40,376 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:57:40,378 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:57:40,378 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:57:40,378 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:57:40,383 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,423 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,496 INFO L137 Inliner]: procedures = 151, calls = 284, calls flagged for inlining = 66, calls inlined = 63, statements flattened = 1304 [2022-02-20 17:57:40,497 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:57:40,498 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:57:40,498 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:57:40,498 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:57:40,504 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,504 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,513 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,513 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,531 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,543 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,553 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,563 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:57:40,564 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:57:40,564 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:57:40,564 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:57:40,566 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (1/1) ... [2022-02-20 17:57:40,583 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:57:40,592 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:57:40,601 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:57:40,631 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:57:40,641 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:57:40,642 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:57:40,642 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 17:57:40,642 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 17:57:40,642 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 17:57:40,642 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 17:57:40,642 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:57:40,643 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:57:40,644 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:57:40,644 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:57:40,644 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:57:40,645 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:57:40,645 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:57:40,645 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:57:40,645 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 17:57:40,645 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 17:57:40,645 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:57:40,645 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:57:40,645 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 17:57:40,646 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 17:57:40,646 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:57:40,646 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:57:40,646 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:57:40,646 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:57:40,646 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:57:40,646 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:57:40,646 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 17:57:40,647 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 17:57:40,647 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 17:57:40,647 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 17:57:40,647 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:57:40,647 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:57:40,648 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:57:40,648 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:57:40,648 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:57:40,648 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:57:40,648 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:57:40,648 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 17:57:40,648 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 17:57:40,648 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:57:40,649 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:57:40,649 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 17:57:40,649 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 17:57:40,649 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:57:40,649 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:57:40,650 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 17:57:40,650 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 17:57:40,650 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:57:40,650 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:57:40,650 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:57:40,650 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:57:40,650 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:57:40,650 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 17:57:40,651 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 17:57:40,651 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 17:57:40,652 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 17:57:40,652 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 17:57:40,652 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 17:57:40,653 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:57:40,653 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:57:40,653 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:57:40,653 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:57:40,654 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:57:40,654 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:57:40,654 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:57:40,654 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:57:40,654 INFO L130 BoogieDeclarations]: Found specification of procedure isVerified [2022-02-20 17:57:40,654 INFO L138 BoogieDeclarations]: Found implementation of procedure isVerified [2022-02-20 17:57:40,654 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:57:40,655 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:57:40,655 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:57:40,655 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:57:40,655 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:57:40,655 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:57:40,655 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 17:57:40,655 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 17:57:40,656 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 17:57:40,656 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 17:57:40,656 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:57:40,656 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:57:40,656 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:57:40,656 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:57:40,657 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:57:40,657 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:57:40,657 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:57:40,657 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 17:57:40,657 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 17:57:40,657 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 17:57:40,657 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 17:57:40,657 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:57:40,658 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:57:40,658 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:57:40,658 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:57:40,918 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:57:40,922 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:57:41,795 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:57:41,822 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:57:41,822 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:57:41,824 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:57:41 BoogieIcfgContainer [2022-02-20 17:57:41,824 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:57:41,825 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:57:41,825 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:57:41,828 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:57:41,828 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:57:39" (1/3) ... [2022-02-20 17:57:41,828 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@64876a7a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:57:41, skipping insertion in model container [2022-02-20 17:57:41,828 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:40" (2/3) ... [2022-02-20 17:57:41,829 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@64876a7a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:57:41, skipping insertion in model container [2022-02-20 17:57:41,829 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:57:41" (3/3) ... [2022-02-20 17:57:41,830 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec27_productSimulator.cil.c [2022-02-20 17:57:41,833 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:57:41,833 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:57:41,871 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:57:41,875 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:57:41,875 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:57:41,900 INFO L276 IsEmpty]: Start isEmpty. Operand has 608 states, 450 states have (on average 1.5133333333333334) internal successors, (681), 470 states have internal predecessors, (681), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:57:41,916 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 159 [2022-02-20 17:57:41,916 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:41,917 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:41,917 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:41,922 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:41,922 INFO L85 PathProgramCache]: Analyzing trace with hash -779208577, now seen corresponding path program 1 times [2022-02-20 17:57:41,929 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:41,929 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1189585645] [2022-02-20 17:57:41,930 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:41,930 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:42,155 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,269 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:42,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,286 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,287 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1736#return; {611#true} is VALID [2022-02-20 17:57:42,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:42,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,297 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,297 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,297 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1738#return; {611#true} is VALID [2022-02-20 17:57:42,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:42,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,306 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1740#return; {611#true} is VALID [2022-02-20 17:57:42,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:42,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,315 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1742#return; {611#true} is VALID [2022-02-20 17:57:42,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:42,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,326 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1744#return; {611#true} is VALID [2022-02-20 17:57:42,326 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:42,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,334 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,335 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1746#return; {611#true} is VALID [2022-02-20 17:57:42,335 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:42,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,343 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,344 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1748#return; {611#true} is VALID [2022-02-20 17:57:42,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:42,349 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,364 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,364 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1750#return; {611#true} is VALID [2022-02-20 17:57:42,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:57:42,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:42,382 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,386 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,386 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {611#true} #1734#return; {611#true} is VALID [2022-02-20 17:57:42,387 INFO L290 TraceCheckUtils]: 0: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {611#true} is VALID [2022-02-20 17:57:42,388 INFO L272 TraceCheckUtils]: 1: Hoare triple {611#true} call setClientId(~bob___0, ~bob___0); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,388 INFO L290 TraceCheckUtils]: 2: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,388 INFO L290 TraceCheckUtils]: 3: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,388 INFO L290 TraceCheckUtils]: 4: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,389 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {611#true} {611#true} #1734#return; {611#true} is VALID [2022-02-20 17:57:42,389 INFO L290 TraceCheckUtils]: 6: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,389 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {611#true} {611#true} #1756#return; {611#true} is VALID [2022-02-20 17:57:42,389 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:57:42,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:42,405 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,407 INFO L290 TraceCheckUtils]: 0: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,408 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,408 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,408 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {611#true} #1678#return; {611#true} is VALID [2022-02-20 17:57:42,409 INFO L290 TraceCheckUtils]: 0: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {611#true} is VALID [2022-02-20 17:57:42,410 INFO L272 TraceCheckUtils]: 1: Hoare triple {611#true} call setClientId(~rjh___0, ~rjh___0); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,410 INFO L290 TraceCheckUtils]: 2: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,411 INFO L290 TraceCheckUtils]: 3: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,411 INFO L290 TraceCheckUtils]: 4: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,411 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {611#true} {611#true} #1678#return; {611#true} is VALID [2022-02-20 17:57:42,411 INFO L290 TraceCheckUtils]: 6: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,413 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {611#true} {611#true} #1762#return; {611#true} is VALID [2022-02-20 17:57:42,414 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:57:42,416 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:42,422 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,428 INFO L290 TraceCheckUtils]: 0: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,428 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,428 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,429 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {611#true} #1624#return; {611#true} is VALID [2022-02-20 17:57:42,429 INFO L290 TraceCheckUtils]: 0: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {611#true} is VALID [2022-02-20 17:57:42,430 INFO L272 TraceCheckUtils]: 1: Hoare triple {611#true} call setClientId(~chuck___0, ~chuck___0); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,430 INFO L290 TraceCheckUtils]: 3: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,430 INFO L290 TraceCheckUtils]: 4: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,430 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {611#true} {611#true} #1624#return; {611#true} is VALID [2022-02-20 17:57:42,432 INFO L290 TraceCheckUtils]: 6: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,432 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {611#true} {611#true} #1768#return; {611#true} is VALID [2022-02-20 17:57:42,436 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:57:42,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,448 INFO L290 TraceCheckUtils]: 0: Hoare triple {703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,449 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1646#return; {612#false} is VALID [2022-02-20 17:57:42,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:57:42,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,490 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1648#return; {612#false} is VALID [2022-02-20 17:57:42,491 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:57:42,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,495 INFO L290 TraceCheckUtils]: 0: Hoare triple {703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,496 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,496 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,496 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1658#return; {612#false} is VALID [2022-02-20 17:57:42,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:57:42,497 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~26; {611#true} is VALID [2022-02-20 17:57:42,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {611#true} is VALID [2022-02-20 17:57:42,501 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,501 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1660#return; {612#false} is VALID [2022-02-20 17:57:42,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 17:57:42,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~33; {611#true} is VALID [2022-02-20 17:57:42,505 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {611#true} is VALID [2022-02-20 17:57:42,505 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,506 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1708#return; {612#false} is VALID [2022-02-20 17:57:42,507 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 17:57:42,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,512 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~25; {611#true} is VALID [2022-02-20 17:57:42,512 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {611#true} is VALID [2022-02-20 17:57:42,512 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,512 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1710#return; {612#false} is VALID [2022-02-20 17:57:42,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 17:57:42,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:42,517 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {611#true} is VALID [2022-02-20 17:57:42,517 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle; {611#true} is VALID [2022-02-20 17:57:42,520 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {611#true} is VALID [2022-02-20 17:57:42,521 INFO L290 TraceCheckUtils]: 3: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,521 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {611#true} {612#false} #1712#return; {612#false} is VALID [2022-02-20 17:57:42,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {611#true} is VALID [2022-02-20 17:57:42,525 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {611#true} is VALID [2022-02-20 17:57:42,525 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {611#true} is VALID [2022-02-20 17:57:42,525 INFO L272 TraceCheckUtils]: 3: Hoare triple {611#true} call select_features_#t~ret29#1 := select_one(); {611#true} is VALID [2022-02-20 17:57:42,525 INFO L290 TraceCheckUtils]: 4: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,525 INFO L290 TraceCheckUtils]: 5: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,526 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {611#true} {611#true} #1736#return; {611#true} is VALID [2022-02-20 17:57:42,526 INFO L290 TraceCheckUtils]: 7: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {611#true} is VALID [2022-02-20 17:57:42,526 INFO L272 TraceCheckUtils]: 8: Hoare triple {611#true} call select_features_#t~ret30#1 := select_one(); {611#true} is VALID [2022-02-20 17:57:42,526 INFO L290 TraceCheckUtils]: 9: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,528 INFO L290 TraceCheckUtils]: 10: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,528 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {611#true} {611#true} #1738#return; {611#true} is VALID [2022-02-20 17:57:42,528 INFO L290 TraceCheckUtils]: 12: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {611#true} is VALID [2022-02-20 17:57:42,528 INFO L272 TraceCheckUtils]: 13: Hoare triple {611#true} call select_features_#t~ret31#1 := select_one(); {611#true} is VALID [2022-02-20 17:57:42,528 INFO L290 TraceCheckUtils]: 14: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,529 INFO L290 TraceCheckUtils]: 15: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,529 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {611#true} {611#true} #1740#return; {611#true} is VALID [2022-02-20 17:57:42,529 INFO L290 TraceCheckUtils]: 17: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {611#true} is VALID [2022-02-20 17:57:42,529 INFO L272 TraceCheckUtils]: 18: Hoare triple {611#true} call select_features_#t~ret32#1 := select_one(); {611#true} is VALID [2022-02-20 17:57:42,529 INFO L290 TraceCheckUtils]: 19: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,529 INFO L290 TraceCheckUtils]: 20: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,530 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {611#true} {611#true} #1742#return; {611#true} is VALID [2022-02-20 17:57:42,530 INFO L290 TraceCheckUtils]: 22: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {611#true} is VALID [2022-02-20 17:57:42,530 INFO L272 TraceCheckUtils]: 23: Hoare triple {611#true} call select_features_#t~ret33#1 := select_one(); {611#true} is VALID [2022-02-20 17:57:42,531 INFO L290 TraceCheckUtils]: 24: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,531 INFO L290 TraceCheckUtils]: 25: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,531 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {611#true} {611#true} #1744#return; {611#true} is VALID [2022-02-20 17:57:42,532 INFO L290 TraceCheckUtils]: 27: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {611#true} is VALID [2022-02-20 17:57:42,532 INFO L272 TraceCheckUtils]: 28: Hoare triple {611#true} call select_features_#t~ret34#1 := select_one(); {611#true} is VALID [2022-02-20 17:57:42,532 INFO L290 TraceCheckUtils]: 29: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,533 INFO L290 TraceCheckUtils]: 30: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,533 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {611#true} {611#true} #1746#return; {611#true} is VALID [2022-02-20 17:57:42,534 INFO L290 TraceCheckUtils]: 32: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {611#true} is VALID [2022-02-20 17:57:42,540 INFO L272 TraceCheckUtils]: 33: Hoare triple {611#true} call select_features_#t~ret35#1 := select_one(); {611#true} is VALID [2022-02-20 17:57:42,541 INFO L290 TraceCheckUtils]: 34: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,543 INFO L290 TraceCheckUtils]: 35: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,543 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {611#true} {611#true} #1748#return; {611#true} is VALID [2022-02-20 17:57:42,543 INFO L290 TraceCheckUtils]: 37: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {611#true} is VALID [2022-02-20 17:57:42,544 INFO L272 TraceCheckUtils]: 38: Hoare triple {611#true} call select_features_#t~ret36#1 := select_one(); {611#true} is VALID [2022-02-20 17:57:42,544 INFO L290 TraceCheckUtils]: 39: Hoare triple {611#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {611#true} is VALID [2022-02-20 17:57:42,544 INFO L290 TraceCheckUtils]: 40: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,544 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {611#true} {611#true} #1750#return; {611#true} is VALID [2022-02-20 17:57:42,544 INFO L290 TraceCheckUtils]: 42: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {611#true} is VALID [2022-02-20 17:57:42,545 INFO L290 TraceCheckUtils]: 43: Hoare triple {611#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {611#true} is VALID [2022-02-20 17:57:42,545 INFO L290 TraceCheckUtils]: 44: Hoare triple {611#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {611#true} is VALID [2022-02-20 17:57:42,545 INFO L290 TraceCheckUtils]: 45: Hoare triple {611#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~3#1 := 0; {611#true} is VALID [2022-02-20 17:57:42,545 INFO L290 TraceCheckUtils]: 46: Hoare triple {611#true} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {611#true} is VALID [2022-02-20 17:57:42,545 INFO L290 TraceCheckUtils]: 47: Hoare triple {611#true} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {611#true} is VALID [2022-02-20 17:57:42,545 INFO L290 TraceCheckUtils]: 48: Hoare triple {611#true} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {611#true} is VALID [2022-02-20 17:57:42,546 INFO L290 TraceCheckUtils]: 49: Hoare triple {611#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {611#true} is VALID [2022-02-20 17:57:42,546 INFO L272 TraceCheckUtils]: 50: Hoare triple {611#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,547 INFO L290 TraceCheckUtils]: 51: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {611#true} is VALID [2022-02-20 17:57:42,547 INFO L272 TraceCheckUtils]: 52: Hoare triple {611#true} call setClientId(~bob___0, ~bob___0); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,547 INFO L290 TraceCheckUtils]: 53: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,548 INFO L290 TraceCheckUtils]: 54: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,548 INFO L290 TraceCheckUtils]: 55: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,548 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {611#true} {611#true} #1734#return; {611#true} is VALID [2022-02-20 17:57:42,548 INFO L290 TraceCheckUtils]: 57: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,548 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {611#true} {611#true} #1756#return; {611#true} is VALID [2022-02-20 17:57:42,548 INFO L290 TraceCheckUtils]: 59: Hoare triple {611#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {611#true} is VALID [2022-02-20 17:57:42,548 INFO L290 TraceCheckUtils]: 60: Hoare triple {611#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {611#true} is VALID [2022-02-20 17:57:42,549 INFO L272 TraceCheckUtils]: 61: Hoare triple {611#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,549 INFO L290 TraceCheckUtils]: 62: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {611#true} is VALID [2022-02-20 17:57:42,550 INFO L272 TraceCheckUtils]: 63: Hoare triple {611#true} call setClientId(~rjh___0, ~rjh___0); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,550 INFO L290 TraceCheckUtils]: 64: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,550 INFO L290 TraceCheckUtils]: 65: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,550 INFO L290 TraceCheckUtils]: 66: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,550 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {611#true} {611#true} #1678#return; {611#true} is VALID [2022-02-20 17:57:42,551 INFO L290 TraceCheckUtils]: 68: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,551 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {611#true} {611#true} #1762#return; {611#true} is VALID [2022-02-20 17:57:42,551 INFO L290 TraceCheckUtils]: 70: Hoare triple {611#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {611#true} is VALID [2022-02-20 17:57:42,551 INFO L290 TraceCheckUtils]: 71: Hoare triple {611#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {611#true} is VALID [2022-02-20 17:57:42,552 INFO L272 TraceCheckUtils]: 72: Hoare triple {611#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,552 INFO L290 TraceCheckUtils]: 73: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {611#true} is VALID [2022-02-20 17:57:42,553 INFO L272 TraceCheckUtils]: 74: Hoare triple {611#true} call setClientId(~chuck___0, ~chuck___0); {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:42,553 INFO L290 TraceCheckUtils]: 75: Hoare triple {690#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,553 INFO L290 TraceCheckUtils]: 76: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,553 INFO L290 TraceCheckUtils]: 77: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,553 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {611#true} {611#true} #1624#return; {611#true} is VALID [2022-02-20 17:57:42,553 INFO L290 TraceCheckUtils]: 79: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,553 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {611#true} {611#true} #1768#return; {611#true} is VALID [2022-02-20 17:57:42,554 INFO L290 TraceCheckUtils]: 81: Hoare triple {611#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {611#true} is VALID [2022-02-20 17:57:42,554 INFO L290 TraceCheckUtils]: 82: Hoare triple {611#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {611#true} is VALID [2022-02-20 17:57:42,554 INFO L290 TraceCheckUtils]: 83: Hoare triple {611#true} assume !true; {612#false} is VALID [2022-02-20 17:57:42,554 INFO L290 TraceCheckUtils]: 84: Hoare triple {612#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {612#false} is VALID [2022-02-20 17:57:42,555 INFO L272 TraceCheckUtils]: 85: Hoare triple {612#false} call sendEmail(~bob~0, ~rjh~0); {612#false} is VALID [2022-02-20 17:57:42,555 INFO L290 TraceCheckUtils]: 86: Hoare triple {612#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {612#false} is VALID [2022-02-20 17:57:42,555 INFO L272 TraceCheckUtils]: 87: Hoare triple {612#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:42,555 INFO L290 TraceCheckUtils]: 88: Hoare triple {703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,555 INFO L290 TraceCheckUtils]: 89: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,555 INFO L290 TraceCheckUtils]: 90: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,556 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {611#true} {612#false} #1646#return; {612#false} is VALID [2022-02-20 17:57:42,556 INFO L272 TraceCheckUtils]: 92: Hoare triple {612#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:42,556 INFO L290 TraceCheckUtils]: 93: Hoare triple {704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,556 INFO L290 TraceCheckUtils]: 94: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,556 INFO L290 TraceCheckUtils]: 95: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,557 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {611#true} {612#false} #1648#return; {612#false} is VALID [2022-02-20 17:57:42,557 INFO L290 TraceCheckUtils]: 97: Hoare triple {612#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {612#false} is VALID [2022-02-20 17:57:42,558 INFO L290 TraceCheckUtils]: 98: Hoare triple {612#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {612#false} is VALID [2022-02-20 17:57:42,558 INFO L272 TraceCheckUtils]: 99: Hoare triple {612#false} call outgoing(~sender#1, ~email~0#1); {612#false} is VALID [2022-02-20 17:57:42,558 INFO L290 TraceCheckUtils]: 100: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 17:57:42,558 INFO L290 TraceCheckUtils]: 101: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {612#false} is VALID [2022-02-20 17:57:42,559 INFO L272 TraceCheckUtils]: 102: Hoare triple {612#false} call outgoing__before__Sign(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 17:57:42,559 INFO L290 TraceCheckUtils]: 103: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 17:57:42,559 INFO L290 TraceCheckUtils]: 104: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {612#false} is VALID [2022-02-20 17:57:42,559 INFO L272 TraceCheckUtils]: 105: Hoare triple {612#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 17:57:42,559 INFO L290 TraceCheckUtils]: 106: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 17:57:42,559 INFO L290 TraceCheckUtils]: 107: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {612#false} is VALID [2022-02-20 17:57:42,559 INFO L272 TraceCheckUtils]: 108: Hoare triple {612#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 17:57:42,560 INFO L290 TraceCheckUtils]: 109: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {612#false} is VALID [2022-02-20 17:57:42,560 INFO L290 TraceCheckUtils]: 110: Hoare triple {612#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {612#false} is VALID [2022-02-20 17:57:42,560 INFO L290 TraceCheckUtils]: 111: Hoare triple {612#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {612#false} is VALID [2022-02-20 17:57:42,560 INFO L272 TraceCheckUtils]: 112: Hoare triple {612#false} call setEmailFrom(~msg#1, ~tmp~9#1); {703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:42,560 INFO L290 TraceCheckUtils]: 113: Hoare triple {703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 17:57:42,562 INFO L290 TraceCheckUtils]: 114: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {611#true} is VALID [2022-02-20 17:57:42,563 INFO L290 TraceCheckUtils]: 115: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,563 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {611#true} {612#false} #1658#return; {612#false} is VALID [2022-02-20 17:57:42,564 INFO L290 TraceCheckUtils]: 117: Hoare triple {612#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {612#false} is VALID [2022-02-20 17:57:42,564 INFO L272 TraceCheckUtils]: 118: Hoare triple {612#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {611#true} is VALID [2022-02-20 17:57:42,564 INFO L290 TraceCheckUtils]: 119: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~26; {611#true} is VALID [2022-02-20 17:57:42,565 INFO L290 TraceCheckUtils]: 120: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {611#true} is VALID [2022-02-20 17:57:42,565 INFO L290 TraceCheckUtils]: 121: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,565 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {611#true} {612#false} #1660#return; {612#false} is VALID [2022-02-20 17:57:42,566 INFO L290 TraceCheckUtils]: 123: Hoare triple {612#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {612#false} is VALID [2022-02-20 17:57:42,566 INFO L290 TraceCheckUtils]: 124: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {612#false} is VALID [2022-02-20 17:57:42,567 INFO L272 TraceCheckUtils]: 125: Hoare triple {612#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {612#false} is VALID [2022-02-20 17:57:42,567 INFO L290 TraceCheckUtils]: 126: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 17:57:42,567 INFO L290 TraceCheckUtils]: 127: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {612#false} is VALID [2022-02-20 17:57:42,567 INFO L272 TraceCheckUtils]: 128: Hoare triple {612#false} call incoming__before__Verify(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 17:57:42,567 INFO L290 TraceCheckUtils]: 129: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 17:57:42,567 INFO L290 TraceCheckUtils]: 130: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {612#false} is VALID [2022-02-20 17:57:42,568 INFO L272 TraceCheckUtils]: 131: Hoare triple {612#false} call incoming__before__Forward(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 17:57:42,568 INFO L290 TraceCheckUtils]: 132: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 17:57:42,568 INFO L290 TraceCheckUtils]: 133: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {612#false} is VALID [2022-02-20 17:57:42,568 INFO L272 TraceCheckUtils]: 134: Hoare triple {612#false} call incoming__before__AutoResponder(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 17:57:42,568 INFO L290 TraceCheckUtils]: 135: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {612#false} is VALID [2022-02-20 17:57:42,568 INFO L272 TraceCheckUtils]: 136: Hoare triple {612#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {611#true} is VALID [2022-02-20 17:57:42,568 INFO L290 TraceCheckUtils]: 137: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~33; {611#true} is VALID [2022-02-20 17:57:42,569 INFO L290 TraceCheckUtils]: 138: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {611#true} is VALID [2022-02-20 17:57:42,569 INFO L290 TraceCheckUtils]: 139: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,569 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {611#true} {612#false} #1708#return; {612#false} is VALID [2022-02-20 17:57:42,569 INFO L290 TraceCheckUtils]: 141: Hoare triple {612#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {612#false} is VALID [2022-02-20 17:57:42,569 INFO L290 TraceCheckUtils]: 142: Hoare triple {612#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {612#false} is VALID [2022-02-20 17:57:42,569 INFO L272 TraceCheckUtils]: 143: Hoare triple {612#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {611#true} is VALID [2022-02-20 17:57:42,570 INFO L290 TraceCheckUtils]: 144: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~25; {611#true} is VALID [2022-02-20 17:57:42,570 INFO L290 TraceCheckUtils]: 145: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {611#true} is VALID [2022-02-20 17:57:42,570 INFO L290 TraceCheckUtils]: 146: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,570 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {611#true} {612#false} #1710#return; {612#false} is VALID [2022-02-20 17:57:42,570 INFO L290 TraceCheckUtils]: 148: Hoare triple {612#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {612#false} is VALID [2022-02-20 17:57:42,570 INFO L272 TraceCheckUtils]: 149: Hoare triple {612#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {611#true} is VALID [2022-02-20 17:57:42,571 INFO L290 TraceCheckUtils]: 150: Hoare triple {611#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {611#true} is VALID [2022-02-20 17:57:42,571 INFO L290 TraceCheckUtils]: 151: Hoare triple {611#true} assume 1 == ~handle; {611#true} is VALID [2022-02-20 17:57:42,571 INFO L290 TraceCheckUtils]: 152: Hoare triple {611#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {611#true} is VALID [2022-02-20 17:57:42,571 INFO L290 TraceCheckUtils]: 153: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 17:57:42,571 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {611#true} {612#false} #1712#return; {612#false} is VALID [2022-02-20 17:57:42,571 INFO L290 TraceCheckUtils]: 155: Hoare triple {612#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {612#false} is VALID [2022-02-20 17:57:42,572 INFO L290 TraceCheckUtils]: 156: Hoare triple {612#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {612#false} is VALID [2022-02-20 17:57:42,572 INFO L290 TraceCheckUtils]: 157: Hoare triple {612#false} assume !false; {612#false} is VALID [2022-02-20 17:57:42,574 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:57:42,574 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:42,574 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1189585645] [2022-02-20 17:57:42,575 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1189585645] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:42,575 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:57:42,575 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 17:57:42,576 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [551876086] [2022-02-20 17:57:42,577 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:42,581 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.8) internal successors, (84), 2 states have internal predecessors, (84), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 158 [2022-02-20 17:57:42,583 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:42,585 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 16.8) internal successors, (84), 2 states have internal predecessors, (84), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:42,677 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 135 edges. 135 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:42,678 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:57:42,678 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:42,692 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:57:42,692 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 17:57:42,697 INFO L87 Difference]: Start difference. First operand has 608 states, 450 states have (on average 1.5133333333333334) internal successors, (681), 470 states have internal predecessors, (681), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) Second operand has 5 states, 5 states have (on average 16.8) internal successors, (84), 2 states have internal predecessors, (84), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:47,188 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:47,189 INFO L93 Difference]: Finished difference Result 1077 states and 1633 transitions. [2022-02-20 17:57:47,189 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:57:47,190 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.8) internal successors, (84), 2 states have internal predecessors, (84), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 158 [2022-02-20 17:57:47,190 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:47,195 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.8) internal successors, (84), 2 states have internal predecessors, (84), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:47,237 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1633 transitions. [2022-02-20 17:57:47,238 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.8) internal successors, (84), 2 states have internal predecessors, (84), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:47,284 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1633 transitions. [2022-02-20 17:57:47,284 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1633 transitions. [2022-02-20 17:57:48,805 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1633 edges. 1633 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:48,919 INFO L225 Difference]: With dead ends: 1077 [2022-02-20 17:57:48,919 INFO L226 Difference]: Without dead ends: 731 [2022-02-20 17:57:48,929 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:57:48,934 INFO L933 BasicCegarLoop]: 895 mSDtfsCounter, 1366 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 477 mSolverCounterSat, 662 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1372 SdHoareTripleChecker+Valid, 1609 SdHoareTripleChecker+Invalid, 1139 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 662 IncrementalHoareTripleChecker+Valid, 477 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:48,936 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1372 Valid, 1609 Invalid, 1139 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [662 Valid, 477 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-02-20 17:57:48,972 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 731 states. [2022-02-20 17:57:49,058 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 731 to 601. [2022-02-20 17:57:49,059 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:49,067 INFO L82 GeneralOperation]: Start isEquivalent. First operand 731 states. Second operand has 601 states, 444 states have (on average 1.509009009009009) internal successors, (670), 463 states have internal predecessors, (670), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 17:57:49,072 INFO L74 IsIncluded]: Start isIncluded. First operand 731 states. Second operand has 601 states, 444 states have (on average 1.509009009009009) internal successors, (670), 463 states have internal predecessors, (670), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 17:57:49,074 INFO L87 Difference]: Start difference. First operand 731 states. Second operand has 601 states, 444 states have (on average 1.509009009009009) internal successors, (670), 463 states have internal predecessors, (670), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 17:57:49,119 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:49,120 INFO L93 Difference]: Finished difference Result 731 states and 1117 transitions. [2022-02-20 17:57:49,120 INFO L276 IsEmpty]: Start isEmpty. Operand 731 states and 1117 transitions. [2022-02-20 17:57:49,127 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:49,128 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:49,130 INFO L74 IsIncluded]: Start isIncluded. First operand has 601 states, 444 states have (on average 1.509009009009009) internal successors, (670), 463 states have internal predecessors, (670), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) Second operand 731 states. [2022-02-20 17:57:49,132 INFO L87 Difference]: Start difference. First operand has 601 states, 444 states have (on average 1.509009009009009) internal successors, (670), 463 states have internal predecessors, (670), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) Second operand 731 states. [2022-02-20 17:57:49,181 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:49,182 INFO L93 Difference]: Finished difference Result 731 states and 1117 transitions. [2022-02-20 17:57:49,182 INFO L276 IsEmpty]: Start isEmpty. Operand 731 states and 1117 transitions. [2022-02-20 17:57:49,185 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:49,185 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:49,185 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:49,185 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:49,187 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 601 states, 444 states have (on average 1.509009009009009) internal successors, (670), 463 states have internal predecessors, (670), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 17:57:49,217 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 601 states to 601 states and 893 transitions. [2022-02-20 17:57:49,219 INFO L78 Accepts]: Start accepts. Automaton has 601 states and 893 transitions. Word has length 158 [2022-02-20 17:57:49,220 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:49,221 INFO L470 AbstractCegarLoop]: Abstraction has 601 states and 893 transitions. [2022-02-20 17:57:49,222 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 16.8) internal successors, (84), 2 states have internal predecessors, (84), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:49,222 INFO L276 IsEmpty]: Start isEmpty. Operand 601 states and 893 transitions. [2022-02-20 17:57:49,228 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 160 [2022-02-20 17:57:49,228 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:49,228 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:49,229 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 17:57:49,229 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:49,230 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:49,230 INFO L85 PathProgramCache]: Analyzing trace with hash 487465451, now seen corresponding path program 1 times [2022-02-20 17:57:49,230 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:49,230 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1086166613] [2022-02-20 17:57:49,230 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:49,230 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:49,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,349 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:49,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,355 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,356 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1736#return; {4521#true} is VALID [2022-02-20 17:57:49,356 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:49,358 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,361 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,362 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1738#return; {4521#true} is VALID [2022-02-20 17:57:49,362 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:49,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,367 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,367 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,367 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1740#return; {4521#true} is VALID [2022-02-20 17:57:49,368 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:49,370 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,372 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,373 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,373 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1742#return; {4521#true} is VALID [2022-02-20 17:57:49,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:49,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,379 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1744#return; {4521#true} is VALID [2022-02-20 17:57:49,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:49,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,385 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1746#return; {4521#true} is VALID [2022-02-20 17:57:49,385 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:49,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,390 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,391 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1748#return; {4521#true} is VALID [2022-02-20 17:57:49,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:49,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,399 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1750#return; {4521#true} is VALID [2022-02-20 17:57:49,405 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:57:49,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,411 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:49,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,418 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,419 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,419 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1734#return; {4521#true} is VALID [2022-02-20 17:57:49,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4521#true} is VALID [2022-02-20 17:57:49,420 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~bob___0, ~bob___0); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,420 INFO L290 TraceCheckUtils]: 2: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,420 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,421 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,421 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1734#return; {4521#true} is VALID [2022-02-20 17:57:49,421 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,421 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1756#return; {4522#false} is VALID [2022-02-20 17:57:49,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:57:49,424 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:49,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,431 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,431 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,431 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,431 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1678#return; {4521#true} is VALID [2022-02-20 17:57:49,432 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4521#true} is VALID [2022-02-20 17:57:49,432 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~rjh___0, ~rjh___0); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,433 INFO L290 TraceCheckUtils]: 2: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,433 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,433 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,433 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1678#return; {4521#true} is VALID [2022-02-20 17:57:49,433 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,433 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1762#return; {4522#false} is VALID [2022-02-20 17:57:49,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:57:49,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:49,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,443 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,444 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,444 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1624#return; {4521#true} is VALID [2022-02-20 17:57:49,444 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4521#true} is VALID [2022-02-20 17:57:49,445 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~chuck___0, ~chuck___0); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,445 INFO L290 TraceCheckUtils]: 2: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,445 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,445 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,445 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1624#return; {4521#true} is VALID [2022-02-20 17:57:49,446 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,446 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1768#return; {4522#false} is VALID [2022-02-20 17:57:49,451 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:57:49,452 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,454 INFO L290 TraceCheckUtils]: 0: Hoare triple {4616#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,455 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,455 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,455 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1646#return; {4522#false} is VALID [2022-02-20 17:57:49,460 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:57:49,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {4617#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,464 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,465 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,465 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1648#return; {4522#false} is VALID [2022-02-20 17:57:49,465 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:57:49,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,473 INFO L290 TraceCheckUtils]: 0: Hoare triple {4616#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,473 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,473 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,473 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1658#return; {4522#false} is VALID [2022-02-20 17:57:49,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:57:49,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,476 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~26; {4521#true} is VALID [2022-02-20 17:57:49,476 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {4521#true} is VALID [2022-02-20 17:57:49,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,476 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1660#return; {4522#false} is VALID [2022-02-20 17:57:49,477 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 17:57:49,477 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,479 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~33; {4521#true} is VALID [2022-02-20 17:57:49,479 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {4521#true} is VALID [2022-02-20 17:57:49,479 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,480 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1708#return; {4522#false} is VALID [2022-02-20 17:57:49,480 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 17:57:49,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,483 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~25; {4521#true} is VALID [2022-02-20 17:57:49,483 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {4521#true} is VALID [2022-02-20 17:57:49,483 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,483 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1710#return; {4522#false} is VALID [2022-02-20 17:57:49,483 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 17:57:49,484 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:49,486 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {4521#true} is VALID [2022-02-20 17:57:49,486 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle; {4521#true} is VALID [2022-02-20 17:57:49,486 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 17:57:49,486 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,487 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {4521#true} {4522#false} #1712#return; {4522#false} is VALID [2022-02-20 17:57:49,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {4521#true} is VALID [2022-02-20 17:57:49,487 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4521#true} is VALID [2022-02-20 17:57:49,487 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {4521#true} is VALID [2022-02-20 17:57:49,487 INFO L272 TraceCheckUtils]: 3: Hoare triple {4521#true} call select_features_#t~ret29#1 := select_one(); {4521#true} is VALID [2022-02-20 17:57:49,487 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,487 INFO L290 TraceCheckUtils]: 5: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,488 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4521#true} {4521#true} #1736#return; {4521#true} is VALID [2022-02-20 17:57:49,488 INFO L290 TraceCheckUtils]: 7: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {4521#true} is VALID [2022-02-20 17:57:49,488 INFO L272 TraceCheckUtils]: 8: Hoare triple {4521#true} call select_features_#t~ret30#1 := select_one(); {4521#true} is VALID [2022-02-20 17:57:49,488 INFO L290 TraceCheckUtils]: 9: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,488 INFO L290 TraceCheckUtils]: 10: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,488 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4521#true} {4521#true} #1738#return; {4521#true} is VALID [2022-02-20 17:57:49,488 INFO L290 TraceCheckUtils]: 12: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {4521#true} is VALID [2022-02-20 17:57:49,489 INFO L272 TraceCheckUtils]: 13: Hoare triple {4521#true} call select_features_#t~ret31#1 := select_one(); {4521#true} is VALID [2022-02-20 17:57:49,489 INFO L290 TraceCheckUtils]: 14: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,489 INFO L290 TraceCheckUtils]: 15: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,489 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4521#true} {4521#true} #1740#return; {4521#true} is VALID [2022-02-20 17:57:49,489 INFO L290 TraceCheckUtils]: 17: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {4521#true} is VALID [2022-02-20 17:57:49,489 INFO L272 TraceCheckUtils]: 18: Hoare triple {4521#true} call select_features_#t~ret32#1 := select_one(); {4521#true} is VALID [2022-02-20 17:57:49,489 INFO L290 TraceCheckUtils]: 19: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,489 INFO L290 TraceCheckUtils]: 20: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,490 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4521#true} {4521#true} #1742#return; {4521#true} is VALID [2022-02-20 17:57:49,490 INFO L290 TraceCheckUtils]: 22: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {4521#true} is VALID [2022-02-20 17:57:49,490 INFO L272 TraceCheckUtils]: 23: Hoare triple {4521#true} call select_features_#t~ret33#1 := select_one(); {4521#true} is VALID [2022-02-20 17:57:49,490 INFO L290 TraceCheckUtils]: 24: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,490 INFO L290 TraceCheckUtils]: 25: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,490 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4521#true} {4521#true} #1744#return; {4521#true} is VALID [2022-02-20 17:57:49,490 INFO L290 TraceCheckUtils]: 27: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {4521#true} is VALID [2022-02-20 17:57:49,490 INFO L272 TraceCheckUtils]: 28: Hoare triple {4521#true} call select_features_#t~ret34#1 := select_one(); {4521#true} is VALID [2022-02-20 17:57:49,491 INFO L290 TraceCheckUtils]: 29: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,491 INFO L290 TraceCheckUtils]: 30: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,491 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4521#true} {4521#true} #1746#return; {4521#true} is VALID [2022-02-20 17:57:49,491 INFO L290 TraceCheckUtils]: 32: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {4521#true} is VALID [2022-02-20 17:57:49,491 INFO L272 TraceCheckUtils]: 33: Hoare triple {4521#true} call select_features_#t~ret35#1 := select_one(); {4521#true} is VALID [2022-02-20 17:57:49,491 INFO L290 TraceCheckUtils]: 34: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,491 INFO L290 TraceCheckUtils]: 35: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,491 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4521#true} {4521#true} #1748#return; {4521#true} is VALID [2022-02-20 17:57:49,492 INFO L290 TraceCheckUtils]: 37: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {4521#true} is VALID [2022-02-20 17:57:49,492 INFO L272 TraceCheckUtils]: 38: Hoare triple {4521#true} call select_features_#t~ret36#1 := select_one(); {4521#true} is VALID [2022-02-20 17:57:49,492 INFO L290 TraceCheckUtils]: 39: Hoare triple {4521#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {4521#true} is VALID [2022-02-20 17:57:49,492 INFO L290 TraceCheckUtils]: 40: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,492 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4521#true} {4521#true} #1750#return; {4521#true} is VALID [2022-02-20 17:57:49,492 INFO L290 TraceCheckUtils]: 42: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {4521#true} is VALID [2022-02-20 17:57:49,492 INFO L290 TraceCheckUtils]: 43: Hoare triple {4521#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {4521#true} is VALID [2022-02-20 17:57:49,493 INFO L290 TraceCheckUtils]: 44: Hoare triple {4521#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4521#true} is VALID [2022-02-20 17:57:49,496 INFO L290 TraceCheckUtils]: 45: Hoare triple {4521#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~3#1 := 0; {4547#(= |ULTIMATE.start_valid_product_~tmp~3#1| 0)} is VALID [2022-02-20 17:57:49,496 INFO L290 TraceCheckUtils]: 46: Hoare triple {4547#(= |ULTIMATE.start_valid_product_~tmp~3#1| 0)} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {4548#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 17:57:49,496 INFO L290 TraceCheckUtils]: 47: Hoare triple {4548#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {4549#(= |ULTIMATE.start_main_~tmp~21#1| 0)} is VALID [2022-02-20 17:57:49,497 INFO L290 TraceCheckUtils]: 48: Hoare triple {4549#(= |ULTIMATE.start_main_~tmp~21#1| 0)} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4522#false} is VALID [2022-02-20 17:57:49,497 INFO L290 TraceCheckUtils]: 49: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 17:57:49,497 INFO L272 TraceCheckUtils]: 50: Hoare triple {4522#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,497 INFO L290 TraceCheckUtils]: 51: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4521#true} is VALID [2022-02-20 17:57:49,498 INFO L272 TraceCheckUtils]: 52: Hoare triple {4521#true} call setClientId(~bob___0, ~bob___0); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,498 INFO L290 TraceCheckUtils]: 53: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,498 INFO L290 TraceCheckUtils]: 54: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,498 INFO L290 TraceCheckUtils]: 55: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,498 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4521#true} {4521#true} #1734#return; {4521#true} is VALID [2022-02-20 17:57:49,499 INFO L290 TraceCheckUtils]: 57: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,499 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4521#true} {4522#false} #1756#return; {4522#false} is VALID [2022-02-20 17:57:49,499 INFO L290 TraceCheckUtils]: 59: Hoare triple {4522#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4522#false} is VALID [2022-02-20 17:57:49,499 INFO L290 TraceCheckUtils]: 60: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 17:57:49,499 INFO L272 TraceCheckUtils]: 61: Hoare triple {4522#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,499 INFO L290 TraceCheckUtils]: 62: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4521#true} is VALID [2022-02-20 17:57:49,500 INFO L272 TraceCheckUtils]: 63: Hoare triple {4521#true} call setClientId(~rjh___0, ~rjh___0); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,500 INFO L290 TraceCheckUtils]: 64: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,500 INFO L290 TraceCheckUtils]: 65: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,500 INFO L290 TraceCheckUtils]: 66: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,500 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4521#true} {4521#true} #1678#return; {4521#true} is VALID [2022-02-20 17:57:49,500 INFO L290 TraceCheckUtils]: 68: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,500 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4521#true} {4522#false} #1762#return; {4522#false} is VALID [2022-02-20 17:57:49,501 INFO L290 TraceCheckUtils]: 70: Hoare triple {4522#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4522#false} is VALID [2022-02-20 17:57:49,501 INFO L290 TraceCheckUtils]: 71: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 17:57:49,501 INFO L272 TraceCheckUtils]: 72: Hoare triple {4522#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,501 INFO L290 TraceCheckUtils]: 73: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4521#true} is VALID [2022-02-20 17:57:49,501 INFO L272 TraceCheckUtils]: 74: Hoare triple {4521#true} call setClientId(~chuck___0, ~chuck___0); {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:49,502 INFO L290 TraceCheckUtils]: 75: Hoare triple {4603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,502 INFO L290 TraceCheckUtils]: 76: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,502 INFO L290 TraceCheckUtils]: 77: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,502 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4521#true} {4521#true} #1624#return; {4521#true} is VALID [2022-02-20 17:57:49,502 INFO L290 TraceCheckUtils]: 79: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,502 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4521#true} {4522#false} #1768#return; {4522#false} is VALID [2022-02-20 17:57:49,502 INFO L290 TraceCheckUtils]: 81: Hoare triple {4522#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {4522#false} is VALID [2022-02-20 17:57:49,502 INFO L290 TraceCheckUtils]: 82: Hoare triple {4522#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4522#false} is VALID [2022-02-20 17:57:49,503 INFO L290 TraceCheckUtils]: 83: Hoare triple {4522#false} assume !false; {4522#false} is VALID [2022-02-20 17:57:49,503 INFO L290 TraceCheckUtils]: 84: Hoare triple {4522#false} assume !(test_~splverifierCounter~0#1 < 4); {4522#false} is VALID [2022-02-20 17:57:49,503 INFO L290 TraceCheckUtils]: 85: Hoare triple {4522#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {4522#false} is VALID [2022-02-20 17:57:49,503 INFO L272 TraceCheckUtils]: 86: Hoare triple {4522#false} call sendEmail(~bob~0, ~rjh~0); {4522#false} is VALID [2022-02-20 17:57:49,503 INFO L290 TraceCheckUtils]: 87: Hoare triple {4522#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4522#false} is VALID [2022-02-20 17:57:49,503 INFO L272 TraceCheckUtils]: 88: Hoare triple {4522#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4616#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:49,503 INFO L290 TraceCheckUtils]: 89: Hoare triple {4616#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,504 INFO L290 TraceCheckUtils]: 90: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,504 INFO L290 TraceCheckUtils]: 91: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,504 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4521#true} {4522#false} #1646#return; {4522#false} is VALID [2022-02-20 17:57:49,504 INFO L272 TraceCheckUtils]: 93: Hoare triple {4522#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4617#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:49,504 INFO L290 TraceCheckUtils]: 94: Hoare triple {4617#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,504 INFO L290 TraceCheckUtils]: 95: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,504 INFO L290 TraceCheckUtils]: 96: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,504 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4521#true} {4522#false} #1648#return; {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L290 TraceCheckUtils]: 98: Hoare triple {4522#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L290 TraceCheckUtils]: 99: Hoare triple {4522#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L272 TraceCheckUtils]: 100: Hoare triple {4522#false} call outgoing(~sender#1, ~email~0#1); {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L290 TraceCheckUtils]: 101: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L290 TraceCheckUtils]: 102: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L272 TraceCheckUtils]: 103: Hoare triple {4522#false} call outgoing__before__Sign(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L290 TraceCheckUtils]: 104: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L290 TraceCheckUtils]: 105: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4522#false} is VALID [2022-02-20 17:57:49,505 INFO L272 TraceCheckUtils]: 106: Hoare triple {4522#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 17:57:49,506 INFO L290 TraceCheckUtils]: 107: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 17:57:49,506 INFO L290 TraceCheckUtils]: 108: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4522#false} is VALID [2022-02-20 17:57:49,506 INFO L272 TraceCheckUtils]: 109: Hoare triple {4522#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 17:57:49,506 INFO L290 TraceCheckUtils]: 110: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {4522#false} is VALID [2022-02-20 17:57:49,506 INFO L290 TraceCheckUtils]: 111: Hoare triple {4522#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {4522#false} is VALID [2022-02-20 17:57:49,506 INFO L290 TraceCheckUtils]: 112: Hoare triple {4522#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {4522#false} is VALID [2022-02-20 17:57:49,506 INFO L272 TraceCheckUtils]: 113: Hoare triple {4522#false} call setEmailFrom(~msg#1, ~tmp~9#1); {4616#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:49,506 INFO L290 TraceCheckUtils]: 114: Hoare triple {4616#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 17:57:49,507 INFO L290 TraceCheckUtils]: 115: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 17:57:49,507 INFO L290 TraceCheckUtils]: 116: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,507 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4521#true} {4522#false} #1658#return; {4522#false} is VALID [2022-02-20 17:57:49,507 INFO L290 TraceCheckUtils]: 118: Hoare triple {4522#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {4522#false} is VALID [2022-02-20 17:57:49,507 INFO L272 TraceCheckUtils]: 119: Hoare triple {4522#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {4521#true} is VALID [2022-02-20 17:57:49,507 INFO L290 TraceCheckUtils]: 120: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~26; {4521#true} is VALID [2022-02-20 17:57:49,507 INFO L290 TraceCheckUtils]: 121: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {4521#true} is VALID [2022-02-20 17:57:49,507 INFO L290 TraceCheckUtils]: 122: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,508 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {4521#true} {4522#false} #1660#return; {4522#false} is VALID [2022-02-20 17:57:49,508 INFO L290 TraceCheckUtils]: 124: Hoare triple {4522#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {4522#false} is VALID [2022-02-20 17:57:49,508 INFO L290 TraceCheckUtils]: 125: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {4522#false} is VALID [2022-02-20 17:57:49,508 INFO L272 TraceCheckUtils]: 126: Hoare triple {4522#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {4522#false} is VALID [2022-02-20 17:57:49,508 INFO L290 TraceCheckUtils]: 127: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 17:57:49,508 INFO L290 TraceCheckUtils]: 128: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {4522#false} is VALID [2022-02-20 17:57:49,508 INFO L272 TraceCheckUtils]: 129: Hoare triple {4522#false} call incoming__before__Verify(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 17:57:49,508 INFO L290 TraceCheckUtils]: 130: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 17:57:49,509 INFO L290 TraceCheckUtils]: 131: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {4522#false} is VALID [2022-02-20 17:57:49,509 INFO L272 TraceCheckUtils]: 132: Hoare triple {4522#false} call incoming__before__Forward(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 17:57:49,509 INFO L290 TraceCheckUtils]: 133: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 17:57:49,509 INFO L290 TraceCheckUtils]: 134: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {4522#false} is VALID [2022-02-20 17:57:49,509 INFO L272 TraceCheckUtils]: 135: Hoare triple {4522#false} call incoming__before__AutoResponder(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 17:57:49,509 INFO L290 TraceCheckUtils]: 136: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {4522#false} is VALID [2022-02-20 17:57:49,509 INFO L272 TraceCheckUtils]: 137: Hoare triple {4522#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {4521#true} is VALID [2022-02-20 17:57:49,509 INFO L290 TraceCheckUtils]: 138: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~33; {4521#true} is VALID [2022-02-20 17:57:49,510 INFO L290 TraceCheckUtils]: 139: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {4521#true} is VALID [2022-02-20 17:57:49,510 INFO L290 TraceCheckUtils]: 140: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,510 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {4521#true} {4522#false} #1708#return; {4522#false} is VALID [2022-02-20 17:57:49,510 INFO L290 TraceCheckUtils]: 142: Hoare triple {4522#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {4522#false} is VALID [2022-02-20 17:57:49,510 INFO L290 TraceCheckUtils]: 143: Hoare triple {4522#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {4522#false} is VALID [2022-02-20 17:57:49,510 INFO L272 TraceCheckUtils]: 144: Hoare triple {4522#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {4521#true} is VALID [2022-02-20 17:57:49,510 INFO L290 TraceCheckUtils]: 145: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~25; {4521#true} is VALID [2022-02-20 17:57:49,510 INFO L290 TraceCheckUtils]: 146: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {4521#true} is VALID [2022-02-20 17:57:49,511 INFO L290 TraceCheckUtils]: 147: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,511 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {4521#true} {4522#false} #1710#return; {4522#false} is VALID [2022-02-20 17:57:49,511 INFO L290 TraceCheckUtils]: 149: Hoare triple {4522#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {4522#false} is VALID [2022-02-20 17:57:49,511 INFO L272 TraceCheckUtils]: 150: Hoare triple {4522#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {4521#true} is VALID [2022-02-20 17:57:49,511 INFO L290 TraceCheckUtils]: 151: Hoare triple {4521#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {4521#true} is VALID [2022-02-20 17:57:49,511 INFO L290 TraceCheckUtils]: 152: Hoare triple {4521#true} assume 1 == ~handle; {4521#true} is VALID [2022-02-20 17:57:49,511 INFO L290 TraceCheckUtils]: 153: Hoare triple {4521#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 17:57:49,511 INFO L290 TraceCheckUtils]: 154: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 17:57:49,512 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {4521#true} {4522#false} #1712#return; {4522#false} is VALID [2022-02-20 17:57:49,512 INFO L290 TraceCheckUtils]: 156: Hoare triple {4522#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {4522#false} is VALID [2022-02-20 17:57:49,512 INFO L290 TraceCheckUtils]: 157: Hoare triple {4522#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {4522#false} is VALID [2022-02-20 17:57:49,512 INFO L290 TraceCheckUtils]: 158: Hoare triple {4522#false} assume !false; {4522#false} is VALID [2022-02-20 17:57:49,512 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:57:49,513 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:49,513 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1086166613] [2022-02-20 17:57:49,513 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1086166613] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:49,513 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:57:49,513 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:57:49,513 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [293319560] [2022-02-20 17:57:49,513 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:49,515 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 159 [2022-02-20 17:57:49,515 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:49,515 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:49,611 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 136 edges. 136 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:49,611 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:57:49,611 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:49,612 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:57:49,612 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:57:49,612 INFO L87 Difference]: Start difference. First operand 601 states and 893 transitions. Second operand has 8 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:57,707 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:57,708 INFO L93 Difference]: Finished difference Result 1296 states and 1954 transitions. [2022-02-20 17:57:57,708 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 17:57:57,708 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 159 [2022-02-20 17:57:57,708 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:57,708 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:57,742 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1954 transitions. [2022-02-20 17:57:57,742 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:57,764 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1954 transitions. [2022-02-20 17:57:57,764 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1954 transitions. [2022-02-20 17:57:59,329 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1954 edges. 1954 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:59,359 INFO L225 Difference]: With dead ends: 1296 [2022-02-20 17:57:59,359 INFO L226 Difference]: Without dead ends: 731 [2022-02-20 17:57:59,363 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:57:59,365 INFO L933 BasicCegarLoop]: 891 mSDtfsCounter, 1362 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2824 mSolverCounterSat, 657 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1367 SdHoareTripleChecker+Valid, 2365 SdHoareTripleChecker+Invalid, 3481 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 657 IncrementalHoareTripleChecker+Valid, 2824 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:59,365 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1367 Valid, 2365 Invalid, 3481 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [657 Valid, 2824 Invalid, 0 Unknown, 0 Unchecked, 3.7s Time] [2022-02-20 17:57:59,368 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 731 states. [2022-02-20 17:57:59,392 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 731 to 601. [2022-02-20 17:57:59,392 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:59,393 INFO L82 GeneralOperation]: Start isEquivalent. First operand 731 states. Second operand has 601 states, 444 states have (on average 1.4932432432432432) internal successors, (663), 463 states have internal predecessors, (663), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 17:57:59,395 INFO L74 IsIncluded]: Start isIncluded. First operand 731 states. Second operand has 601 states, 444 states have (on average 1.4932432432432432) internal successors, (663), 463 states have internal predecessors, (663), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 17:57:59,396 INFO L87 Difference]: Start difference. First operand 731 states. Second operand has 601 states, 444 states have (on average 1.4932432432432432) internal successors, (663), 463 states have internal predecessors, (663), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 17:57:59,420 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:59,420 INFO L93 Difference]: Finished difference Result 731 states and 1110 transitions. [2022-02-20 17:57:59,420 INFO L276 IsEmpty]: Start isEmpty. Operand 731 states and 1110 transitions. [2022-02-20 17:57:59,423 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:59,423 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:59,425 INFO L74 IsIncluded]: Start isIncluded. First operand has 601 states, 444 states have (on average 1.4932432432432432) internal successors, (663), 463 states have internal predecessors, (663), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) Second operand 731 states. [2022-02-20 17:57:59,426 INFO L87 Difference]: Start difference. First operand has 601 states, 444 states have (on average 1.4932432432432432) internal successors, (663), 463 states have internal predecessors, (663), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) Second operand 731 states. [2022-02-20 17:57:59,450 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:59,451 INFO L93 Difference]: Finished difference Result 731 states and 1110 transitions. [2022-02-20 17:57:59,451 INFO L276 IsEmpty]: Start isEmpty. Operand 731 states and 1110 transitions. [2022-02-20 17:57:59,453 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:59,454 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:59,454 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:59,454 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:59,455 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 601 states, 444 states have (on average 1.4932432432432432) internal successors, (663), 463 states have internal predecessors, (663), 112 states have call successors, (112), 44 states have call predecessors, (112), 44 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 17:57:59,476 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 601 states to 601 states and 886 transitions. [2022-02-20 17:57:59,477 INFO L78 Accepts]: Start accepts. Automaton has 601 states and 886 transitions. Word has length 159 [2022-02-20 17:57:59,477 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:59,478 INFO L470 AbstractCegarLoop]: Abstraction has 601 states and 886 transitions. [2022-02-20 17:57:59,478 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:57:59,478 INFO L276 IsEmpty]: Start isEmpty. Operand 601 states and 886 transitions. [2022-02-20 17:57:59,481 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 165 [2022-02-20 17:57:59,481 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:59,481 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:59,482 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 17:57:59,482 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:59,482 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:59,482 INFO L85 PathProgramCache]: Analyzing trace with hash 1007719467, now seen corresponding path program 1 times [2022-02-20 17:57:59,482 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:59,483 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1756794769] [2022-02-20 17:57:59,483 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:59,483 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:59,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,592 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:57:59,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,596 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,596 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8729#true} {8729#true} #1736#return; {8729#true} is VALID [2022-02-20 17:57:59,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:57:59,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,600 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8729#true} {8729#true} #1738#return; {8729#true} is VALID [2022-02-20 17:57:59,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:57:59,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,613 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8729#true} {8729#true} #1740#return; {8729#true} is VALID [2022-02-20 17:57:59,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:59,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,616 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8729#true} {8729#true} #1742#return; {8729#true} is VALID [2022-02-20 17:57:59,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:57:59,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,619 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,620 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8729#true} {8729#true} #1744#return; {8729#true} is VALID [2022-02-20 17:57:59,620 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:57:59,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,623 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,623 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,623 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8729#true} {8729#true} #1746#return; {8729#true} is VALID [2022-02-20 17:57:59,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:57:59,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,626 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,626 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8729#true} {8729#true} #1748#return; {8729#true} is VALID [2022-02-20 17:57:59,626 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:57:59,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,631 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8729#true} {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} #1750#return; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:57:59,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,637 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:59,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,640 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,640 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8729#true} #1734#return; {8729#true} is VALID [2022-02-20 17:57:59,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8729#true} is VALID [2022-02-20 17:57:59,641 INFO L272 TraceCheckUtils]: 1: Hoare triple {8729#true} call setClientId(~bob___0, ~bob___0); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,641 INFO L290 TraceCheckUtils]: 2: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,641 INFO L290 TraceCheckUtils]: 3: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,641 INFO L290 TraceCheckUtils]: 4: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,641 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8729#true} {8729#true} #1734#return; {8729#true} is VALID [2022-02-20 17:57:59,641 INFO L290 TraceCheckUtils]: 6: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,641 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8729#true} {8730#false} #1756#return; {8730#false} is VALID [2022-02-20 17:57:59,641 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:57:59,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,646 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:59,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,651 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,651 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,651 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8729#true} #1678#return; {8729#true} is VALID [2022-02-20 17:57:59,651 INFO L290 TraceCheckUtils]: 0: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8729#true} is VALID [2022-02-20 17:57:59,652 INFO L272 TraceCheckUtils]: 1: Hoare triple {8729#true} call setClientId(~rjh___0, ~rjh___0); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,652 INFO L290 TraceCheckUtils]: 2: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,652 INFO L290 TraceCheckUtils]: 3: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,652 INFO L290 TraceCheckUtils]: 4: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,652 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8729#true} {8729#true} #1678#return; {8729#true} is VALID [2022-02-20 17:57:59,652 INFO L290 TraceCheckUtils]: 6: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,652 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8729#true} {8730#false} #1762#return; {8730#false} is VALID [2022-02-20 17:57:59,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:57:59,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:57:59,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,659 INFO L290 TraceCheckUtils]: 0: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,660 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,660 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8729#true} #1624#return; {8729#true} is VALID [2022-02-20 17:57:59,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8729#true} is VALID [2022-02-20 17:57:59,661 INFO L272 TraceCheckUtils]: 1: Hoare triple {8729#true} call setClientId(~chuck___0, ~chuck___0); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,661 INFO L290 TraceCheckUtils]: 3: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,661 INFO L290 TraceCheckUtils]: 4: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,661 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8729#true} {8729#true} #1624#return; {8729#true} is VALID [2022-02-20 17:57:59,662 INFO L290 TraceCheckUtils]: 6: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,662 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8729#true} {8730#false} #1768#return; {8730#false} is VALID [2022-02-20 17:57:59,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:57:59,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,676 INFO L290 TraceCheckUtils]: 0: Hoare triple {8822#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,676 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,676 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,676 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8730#false} #1646#return; {8730#false} is VALID [2022-02-20 17:57:59,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:57:59,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,684 INFO L290 TraceCheckUtils]: 0: Hoare triple {8823#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,684 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,684 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8730#false} #1648#return; {8730#false} is VALID [2022-02-20 17:57:59,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:57:59,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {8822#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,686 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,687 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8730#false} #1658#return; {8730#false} is VALID [2022-02-20 17:57:59,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:57:59,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} ~handle := #in~handle;havoc ~retValue_acc~26; {8729#true} is VALID [2022-02-20 17:57:59,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {8729#true} is VALID [2022-02-20 17:57:59,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,690 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8730#false} #1660#return; {8730#false} is VALID [2022-02-20 17:57:59,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:57:59,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} ~handle := #in~handle;havoc ~retValue_acc~33; {8729#true} is VALID [2022-02-20 17:57:59,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {8729#true} is VALID [2022-02-20 17:57:59,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8730#false} #1708#return; {8730#false} is VALID [2022-02-20 17:57:59,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 17:57:59,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} ~handle := #in~handle;havoc ~retValue_acc~25; {8729#true} is VALID [2022-02-20 17:57:59,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {8729#true} is VALID [2022-02-20 17:57:59,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,695 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8729#true} {8730#false} #1710#return; {8730#false} is VALID [2022-02-20 17:57:59,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 155 [2022-02-20 17:57:59,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {8729#true} is VALID [2022-02-20 17:57:59,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume 1 == ~handle; {8729#true} is VALID [2022-02-20 17:57:59,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {8729#true} is VALID [2022-02-20 17:57:59,698 INFO L290 TraceCheckUtils]: 3: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,698 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8729#true} {8730#false} #1712#return; {8730#false} is VALID [2022-02-20 17:57:59,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {8729#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {8729#true} is VALID [2022-02-20 17:57:59,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {8729#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8729#true} is VALID [2022-02-20 17:57:59,698 INFO L290 TraceCheckUtils]: 2: Hoare triple {8729#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {8729#true} is VALID [2022-02-20 17:57:59,698 INFO L272 TraceCheckUtils]: 3: Hoare triple {8729#true} call select_features_#t~ret29#1 := select_one(); {8729#true} is VALID [2022-02-20 17:57:59,698 INFO L290 TraceCheckUtils]: 4: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,698 INFO L290 TraceCheckUtils]: 5: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,699 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8729#true} {8729#true} #1736#return; {8729#true} is VALID [2022-02-20 17:57:59,699 INFO L290 TraceCheckUtils]: 7: Hoare triple {8729#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {8729#true} is VALID [2022-02-20 17:57:59,699 INFO L272 TraceCheckUtils]: 8: Hoare triple {8729#true} call select_features_#t~ret30#1 := select_one(); {8729#true} is VALID [2022-02-20 17:57:59,699 INFO L290 TraceCheckUtils]: 9: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,699 INFO L290 TraceCheckUtils]: 10: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,699 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8729#true} {8729#true} #1738#return; {8729#true} is VALID [2022-02-20 17:57:59,699 INFO L290 TraceCheckUtils]: 12: Hoare triple {8729#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {8729#true} is VALID [2022-02-20 17:57:59,699 INFO L272 TraceCheckUtils]: 13: Hoare triple {8729#true} call select_features_#t~ret31#1 := select_one(); {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L290 TraceCheckUtils]: 14: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L290 TraceCheckUtils]: 15: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8729#true} {8729#true} #1740#return; {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L290 TraceCheckUtils]: 17: Hoare triple {8729#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L272 TraceCheckUtils]: 18: Hoare triple {8729#true} call select_features_#t~ret32#1 := select_one(); {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L290 TraceCheckUtils]: 19: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L290 TraceCheckUtils]: 20: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8729#true} {8729#true} #1742#return; {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L290 TraceCheckUtils]: 22: Hoare triple {8729#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {8729#true} is VALID [2022-02-20 17:57:59,700 INFO L272 TraceCheckUtils]: 23: Hoare triple {8729#true} call select_features_#t~ret33#1 := select_one(); {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L290 TraceCheckUtils]: 24: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L290 TraceCheckUtils]: 25: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8729#true} {8729#true} #1744#return; {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L290 TraceCheckUtils]: 27: Hoare triple {8729#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L272 TraceCheckUtils]: 28: Hoare triple {8729#true} call select_features_#t~ret34#1 := select_one(); {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L290 TraceCheckUtils]: 29: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L290 TraceCheckUtils]: 30: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8729#true} {8729#true} #1746#return; {8729#true} is VALID [2022-02-20 17:57:59,701 INFO L290 TraceCheckUtils]: 32: Hoare triple {8729#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {8729#true} is VALID [2022-02-20 17:57:59,702 INFO L272 TraceCheckUtils]: 33: Hoare triple {8729#true} call select_features_#t~ret35#1 := select_one(); {8729#true} is VALID [2022-02-20 17:57:59,702 INFO L290 TraceCheckUtils]: 34: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,702 INFO L290 TraceCheckUtils]: 35: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,702 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8729#true} {8729#true} #1748#return; {8729#true} is VALID [2022-02-20 17:57:59,702 INFO L290 TraceCheckUtils]: 37: Hoare triple {8729#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,702 INFO L272 TraceCheckUtils]: 38: Hoare triple {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} call select_features_#t~ret36#1 := select_one(); {8729#true} is VALID [2022-02-20 17:57:59,703 INFO L290 TraceCheckUtils]: 39: Hoare triple {8729#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {8729#true} is VALID [2022-02-20 17:57:59,703 INFO L290 TraceCheckUtils]: 40: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,703 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8729#true} {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} #1750#return; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,703 INFO L290 TraceCheckUtils]: 42: Hoare triple {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,704 INFO L290 TraceCheckUtils]: 43: Hoare triple {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,704 INFO L290 TraceCheckUtils]: 44: Hoare triple {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,704 INFO L290 TraceCheckUtils]: 45: Hoare triple {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,704 INFO L290 TraceCheckUtils]: 46: Hoare triple {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,705 INFO L290 TraceCheckUtils]: 47: Hoare triple {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 17:57:59,705 INFO L290 TraceCheckUtils]: 48: Hoare triple {8752#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8730#false} is VALID [2022-02-20 17:57:59,706 INFO L290 TraceCheckUtils]: 49: Hoare triple {8730#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8730#false} is VALID [2022-02-20 17:57:59,706 INFO L290 TraceCheckUtils]: 50: Hoare triple {8730#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~3#1 := 1; {8730#false} is VALID [2022-02-20 17:57:59,706 INFO L290 TraceCheckUtils]: 51: Hoare triple {8730#false} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {8730#false} is VALID [2022-02-20 17:57:59,707 INFO L290 TraceCheckUtils]: 52: Hoare triple {8730#false} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {8730#false} is VALID [2022-02-20 17:57:59,707 INFO L290 TraceCheckUtils]: 53: Hoare triple {8730#false} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8730#false} is VALID [2022-02-20 17:57:59,707 INFO L290 TraceCheckUtils]: 54: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8730#false} is VALID [2022-02-20 17:57:59,707 INFO L272 TraceCheckUtils]: 55: Hoare triple {8730#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,707 INFO L290 TraceCheckUtils]: 56: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8729#true} is VALID [2022-02-20 17:57:59,708 INFO L272 TraceCheckUtils]: 57: Hoare triple {8729#true} call setClientId(~bob___0, ~bob___0); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,708 INFO L290 TraceCheckUtils]: 58: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,708 INFO L290 TraceCheckUtils]: 59: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,708 INFO L290 TraceCheckUtils]: 60: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,708 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8729#true} {8729#true} #1734#return; {8729#true} is VALID [2022-02-20 17:57:59,709 INFO L290 TraceCheckUtils]: 62: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,709 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8729#true} {8730#false} #1756#return; {8730#false} is VALID [2022-02-20 17:57:59,709 INFO L290 TraceCheckUtils]: 64: Hoare triple {8730#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8730#false} is VALID [2022-02-20 17:57:59,711 INFO L290 TraceCheckUtils]: 65: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8730#false} is VALID [2022-02-20 17:57:59,711 INFO L272 TraceCheckUtils]: 66: Hoare triple {8730#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,711 INFO L290 TraceCheckUtils]: 67: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8729#true} is VALID [2022-02-20 17:57:59,712 INFO L272 TraceCheckUtils]: 68: Hoare triple {8729#true} call setClientId(~rjh___0, ~rjh___0); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,712 INFO L290 TraceCheckUtils]: 69: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,712 INFO L290 TraceCheckUtils]: 70: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,712 INFO L290 TraceCheckUtils]: 71: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,712 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8729#true} {8729#true} #1678#return; {8729#true} is VALID [2022-02-20 17:57:59,712 INFO L290 TraceCheckUtils]: 73: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,713 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8729#true} {8730#false} #1762#return; {8730#false} is VALID [2022-02-20 17:57:59,713 INFO L290 TraceCheckUtils]: 75: Hoare triple {8730#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8730#false} is VALID [2022-02-20 17:57:59,713 INFO L290 TraceCheckUtils]: 76: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8730#false} is VALID [2022-02-20 17:57:59,713 INFO L272 TraceCheckUtils]: 77: Hoare triple {8730#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,713 INFO L290 TraceCheckUtils]: 78: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8729#true} is VALID [2022-02-20 17:57:59,713 INFO L272 TraceCheckUtils]: 79: Hoare triple {8729#true} call setClientId(~chuck___0, ~chuck___0); {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,713 INFO L290 TraceCheckUtils]: 80: Hoare triple {8809#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,714 INFO L290 TraceCheckUtils]: 81: Hoare triple {8729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,714 INFO L290 TraceCheckUtils]: 82: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,714 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8729#true} {8729#true} #1624#return; {8729#true} is VALID [2022-02-20 17:57:59,714 INFO L290 TraceCheckUtils]: 84: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,714 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8729#true} {8730#false} #1768#return; {8730#false} is VALID [2022-02-20 17:57:59,714 INFO L290 TraceCheckUtils]: 86: Hoare triple {8730#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {8730#false} is VALID [2022-02-20 17:57:59,714 INFO L290 TraceCheckUtils]: 87: Hoare triple {8730#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8730#false} is VALID [2022-02-20 17:57:59,714 INFO L290 TraceCheckUtils]: 88: Hoare triple {8730#false} assume !false; {8730#false} is VALID [2022-02-20 17:57:59,714 INFO L290 TraceCheckUtils]: 89: Hoare triple {8730#false} assume !(test_~splverifierCounter~0#1 < 4); {8730#false} is VALID [2022-02-20 17:57:59,715 INFO L290 TraceCheckUtils]: 90: Hoare triple {8730#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {8730#false} is VALID [2022-02-20 17:57:59,715 INFO L272 TraceCheckUtils]: 91: Hoare triple {8730#false} call sendEmail(~bob~0, ~rjh~0); {8730#false} is VALID [2022-02-20 17:57:59,715 INFO L290 TraceCheckUtils]: 92: Hoare triple {8730#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8730#false} is VALID [2022-02-20 17:57:59,715 INFO L272 TraceCheckUtils]: 93: Hoare triple {8730#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8822#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:59,715 INFO L290 TraceCheckUtils]: 94: Hoare triple {8822#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,715 INFO L290 TraceCheckUtils]: 95: Hoare triple {8729#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,715 INFO L290 TraceCheckUtils]: 96: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,715 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8729#true} {8730#false} #1646#return; {8730#false} is VALID [2022-02-20 17:57:59,715 INFO L272 TraceCheckUtils]: 98: Hoare triple {8730#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8823#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:59,716 INFO L290 TraceCheckUtils]: 99: Hoare triple {8823#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,716 INFO L290 TraceCheckUtils]: 100: Hoare triple {8729#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,716 INFO L290 TraceCheckUtils]: 101: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,716 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8729#true} {8730#false} #1648#return; {8730#false} is VALID [2022-02-20 17:57:59,716 INFO L290 TraceCheckUtils]: 103: Hoare triple {8730#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {8730#false} is VALID [2022-02-20 17:57:59,716 INFO L290 TraceCheckUtils]: 104: Hoare triple {8730#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {8730#false} is VALID [2022-02-20 17:57:59,716 INFO L272 TraceCheckUtils]: 105: Hoare triple {8730#false} call outgoing(~sender#1, ~email~0#1); {8730#false} is VALID [2022-02-20 17:57:59,716 INFO L290 TraceCheckUtils]: 106: Hoare triple {8730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8730#false} is VALID [2022-02-20 17:57:59,716 INFO L290 TraceCheckUtils]: 107: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8730#false} is VALID [2022-02-20 17:57:59,716 INFO L272 TraceCheckUtils]: 108: Hoare triple {8730#false} call outgoing__before__Sign(~client#1, ~msg#1); {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L290 TraceCheckUtils]: 109: Hoare triple {8730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L290 TraceCheckUtils]: 110: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L272 TraceCheckUtils]: 111: Hoare triple {8730#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L290 TraceCheckUtils]: 112: Hoare triple {8730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L290 TraceCheckUtils]: 113: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L272 TraceCheckUtils]: 114: Hoare triple {8730#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L290 TraceCheckUtils]: 115: Hoare triple {8730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L290 TraceCheckUtils]: 116: Hoare triple {8730#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L290 TraceCheckUtils]: 117: Hoare triple {8730#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {8730#false} is VALID [2022-02-20 17:57:59,717 INFO L272 TraceCheckUtils]: 118: Hoare triple {8730#false} call setEmailFrom(~msg#1, ~tmp~9#1); {8822#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:59,718 INFO L290 TraceCheckUtils]: 119: Hoare triple {8822#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8729#true} is VALID [2022-02-20 17:57:59,718 INFO L290 TraceCheckUtils]: 120: Hoare triple {8729#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8729#true} is VALID [2022-02-20 17:57:59,718 INFO L290 TraceCheckUtils]: 121: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,718 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8729#true} {8730#false} #1658#return; {8730#false} is VALID [2022-02-20 17:57:59,718 INFO L290 TraceCheckUtils]: 123: Hoare triple {8730#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {8730#false} is VALID [2022-02-20 17:57:59,728 INFO L272 TraceCheckUtils]: 124: Hoare triple {8730#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {8729#true} is VALID [2022-02-20 17:57:59,738 INFO L290 TraceCheckUtils]: 125: Hoare triple {8729#true} ~handle := #in~handle;havoc ~retValue_acc~26; {8729#true} is VALID [2022-02-20 17:57:59,738 INFO L290 TraceCheckUtils]: 126: Hoare triple {8729#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {8729#true} is VALID [2022-02-20 17:57:59,738 INFO L290 TraceCheckUtils]: 127: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,738 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {8729#true} {8730#false} #1660#return; {8730#false} is VALID [2022-02-20 17:57:59,738 INFO L290 TraceCheckUtils]: 129: Hoare triple {8730#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L290 TraceCheckUtils]: 130: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L272 TraceCheckUtils]: 131: Hoare triple {8730#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L290 TraceCheckUtils]: 132: Hoare triple {8730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L290 TraceCheckUtils]: 133: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_Verify~0); {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L272 TraceCheckUtils]: 134: Hoare triple {8730#false} call incoming__before__Verify(~client#1, ~msg#1); {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L290 TraceCheckUtils]: 135: Hoare triple {8730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L290 TraceCheckUtils]: 136: Hoare triple {8730#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L272 TraceCheckUtils]: 137: Hoare triple {8730#false} call incoming__before__Forward(~client#1, ~msg#1); {8730#false} is VALID [2022-02-20 17:57:59,739 INFO L290 TraceCheckUtils]: 138: Hoare triple {8730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8730#false} is VALID [2022-02-20 17:57:59,740 INFO L290 TraceCheckUtils]: 139: Hoare triple {8730#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret66#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~12#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~12#1; {8730#false} is VALID [2022-02-20 17:57:59,740 INFO L272 TraceCheckUtils]: 140: Hoare triple {8730#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {8730#false} is VALID [2022-02-20 17:57:59,740 INFO L290 TraceCheckUtils]: 141: Hoare triple {8730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {8730#false} is VALID [2022-02-20 17:57:59,740 INFO L272 TraceCheckUtils]: 142: Hoare triple {8730#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {8729#true} is VALID [2022-02-20 17:57:59,740 INFO L290 TraceCheckUtils]: 143: Hoare triple {8729#true} ~handle := #in~handle;havoc ~retValue_acc~33; {8729#true} is VALID [2022-02-20 17:57:59,740 INFO L290 TraceCheckUtils]: 144: Hoare triple {8729#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {8729#true} is VALID [2022-02-20 17:57:59,740 INFO L290 TraceCheckUtils]: 145: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,740 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {8729#true} {8730#false} #1708#return; {8730#false} is VALID [2022-02-20 17:57:59,740 INFO L290 TraceCheckUtils]: 147: Hoare triple {8730#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {8730#false} is VALID [2022-02-20 17:57:59,741 INFO L290 TraceCheckUtils]: 148: Hoare triple {8730#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {8730#false} is VALID [2022-02-20 17:57:59,741 INFO L272 TraceCheckUtils]: 149: Hoare triple {8730#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {8729#true} is VALID [2022-02-20 17:57:59,741 INFO L290 TraceCheckUtils]: 150: Hoare triple {8729#true} ~handle := #in~handle;havoc ~retValue_acc~25; {8729#true} is VALID [2022-02-20 17:57:59,741 INFO L290 TraceCheckUtils]: 151: Hoare triple {8729#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {8729#true} is VALID [2022-02-20 17:57:59,741 INFO L290 TraceCheckUtils]: 152: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,741 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {8729#true} {8730#false} #1710#return; {8730#false} is VALID [2022-02-20 17:57:59,741 INFO L290 TraceCheckUtils]: 154: Hoare triple {8730#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {8730#false} is VALID [2022-02-20 17:57:59,741 INFO L272 TraceCheckUtils]: 155: Hoare triple {8730#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {8729#true} is VALID [2022-02-20 17:57:59,741 INFO L290 TraceCheckUtils]: 156: Hoare triple {8729#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {8729#true} is VALID [2022-02-20 17:57:59,741 INFO L290 TraceCheckUtils]: 157: Hoare triple {8729#true} assume 1 == ~handle; {8729#true} is VALID [2022-02-20 17:57:59,742 INFO L290 TraceCheckUtils]: 158: Hoare triple {8729#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {8729#true} is VALID [2022-02-20 17:57:59,742 INFO L290 TraceCheckUtils]: 159: Hoare triple {8729#true} assume true; {8729#true} is VALID [2022-02-20 17:57:59,742 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {8729#true} {8730#false} #1712#return; {8730#false} is VALID [2022-02-20 17:57:59,742 INFO L290 TraceCheckUtils]: 161: Hoare triple {8730#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {8730#false} is VALID [2022-02-20 17:57:59,742 INFO L290 TraceCheckUtils]: 162: Hoare triple {8730#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {8730#false} is VALID [2022-02-20 17:57:59,742 INFO L290 TraceCheckUtils]: 163: Hoare triple {8730#false} assume !false; {8730#false} is VALID [2022-02-20 17:57:59,743 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:57:59,743 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:59,743 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1756794769] [2022-02-20 17:57:59,743 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1756794769] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:59,743 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:57:59,743 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:57:59,743 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1041634302] [2022-02-20 17:57:59,743 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:59,744 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 15.0) internal successors, (90), 3 states have internal predecessors, (90), 3 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) Word has length 164 [2022-02-20 17:57:59,744 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:59,745 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 15.0) internal successors, (90), 3 states have internal predecessors, (90), 3 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:57:59,825 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 141 edges. 141 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:59,825 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:57:59,825 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:59,826 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:57:59,826 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:57:59,826 INFO L87 Difference]: Start difference. First operand 601 states and 886 transitions. Second operand has 6 states, 6 states have (on average 15.0) internal successors, (90), 3 states have internal predecessors, (90), 3 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:04,485 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:04,485 INFO L93 Difference]: Finished difference Result 1299 states and 1968 transitions. [2022-02-20 17:58:04,485 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:58:04,485 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 15.0) internal successors, (90), 3 states have internal predecessors, (90), 3 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) Word has length 164 [2022-02-20 17:58:04,486 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:04,486 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 15.0) internal successors, (90), 3 states have internal predecessors, (90), 3 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:04,509 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1968 transitions. [2022-02-20 17:58:04,509 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 15.0) internal successors, (90), 3 states have internal predecessors, (90), 3 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:04,531 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1968 transitions. [2022-02-20 17:58:04,532 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1968 transitions. [2022-02-20 17:58:06,091 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1968 edges. 1968 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:06,119 INFO L225 Difference]: With dead ends: 1299 [2022-02-20 17:58:06,119 INFO L226 Difference]: Without dead ends: 731 [2022-02-20 17:58:06,121 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:06,122 INFO L933 BasicCegarLoop]: 887 mSDtfsCounter, 2044 mSDsluCounter, 678 mSDsCounter, 0 mSdLazyCounter, 512 mSolverCounterSat, 838 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2071 SdHoareTripleChecker+Valid, 1565 SdHoareTripleChecker+Invalid, 1350 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 838 IncrementalHoareTripleChecker+Valid, 512 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.9s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:06,123 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2071 Valid, 1565 Invalid, 1350 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [838 Valid, 512 Invalid, 0 Unknown, 0 Unchecked, 1.9s Time] [2022-02-20 17:58:06,124 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 731 states. [2022-02-20 17:58:06,143 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 731 to 602. [2022-02-20 17:58:06,143 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:06,145 INFO L82 GeneralOperation]: Start isEquivalent. First operand 731 states. Second operand has 602 states, 446 states have (on average 1.484304932735426) internal successors, (662), 463 states have internal predecessors, (662), 110 states have call successors, (110), 45 states have call predecessors, (110), 45 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:58:06,146 INFO L74 IsIncluded]: Start isIncluded. First operand 731 states. Second operand has 602 states, 446 states have (on average 1.484304932735426) internal successors, (662), 463 states have internal predecessors, (662), 110 states have call successors, (110), 45 states have call predecessors, (110), 45 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:58:06,147 INFO L87 Difference]: Start difference. First operand 731 states. Second operand has 602 states, 446 states have (on average 1.484304932735426) internal successors, (662), 463 states have internal predecessors, (662), 110 states have call successors, (110), 45 states have call predecessors, (110), 45 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:58:06,170 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:06,170 INFO L93 Difference]: Finished difference Result 731 states and 1101 transitions. [2022-02-20 17:58:06,170 INFO L276 IsEmpty]: Start isEmpty. Operand 731 states and 1101 transitions. [2022-02-20 17:58:06,173 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:06,173 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:06,174 INFO L74 IsIncluded]: Start isIncluded. First operand has 602 states, 446 states have (on average 1.484304932735426) internal successors, (662), 463 states have internal predecessors, (662), 110 states have call successors, (110), 45 states have call predecessors, (110), 45 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 731 states. [2022-02-20 17:58:06,176 INFO L87 Difference]: Start difference. First operand has 602 states, 446 states have (on average 1.484304932735426) internal successors, (662), 463 states have internal predecessors, (662), 110 states have call successors, (110), 45 states have call predecessors, (110), 45 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 731 states. [2022-02-20 17:58:06,199 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:06,199 INFO L93 Difference]: Finished difference Result 731 states and 1101 transitions. [2022-02-20 17:58:06,199 INFO L276 IsEmpty]: Start isEmpty. Operand 731 states and 1101 transitions. [2022-02-20 17:58:06,202 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:06,202 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:06,202 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:06,202 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:06,204 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 602 states, 446 states have (on average 1.484304932735426) internal successors, (662), 463 states have internal predecessors, (662), 110 states have call successors, (110), 45 states have call predecessors, (110), 45 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 17:58:06,224 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 602 states to 602 states and 881 transitions. [2022-02-20 17:58:06,225 INFO L78 Accepts]: Start accepts. Automaton has 602 states and 881 transitions. Word has length 164 [2022-02-20 17:58:06,225 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:06,225 INFO L470 AbstractCegarLoop]: Abstraction has 602 states and 881 transitions. [2022-02-20 17:58:06,225 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 15.0) internal successors, (90), 3 states have internal predecessors, (90), 3 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:06,225 INFO L276 IsEmpty]: Start isEmpty. Operand 602 states and 881 transitions. [2022-02-20 17:58:06,228 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 179 [2022-02-20 17:58:06,228 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:06,228 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:06,228 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 17:58:06,228 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:06,228 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:06,229 INFO L85 PathProgramCache]: Analyzing trace with hash 68062832, now seen corresponding path program 1 times [2022-02-20 17:58:06,229 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:06,229 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [694665163] [2022-02-20 17:58:06,229 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:06,229 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:06,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:58:06,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,307 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1736#return; {12938#true} is VALID [2022-02-20 17:58:06,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:58:06,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,310 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,311 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1738#return; {12938#true} is VALID [2022-02-20 17:58:06,311 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:58:06,312 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,315 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1740#return; {12938#true} is VALID [2022-02-20 17:58:06,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:06,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,319 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,319 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,319 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1742#return; {12938#true} is VALID [2022-02-20 17:58:06,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:58:06,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,323 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,323 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,323 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1744#return; {12938#true} is VALID [2022-02-20 17:58:06,323 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:58:06,325 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,327 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,327 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,327 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1746#return; {12938#true} is VALID [2022-02-20 17:58:06,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:58:06,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,331 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,332 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,332 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1748#return; {12938#true} is VALID [2022-02-20 17:58:06,332 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:06,335 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,337 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1750#return; {12938#true} is VALID [2022-02-20 17:58:06,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:58:06,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,345 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:06,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,350 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12938#true} #1734#return; {12938#true} is VALID [2022-02-20 17:58:06,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12938#true} is VALID [2022-02-20 17:58:06,350 INFO L272 TraceCheckUtils]: 1: Hoare triple {12938#true} call setClientId(~bob___0, ~bob___0); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,351 INFO L290 TraceCheckUtils]: 2: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,351 INFO L290 TraceCheckUtils]: 3: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,351 INFO L290 TraceCheckUtils]: 4: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,351 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12938#true} {12938#true} #1734#return; {12938#true} is VALID [2022-02-20 17:58:06,351 INFO L290 TraceCheckUtils]: 6: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,351 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12938#true} {12939#false} #1756#return; {12939#false} is VALID [2022-02-20 17:58:06,351 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:58:06,353 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,356 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:06,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,358 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,358 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,358 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12938#true} #1678#return; {12938#true} is VALID [2022-02-20 17:58:06,359 INFO L290 TraceCheckUtils]: 0: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12938#true} is VALID [2022-02-20 17:58:06,365 INFO L272 TraceCheckUtils]: 1: Hoare triple {12938#true} call setClientId(~rjh___0, ~rjh___0); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,365 INFO L290 TraceCheckUtils]: 2: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,366 INFO L290 TraceCheckUtils]: 3: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,366 INFO L290 TraceCheckUtils]: 4: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,366 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12938#true} {12938#true} #1678#return; {12938#true} is VALID [2022-02-20 17:58:06,366 INFO L290 TraceCheckUtils]: 6: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,366 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12938#true} {12939#false} #1762#return; {12939#false} is VALID [2022-02-20 17:58:06,366 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:06,368 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:06,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,377 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12938#true} #1624#return; {12938#true} is VALID [2022-02-20 17:58:06,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12938#true} is VALID [2022-02-20 17:58:06,378 INFO L272 TraceCheckUtils]: 1: Hoare triple {12938#true} call setClientId(~chuck___0, ~chuck___0); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,378 INFO L290 TraceCheckUtils]: 3: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,378 INFO L290 TraceCheckUtils]: 4: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,379 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12938#true} {12938#true} #1624#return; {12938#true} is VALID [2022-02-20 17:58:06,379 INFO L290 TraceCheckUtils]: 6: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,379 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12938#true} {12939#false} #1768#return; {12939#false} is VALID [2022-02-20 17:58:06,382 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:58:06,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {13040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,386 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,386 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,386 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12939#false} #1646#return; {12939#false} is VALID [2022-02-20 17:58:06,390 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:58:06,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {13041#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,393 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,394 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,394 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12939#false} #1648#return; {12939#false} is VALID [2022-02-20 17:58:06,395 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:58:06,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {13040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,399 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12939#false} #1658#return; {12939#false} is VALID [2022-02-20 17:58:06,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:58:06,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,404 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12938#true} is VALID [2022-02-20 17:58:06,404 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12938#true} is VALID [2022-02-20 17:58:06,404 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,405 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12939#false} #1660#return; {12939#false} is VALID [2022-02-20 17:58:06,405 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 17:58:06,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:58:06,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,421 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {12938#true} is VALID [2022-02-20 17:58:06,421 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,422 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12938#true} {12938#true} #1812#return; {12938#true} is VALID [2022-02-20 17:58:06,422 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {12938#true} is VALID [2022-02-20 17:58:06,422 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12938#true} is VALID [2022-02-20 17:58:06,422 INFO L272 TraceCheckUtils]: 2: Hoare triple {12938#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {12938#true} is VALID [2022-02-20 17:58:06,422 INFO L290 TraceCheckUtils]: 3: Hoare triple {12938#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {12938#true} is VALID [2022-02-20 17:58:06,422 INFO L290 TraceCheckUtils]: 4: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,422 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12938#true} {12938#true} #1812#return; {12938#true} is VALID [2022-02-20 17:58:06,422 INFO L290 TraceCheckUtils]: 6: Hoare triple {12938#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {12938#true} is VALID [2022-02-20 17:58:06,423 INFO L290 TraceCheckUtils]: 7: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,423 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {12938#true} {12939#false} #1596#return; {12939#false} is VALID [2022-02-20 17:58:06,423 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 17:58:06,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,425 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} ~handle := #in~handle;havoc ~retValue_acc~33; {12938#true} is VALID [2022-02-20 17:58:06,425 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {12938#true} is VALID [2022-02-20 17:58:06,425 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,425 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12939#false} #1708#return; {12939#false} is VALID [2022-02-20 17:58:06,425 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 17:58:06,427 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} ~handle := #in~handle;havoc ~retValue_acc~25; {12938#true} is VALID [2022-02-20 17:58:06,430 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {12938#true} is VALID [2022-02-20 17:58:06,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,431 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12938#true} {12939#false} #1710#return; {12939#false} is VALID [2022-02-20 17:58:06,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-02-20 17:58:06,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,433 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {12938#true} is VALID [2022-02-20 17:58:06,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume 1 == ~handle; {12938#true} is VALID [2022-02-20 17:58:06,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {12938#true} is VALID [2022-02-20 17:58:06,434 INFO L290 TraceCheckUtils]: 3: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,434 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12938#true} {12939#false} #1712#return; {12939#false} is VALID [2022-02-20 17:58:06,434 INFO L290 TraceCheckUtils]: 0: Hoare triple {12938#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {12938#true} is VALID [2022-02-20 17:58:06,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {12938#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {12938#true} is VALID [2022-02-20 17:58:06,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {12938#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L272 TraceCheckUtils]: 3: Hoare triple {12938#true} call select_features_#t~ret29#1 := select_one(); {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L290 TraceCheckUtils]: 4: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L290 TraceCheckUtils]: 5: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12938#true} {12938#true} #1736#return; {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L290 TraceCheckUtils]: 7: Hoare triple {12938#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L272 TraceCheckUtils]: 8: Hoare triple {12938#true} call select_features_#t~ret30#1 := select_one(); {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L290 TraceCheckUtils]: 9: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L290 TraceCheckUtils]: 10: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,435 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {12938#true} {12938#true} #1738#return; {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L290 TraceCheckUtils]: 12: Hoare triple {12938#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L272 TraceCheckUtils]: 13: Hoare triple {12938#true} call select_features_#t~ret31#1 := select_one(); {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L290 TraceCheckUtils]: 14: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L290 TraceCheckUtils]: 15: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12938#true} {12938#true} #1740#return; {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L290 TraceCheckUtils]: 17: Hoare triple {12938#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L272 TraceCheckUtils]: 18: Hoare triple {12938#true} call select_features_#t~ret32#1 := select_one(); {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L290 TraceCheckUtils]: 19: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,436 INFO L290 TraceCheckUtils]: 20: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12938#true} {12938#true} #1742#return; {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L290 TraceCheckUtils]: 22: Hoare triple {12938#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L272 TraceCheckUtils]: 23: Hoare triple {12938#true} call select_features_#t~ret33#1 := select_one(); {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L290 TraceCheckUtils]: 24: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L290 TraceCheckUtils]: 25: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {12938#true} {12938#true} #1744#return; {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L290 TraceCheckUtils]: 27: Hoare triple {12938#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L272 TraceCheckUtils]: 28: Hoare triple {12938#true} call select_features_#t~ret34#1 := select_one(); {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L290 TraceCheckUtils]: 29: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,437 INFO L290 TraceCheckUtils]: 30: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {12938#true} {12938#true} #1746#return; {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L290 TraceCheckUtils]: 32: Hoare triple {12938#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L272 TraceCheckUtils]: 33: Hoare triple {12938#true} call select_features_#t~ret35#1 := select_one(); {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L290 TraceCheckUtils]: 34: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L290 TraceCheckUtils]: 35: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12938#true} {12938#true} #1748#return; {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L290 TraceCheckUtils]: 37: Hoare triple {12938#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L272 TraceCheckUtils]: 38: Hoare triple {12938#true} call select_features_#t~ret36#1 := select_one(); {12938#true} is VALID [2022-02-20 17:58:06,438 INFO L290 TraceCheckUtils]: 39: Hoare triple {12938#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {12938#true} is VALID [2022-02-20 17:58:06,439 INFO L290 TraceCheckUtils]: 40: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,439 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12938#true} {12938#true} #1750#return; {12938#true} is VALID [2022-02-20 17:58:06,439 INFO L290 TraceCheckUtils]: 42: Hoare triple {12938#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {12938#true} is VALID [2022-02-20 17:58:06,439 INFO L290 TraceCheckUtils]: 43: Hoare triple {12938#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {12938#true} is VALID [2022-02-20 17:58:06,439 INFO L290 TraceCheckUtils]: 44: Hoare triple {12938#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12938#true} is VALID [2022-02-20 17:58:06,439 INFO L290 TraceCheckUtils]: 45: Hoare triple {12938#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {12938#true} is VALID [2022-02-20 17:58:06,439 INFO L290 TraceCheckUtils]: 46: Hoare triple {12938#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12938#true} is VALID [2022-02-20 17:58:06,440 INFO L290 TraceCheckUtils]: 47: Hoare triple {12938#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12964#(= ~__SELECTED_FEATURE_Sign~0 0)} is VALID [2022-02-20 17:58:06,440 INFO L290 TraceCheckUtils]: 48: Hoare triple {12964#(= ~__SELECTED_FEATURE_Sign~0 0)} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {12964#(= ~__SELECTED_FEATURE_Sign~0 0)} is VALID [2022-02-20 17:58:06,440 INFO L290 TraceCheckUtils]: 49: Hoare triple {12964#(= ~__SELECTED_FEATURE_Sign~0 0)} assume 0 != ~__SELECTED_FEATURE_Sign~0; {12939#false} is VALID [2022-02-20 17:58:06,440 INFO L290 TraceCheckUtils]: 50: Hoare triple {12939#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12939#false} is VALID [2022-02-20 17:58:06,440 INFO L290 TraceCheckUtils]: 51: Hoare triple {12939#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~3#1 := 1; {12939#false} is VALID [2022-02-20 17:58:06,440 INFO L290 TraceCheckUtils]: 52: Hoare triple {12939#false} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {12939#false} is VALID [2022-02-20 17:58:06,440 INFO L290 TraceCheckUtils]: 53: Hoare triple {12939#false} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {12939#false} is VALID [2022-02-20 17:58:06,441 INFO L290 TraceCheckUtils]: 54: Hoare triple {12939#false} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {12939#false} is VALID [2022-02-20 17:58:06,441 INFO L290 TraceCheckUtils]: 55: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12939#false} is VALID [2022-02-20 17:58:06,441 INFO L272 TraceCheckUtils]: 56: Hoare triple {12939#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,441 INFO L290 TraceCheckUtils]: 57: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12938#true} is VALID [2022-02-20 17:58:06,441 INFO L272 TraceCheckUtils]: 58: Hoare triple {12938#true} call setClientId(~bob___0, ~bob___0); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,442 INFO L290 TraceCheckUtils]: 59: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,442 INFO L290 TraceCheckUtils]: 60: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,442 INFO L290 TraceCheckUtils]: 61: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,442 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {12938#true} {12938#true} #1734#return; {12938#true} is VALID [2022-02-20 17:58:06,442 INFO L290 TraceCheckUtils]: 63: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,442 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {12938#true} {12939#false} #1756#return; {12939#false} is VALID [2022-02-20 17:58:06,442 INFO L290 TraceCheckUtils]: 65: Hoare triple {12939#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {12939#false} is VALID [2022-02-20 17:58:06,442 INFO L290 TraceCheckUtils]: 66: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12939#false} is VALID [2022-02-20 17:58:06,442 INFO L272 TraceCheckUtils]: 67: Hoare triple {12939#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,443 INFO L290 TraceCheckUtils]: 68: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12938#true} is VALID [2022-02-20 17:58:06,443 INFO L272 TraceCheckUtils]: 69: Hoare triple {12938#true} call setClientId(~rjh___0, ~rjh___0); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,443 INFO L290 TraceCheckUtils]: 70: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,443 INFO L290 TraceCheckUtils]: 71: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,443 INFO L290 TraceCheckUtils]: 72: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,443 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {12938#true} {12938#true} #1678#return; {12938#true} is VALID [2022-02-20 17:58:06,444 INFO L290 TraceCheckUtils]: 74: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,444 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {12938#true} {12939#false} #1762#return; {12939#false} is VALID [2022-02-20 17:58:06,444 INFO L290 TraceCheckUtils]: 76: Hoare triple {12939#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {12939#false} is VALID [2022-02-20 17:58:06,444 INFO L290 TraceCheckUtils]: 77: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12939#false} is VALID [2022-02-20 17:58:06,444 INFO L272 TraceCheckUtils]: 78: Hoare triple {12939#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,444 INFO L290 TraceCheckUtils]: 79: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12938#true} is VALID [2022-02-20 17:58:06,445 INFO L272 TraceCheckUtils]: 80: Hoare triple {12938#true} call setClientId(~chuck___0, ~chuck___0); {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,445 INFO L290 TraceCheckUtils]: 81: Hoare triple {13027#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,445 INFO L290 TraceCheckUtils]: 82: Hoare triple {12938#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,445 INFO L290 TraceCheckUtils]: 83: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,445 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {12938#true} {12938#true} #1624#return; {12938#true} is VALID [2022-02-20 17:58:06,445 INFO L290 TraceCheckUtils]: 85: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,445 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {12938#true} {12939#false} #1768#return; {12939#false} is VALID [2022-02-20 17:58:06,445 INFO L290 TraceCheckUtils]: 87: Hoare triple {12939#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {12939#false} is VALID [2022-02-20 17:58:06,445 INFO L290 TraceCheckUtils]: 88: Hoare triple {12939#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12939#false} is VALID [2022-02-20 17:58:06,446 INFO L290 TraceCheckUtils]: 89: Hoare triple {12939#false} assume !false; {12939#false} is VALID [2022-02-20 17:58:06,446 INFO L290 TraceCheckUtils]: 90: Hoare triple {12939#false} assume !(test_~splverifierCounter~0#1 < 4); {12939#false} is VALID [2022-02-20 17:58:06,446 INFO L290 TraceCheckUtils]: 91: Hoare triple {12939#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {12939#false} is VALID [2022-02-20 17:58:06,446 INFO L272 TraceCheckUtils]: 92: Hoare triple {12939#false} call sendEmail(~bob~0, ~rjh~0); {12939#false} is VALID [2022-02-20 17:58:06,446 INFO L290 TraceCheckUtils]: 93: Hoare triple {12939#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12939#false} is VALID [2022-02-20 17:58:06,446 INFO L272 TraceCheckUtils]: 94: Hoare triple {12939#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:06,446 INFO L290 TraceCheckUtils]: 95: Hoare triple {13040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,446 INFO L290 TraceCheckUtils]: 96: Hoare triple {12938#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,446 INFO L290 TraceCheckUtils]: 97: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,447 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {12938#true} {12939#false} #1646#return; {12939#false} is VALID [2022-02-20 17:58:06,447 INFO L272 TraceCheckUtils]: 99: Hoare triple {12939#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13041#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:06,447 INFO L290 TraceCheckUtils]: 100: Hoare triple {13041#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,447 INFO L290 TraceCheckUtils]: 101: Hoare triple {12938#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,447 INFO L290 TraceCheckUtils]: 102: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,447 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {12938#true} {12939#false} #1648#return; {12939#false} is VALID [2022-02-20 17:58:06,447 INFO L290 TraceCheckUtils]: 104: Hoare triple {12939#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {12939#false} is VALID [2022-02-20 17:58:06,447 INFO L290 TraceCheckUtils]: 105: Hoare triple {12939#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {12939#false} is VALID [2022-02-20 17:58:06,447 INFO L272 TraceCheckUtils]: 106: Hoare triple {12939#false} call outgoing(~sender#1, ~email~0#1); {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L290 TraceCheckUtils]: 107: Hoare triple {12939#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L290 TraceCheckUtils]: 108: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L272 TraceCheckUtils]: 109: Hoare triple {12939#false} call outgoing__before__Sign(~client#1, ~msg#1); {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L290 TraceCheckUtils]: 110: Hoare triple {12939#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L290 TraceCheckUtils]: 111: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L272 TraceCheckUtils]: 112: Hoare triple {12939#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L290 TraceCheckUtils]: 113: Hoare triple {12939#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L290 TraceCheckUtils]: 114: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L272 TraceCheckUtils]: 115: Hoare triple {12939#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {12939#false} is VALID [2022-02-20 17:58:06,448 INFO L290 TraceCheckUtils]: 116: Hoare triple {12939#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {12939#false} is VALID [2022-02-20 17:58:06,449 INFO L290 TraceCheckUtils]: 117: Hoare triple {12939#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {12939#false} is VALID [2022-02-20 17:58:06,449 INFO L290 TraceCheckUtils]: 118: Hoare triple {12939#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {12939#false} is VALID [2022-02-20 17:58:06,449 INFO L272 TraceCheckUtils]: 119: Hoare triple {12939#false} call setEmailFrom(~msg#1, ~tmp~9#1); {13040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:06,449 INFO L290 TraceCheckUtils]: 120: Hoare triple {13040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12938#true} is VALID [2022-02-20 17:58:06,449 INFO L290 TraceCheckUtils]: 121: Hoare triple {12938#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12938#true} is VALID [2022-02-20 17:58:06,449 INFO L290 TraceCheckUtils]: 122: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,449 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {12938#true} {12939#false} #1658#return; {12939#false} is VALID [2022-02-20 17:58:06,449 INFO L290 TraceCheckUtils]: 124: Hoare triple {12939#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {12939#false} is VALID [2022-02-20 17:58:06,449 INFO L272 TraceCheckUtils]: 125: Hoare triple {12939#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {12938#true} is VALID [2022-02-20 17:58:06,450 INFO L290 TraceCheckUtils]: 126: Hoare triple {12938#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12938#true} is VALID [2022-02-20 17:58:06,450 INFO L290 TraceCheckUtils]: 127: Hoare triple {12938#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12938#true} is VALID [2022-02-20 17:58:06,450 INFO L290 TraceCheckUtils]: 128: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,450 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {12938#true} {12939#false} #1660#return; {12939#false} is VALID [2022-02-20 17:58:06,450 INFO L290 TraceCheckUtils]: 130: Hoare triple {12939#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {12939#false} is VALID [2022-02-20 17:58:06,450 INFO L290 TraceCheckUtils]: 131: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {12939#false} is VALID [2022-02-20 17:58:06,450 INFO L272 TraceCheckUtils]: 132: Hoare triple {12939#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {12939#false} is VALID [2022-02-20 17:58:06,450 INFO L290 TraceCheckUtils]: 133: Hoare triple {12939#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12939#false} is VALID [2022-02-20 17:58:06,450 INFO L290 TraceCheckUtils]: 134: Hoare triple {12939#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~tmp~19#1, verify_~tmp___0~5#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1; {12939#false} is VALID [2022-02-20 17:58:06,451 INFO L272 TraceCheckUtils]: 135: Hoare triple {12939#false} call verify_#t~ret79#1 := isReadable(verify_~msg#1); {12938#true} is VALID [2022-02-20 17:58:06,451 INFO L290 TraceCheckUtils]: 136: Hoare triple {12938#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {12938#true} is VALID [2022-02-20 17:58:06,451 INFO L290 TraceCheckUtils]: 137: Hoare triple {12938#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12938#true} is VALID [2022-02-20 17:58:06,451 INFO L272 TraceCheckUtils]: 138: Hoare triple {12938#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {12938#true} is VALID [2022-02-20 17:58:06,451 INFO L290 TraceCheckUtils]: 139: Hoare triple {12938#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {12938#true} is VALID [2022-02-20 17:58:06,451 INFO L290 TraceCheckUtils]: 140: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,451 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {12938#true} {12938#true} #1812#return; {12938#true} is VALID [2022-02-20 17:58:06,451 INFO L290 TraceCheckUtils]: 142: Hoare triple {12938#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {12938#true} is VALID [2022-02-20 17:58:06,451 INFO L290 TraceCheckUtils]: 143: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,452 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {12938#true} {12939#false} #1596#return; {12939#false} is VALID [2022-02-20 17:58:06,452 INFO L290 TraceCheckUtils]: 145: Hoare triple {12939#false} assume -2147483648 <= verify_#t~ret79#1 && verify_#t~ret79#1 <= 2147483647;verify_~tmp~19#1 := verify_#t~ret79#1;havoc verify_#t~ret79#1; {12939#false} is VALID [2022-02-20 17:58:06,452 INFO L290 TraceCheckUtils]: 146: Hoare triple {12939#false} assume !(0 != verify_~tmp~19#1); {12939#false} is VALID [2022-02-20 17:58:06,452 INFO L290 TraceCheckUtils]: 147: Hoare triple {12939#false} assume { :end_inline_verify } true; {12939#false} is VALID [2022-02-20 17:58:06,452 INFO L272 TraceCheckUtils]: 148: Hoare triple {12939#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {12939#false} is VALID [2022-02-20 17:58:06,452 INFO L290 TraceCheckUtils]: 149: Hoare triple {12939#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12939#false} is VALID [2022-02-20 17:58:06,452 INFO L290 TraceCheckUtils]: 150: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {12939#false} is VALID [2022-02-20 17:58:06,452 INFO L272 TraceCheckUtils]: 151: Hoare triple {12939#false} call incoming__before__Forward(~client#1, ~msg#1); {12939#false} is VALID [2022-02-20 17:58:06,452 INFO L290 TraceCheckUtils]: 152: Hoare triple {12939#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12939#false} is VALID [2022-02-20 17:58:06,453 INFO L290 TraceCheckUtils]: 153: Hoare triple {12939#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {12939#false} is VALID [2022-02-20 17:58:06,453 INFO L272 TraceCheckUtils]: 154: Hoare triple {12939#false} call incoming__before__AutoResponder(~client#1, ~msg#1); {12939#false} is VALID [2022-02-20 17:58:06,453 INFO L290 TraceCheckUtils]: 155: Hoare triple {12939#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {12939#false} is VALID [2022-02-20 17:58:06,453 INFO L272 TraceCheckUtils]: 156: Hoare triple {12939#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {12938#true} is VALID [2022-02-20 17:58:06,453 INFO L290 TraceCheckUtils]: 157: Hoare triple {12938#true} ~handle := #in~handle;havoc ~retValue_acc~33; {12938#true} is VALID [2022-02-20 17:58:06,453 INFO L290 TraceCheckUtils]: 158: Hoare triple {12938#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {12938#true} is VALID [2022-02-20 17:58:06,453 INFO L290 TraceCheckUtils]: 159: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,453 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {12938#true} {12939#false} #1708#return; {12939#false} is VALID [2022-02-20 17:58:06,453 INFO L290 TraceCheckUtils]: 161: Hoare triple {12939#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {12939#false} is VALID [2022-02-20 17:58:06,454 INFO L290 TraceCheckUtils]: 162: Hoare triple {12939#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {12939#false} is VALID [2022-02-20 17:58:06,454 INFO L272 TraceCheckUtils]: 163: Hoare triple {12939#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {12938#true} is VALID [2022-02-20 17:58:06,454 INFO L290 TraceCheckUtils]: 164: Hoare triple {12938#true} ~handle := #in~handle;havoc ~retValue_acc~25; {12938#true} is VALID [2022-02-20 17:58:06,454 INFO L290 TraceCheckUtils]: 165: Hoare triple {12938#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {12938#true} is VALID [2022-02-20 17:58:06,454 INFO L290 TraceCheckUtils]: 166: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,454 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {12938#true} {12939#false} #1710#return; {12939#false} is VALID [2022-02-20 17:58:06,454 INFO L290 TraceCheckUtils]: 168: Hoare triple {12939#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {12939#false} is VALID [2022-02-20 17:58:06,454 INFO L272 TraceCheckUtils]: 169: Hoare triple {12939#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {12938#true} is VALID [2022-02-20 17:58:06,454 INFO L290 TraceCheckUtils]: 170: Hoare triple {12938#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {12938#true} is VALID [2022-02-20 17:58:06,455 INFO L290 TraceCheckUtils]: 171: Hoare triple {12938#true} assume 1 == ~handle; {12938#true} is VALID [2022-02-20 17:58:06,455 INFO L290 TraceCheckUtils]: 172: Hoare triple {12938#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {12938#true} is VALID [2022-02-20 17:58:06,455 INFO L290 TraceCheckUtils]: 173: Hoare triple {12938#true} assume true; {12938#true} is VALID [2022-02-20 17:58:06,455 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {12938#true} {12939#false} #1712#return; {12939#false} is VALID [2022-02-20 17:58:06,455 INFO L290 TraceCheckUtils]: 175: Hoare triple {12939#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {12939#false} is VALID [2022-02-20 17:58:06,455 INFO L290 TraceCheckUtils]: 176: Hoare triple {12939#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {12939#false} is VALID [2022-02-20 17:58:06,455 INFO L290 TraceCheckUtils]: 177: Hoare triple {12939#false} assume !false; {12939#false} is VALID [2022-02-20 17:58:06,456 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:58:06,456 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:06,456 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [694665163] [2022-02-20 17:58:06,456 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [694665163] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:06,456 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:06,456 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:58:06,456 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1143258497] [2022-02-20 17:58:06,456 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:06,458 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 178 [2022-02-20 17:58:06,458 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:06,458 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:58:06,544 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 155 edges. 155 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:06,544 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:58:06,544 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:06,545 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:58:06,545 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:58:06,546 INFO L87 Difference]: Start difference. First operand 602 states and 881 transitions. Second operand has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:58:15,539 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:15,540 INFO L93 Difference]: Finished difference Result 1976 states and 3060 transitions. [2022-02-20 17:58:15,540 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-02-20 17:58:15,540 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 178 [2022-02-20 17:58:15,541 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:15,541 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:58:15,581 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 3058 transitions. [2022-02-20 17:58:15,581 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:58:15,620 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 3058 transitions. [2022-02-20 17:58:15,620 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states and 3058 transitions. [2022-02-20 17:58:18,311 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 3058 edges. 3058 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:18,398 INFO L225 Difference]: With dead ends: 1976 [2022-02-20 17:58:18,399 INFO L226 Difference]: Without dead ends: 1408 [2022-02-20 17:58:18,400 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 66 GetRequests, 53 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 36 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=67, Invalid=143, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:58:18,405 INFO L933 BasicCegarLoop]: 938 mSDtfsCounter, 3265 mSDsluCounter, 909 mSDsCounter, 0 mSdLazyCounter, 1675 mSolverCounterSat, 1449 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3308 SdHoareTripleChecker+Valid, 1847 SdHoareTripleChecker+Invalid, 3124 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1449 IncrementalHoareTripleChecker+Valid, 1675 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:18,405 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [3308 Valid, 1847 Invalid, 3124 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1449 Valid, 1675 Invalid, 0 Unknown, 0 Unchecked, 4.1s Time] [2022-02-20 17:58:18,407 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1408 states. [2022-02-20 17:58:18,452 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1408 to 1148. [2022-02-20 17:58:18,452 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:18,455 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1408 states. Second operand has 1148 states, 853 states have (on average 1.4912075029308323) internal successors, (1272), 883 states have internal predecessors, (1272), 205 states have call successors, (205), 89 states have call predecessors, (205), 89 states have return successors, (216), 202 states have call predecessors, (216), 203 states have call successors, (216) [2022-02-20 17:58:18,457 INFO L74 IsIncluded]: Start isIncluded. First operand 1408 states. Second operand has 1148 states, 853 states have (on average 1.4912075029308323) internal successors, (1272), 883 states have internal predecessors, (1272), 205 states have call successors, (205), 89 states have call predecessors, (205), 89 states have return successors, (216), 202 states have call predecessors, (216), 203 states have call successors, (216) [2022-02-20 17:58:18,459 INFO L87 Difference]: Start difference. First operand 1408 states. Second operand has 1148 states, 853 states have (on average 1.4912075029308323) internal successors, (1272), 883 states have internal predecessors, (1272), 205 states have call successors, (205), 89 states have call predecessors, (205), 89 states have return successors, (216), 202 states have call predecessors, (216), 203 states have call successors, (216) [2022-02-20 17:58:18,521 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:18,522 INFO L93 Difference]: Finished difference Result 1408 states and 2191 transitions. [2022-02-20 17:58:18,522 INFO L276 IsEmpty]: Start isEmpty. Operand 1408 states and 2191 transitions. [2022-02-20 17:58:18,526 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:18,527 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:18,529 INFO L74 IsIncluded]: Start isIncluded. First operand has 1148 states, 853 states have (on average 1.4912075029308323) internal successors, (1272), 883 states have internal predecessors, (1272), 205 states have call successors, (205), 89 states have call predecessors, (205), 89 states have return successors, (216), 202 states have call predecessors, (216), 203 states have call successors, (216) Second operand 1408 states. [2022-02-20 17:58:18,544 INFO L87 Difference]: Start difference. First operand has 1148 states, 853 states have (on average 1.4912075029308323) internal successors, (1272), 883 states have internal predecessors, (1272), 205 states have call successors, (205), 89 states have call predecessors, (205), 89 states have return successors, (216), 202 states have call predecessors, (216), 203 states have call successors, (216) Second operand 1408 states. [2022-02-20 17:58:18,610 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:18,610 INFO L93 Difference]: Finished difference Result 1408 states and 2191 transitions. [2022-02-20 17:58:18,610 INFO L276 IsEmpty]: Start isEmpty. Operand 1408 states and 2191 transitions. [2022-02-20 17:58:18,615 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:18,615 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:18,615 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:18,615 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:18,619 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1148 states, 853 states have (on average 1.4912075029308323) internal successors, (1272), 883 states have internal predecessors, (1272), 205 states have call successors, (205), 89 states have call predecessors, (205), 89 states have return successors, (216), 202 states have call predecessors, (216), 203 states have call successors, (216) [2022-02-20 17:58:18,677 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1148 states to 1148 states and 1693 transitions. [2022-02-20 17:58:18,678 INFO L78 Accepts]: Start accepts. Automaton has 1148 states and 1693 transitions. Word has length 178 [2022-02-20 17:58:18,678 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:18,678 INFO L470 AbstractCegarLoop]: Abstraction has 1148 states and 1693 transitions. [2022-02-20 17:58:18,679 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 17:58:18,679 INFO L276 IsEmpty]: Start isEmpty. Operand 1148 states and 1693 transitions. [2022-02-20 17:58:18,683 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 187 [2022-02-20 17:58:18,683 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:18,684 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:18,684 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 17:58:18,684 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:18,684 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:18,684 INFO L85 PathProgramCache]: Analyzing trace with hash 528392633, now seen corresponding path program 1 times [2022-02-20 17:58:18,684 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:18,685 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1130813811] [2022-02-20 17:58:18,685 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:18,685 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:18,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:58:18,754 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,756 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,756 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,757 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1736#return; {20208#true} is VALID [2022-02-20 17:58:18,757 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:58:18,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,760 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,760 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,760 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1738#return; {20208#true} is VALID [2022-02-20 17:58:18,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:58:18,762 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,764 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,764 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,764 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1740#return; {20208#true} is VALID [2022-02-20 17:58:18,764 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:18,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,768 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,768 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,768 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1742#return; {20208#true} is VALID [2022-02-20 17:58:18,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:58:18,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,771 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1744#return; {20208#true} is VALID [2022-02-20 17:58:18,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:58:18,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,774 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1746#return; {20208#true} is VALID [2022-02-20 17:58:18,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:58:18,776 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,777 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,777 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,777 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1748#return; {20208#true} is VALID [2022-02-20 17:58:18,777 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:18,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,780 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,780 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,780 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1750#return; {20208#true} is VALID [2022-02-20 17:58:18,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:58:18,785 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,787 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:18,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,791 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,791 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20208#true} #1734#return; {20208#true} is VALID [2022-02-20 17:58:18,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {20208#true} is VALID [2022-02-20 17:58:18,792 INFO L272 TraceCheckUtils]: 1: Hoare triple {20208#true} call setClientId(~bob___0, ~bob___0); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,792 INFO L290 TraceCheckUtils]: 3: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,792 INFO L290 TraceCheckUtils]: 4: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,792 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20208#true} {20208#true} #1734#return; {20208#true} is VALID [2022-02-20 17:58:18,792 INFO L290 TraceCheckUtils]: 6: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,793 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {20208#true} {20209#false} #1756#return; {20209#false} is VALID [2022-02-20 17:58:18,793 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:58:18,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,799 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:18,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,803 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20208#true} #1678#return; {20208#true} is VALID [2022-02-20 17:58:18,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {20208#true} is VALID [2022-02-20 17:58:18,803 INFO L272 TraceCheckUtils]: 1: Hoare triple {20208#true} call setClientId(~rjh___0, ~rjh___0); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,804 INFO L290 TraceCheckUtils]: 3: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,804 INFO L290 TraceCheckUtils]: 4: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,804 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20208#true} {20208#true} #1678#return; {20208#true} is VALID [2022-02-20 17:58:18,804 INFO L290 TraceCheckUtils]: 6: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,804 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {20208#true} {20209#false} #1762#return; {20209#false} is VALID [2022-02-20 17:58:18,804 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:58:18,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,807 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:18,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,810 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,810 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20208#true} #1624#return; {20208#true} is VALID [2022-02-20 17:58:18,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {20208#true} is VALID [2022-02-20 17:58:18,811 INFO L272 TraceCheckUtils]: 1: Hoare triple {20208#true} call setClientId(~chuck___0, ~chuck___0); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,811 INFO L290 TraceCheckUtils]: 2: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,811 INFO L290 TraceCheckUtils]: 3: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,811 INFO L290 TraceCheckUtils]: 4: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,811 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20208#true} {20208#true} #1624#return; {20208#true} is VALID [2022-02-20 17:58:18,811 INFO L290 TraceCheckUtils]: 6: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,811 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {20208#true} {20209#false} #1768#return; {20209#false} is VALID [2022-02-20 17:58:18,815 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:58:18,816 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {20314#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,818 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,818 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20209#false} #1646#return; {20209#false} is VALID [2022-02-20 17:58:18,823 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:58:18,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,825 INFO L290 TraceCheckUtils]: 0: Hoare triple {20315#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,826 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,826 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,826 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20209#false} #1648#return; {20209#false} is VALID [2022-02-20 17:58:18,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 17:58:18,831 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,833 INFO L290 TraceCheckUtils]: 0: Hoare triple {20314#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,833 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,833 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,833 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20209#false} #1658#return; {20209#false} is VALID [2022-02-20 17:58:18,833 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 17:58:18,834 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} ~handle := #in~handle;havoc ~retValue_acc~26; {20208#true} is VALID [2022-02-20 17:58:18,837 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {20208#true} is VALID [2022-02-20 17:58:18,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,838 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20209#false} #1660#return; {20209#false} is VALID [2022-02-20 17:58:18,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 17:58:18,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} ~handle := #in~handle;havoc ~retValue_acc~15; {20208#true} is VALID [2022-02-20 17:58:18,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {20208#true} is VALID [2022-02-20 17:58:18,840 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,840 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20209#false} #1662#return; {20209#false} is VALID [2022-02-20 17:58:18,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 17:58:18,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:58:18,844 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,846 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {20208#true} is VALID [2022-02-20 17:58:18,846 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,846 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {20208#true} {20208#true} #1812#return; {20208#true} is VALID [2022-02-20 17:58:18,846 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {20208#true} is VALID [2022-02-20 17:58:18,846 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {20208#true} is VALID [2022-02-20 17:58:18,847 INFO L272 TraceCheckUtils]: 2: Hoare triple {20208#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {20208#true} is VALID [2022-02-20 17:58:18,847 INFO L290 TraceCheckUtils]: 3: Hoare triple {20208#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {20208#true} is VALID [2022-02-20 17:58:18,847 INFO L290 TraceCheckUtils]: 4: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,847 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20208#true} {20208#true} #1812#return; {20208#true} is VALID [2022-02-20 17:58:18,847 INFO L290 TraceCheckUtils]: 6: Hoare triple {20208#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {20208#true} is VALID [2022-02-20 17:58:18,847 INFO L290 TraceCheckUtils]: 7: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,847 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {20208#true} {20209#false} #1596#return; {20209#false} is VALID [2022-02-20 17:58:18,847 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 164 [2022-02-20 17:58:18,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} ~handle := #in~handle;havoc ~retValue_acc~33; {20208#true} is VALID [2022-02-20 17:58:18,850 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {20208#true} is VALID [2022-02-20 17:58:18,850 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,850 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20209#false} #1708#return; {20209#false} is VALID [2022-02-20 17:58:18,850 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 171 [2022-02-20 17:58:18,851 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,852 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} ~handle := #in~handle;havoc ~retValue_acc~25; {20208#true} is VALID [2022-02-20 17:58:18,853 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {20208#true} is VALID [2022-02-20 17:58:18,853 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,853 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20208#true} {20209#false} #1710#return; {20209#false} is VALID [2022-02-20 17:58:18,853 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 177 [2022-02-20 17:58:18,854 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:18,856 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {20208#true} is VALID [2022-02-20 17:58:18,856 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume 1 == ~handle; {20208#true} is VALID [2022-02-20 17:58:18,856 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {20208#true} is VALID [2022-02-20 17:58:18,856 INFO L290 TraceCheckUtils]: 3: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,857 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20208#true} {20209#false} #1712#return; {20209#false} is VALID [2022-02-20 17:58:18,857 INFO L290 TraceCheckUtils]: 0: Hoare triple {20208#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {20208#true} is VALID [2022-02-20 17:58:18,857 INFO L290 TraceCheckUtils]: 1: Hoare triple {20208#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {20208#true} is VALID [2022-02-20 17:58:18,857 INFO L290 TraceCheckUtils]: 2: Hoare triple {20208#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {20208#true} is VALID [2022-02-20 17:58:18,857 INFO L272 TraceCheckUtils]: 3: Hoare triple {20208#true} call select_features_#t~ret29#1 := select_one(); {20208#true} is VALID [2022-02-20 17:58:18,857 INFO L290 TraceCheckUtils]: 4: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,857 INFO L290 TraceCheckUtils]: 5: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,857 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {20208#true} {20208#true} #1736#return; {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L290 TraceCheckUtils]: 7: Hoare triple {20208#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L272 TraceCheckUtils]: 8: Hoare triple {20208#true} call select_features_#t~ret30#1 := select_one(); {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L290 TraceCheckUtils]: 9: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L290 TraceCheckUtils]: 10: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {20208#true} {20208#true} #1738#return; {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L290 TraceCheckUtils]: 12: Hoare triple {20208#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L272 TraceCheckUtils]: 13: Hoare triple {20208#true} call select_features_#t~ret31#1 := select_one(); {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L290 TraceCheckUtils]: 14: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,858 INFO L290 TraceCheckUtils]: 15: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {20208#true} {20208#true} #1740#return; {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L290 TraceCheckUtils]: 17: Hoare triple {20208#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L272 TraceCheckUtils]: 18: Hoare triple {20208#true} call select_features_#t~ret32#1 := select_one(); {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L290 TraceCheckUtils]: 19: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L290 TraceCheckUtils]: 20: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {20208#true} {20208#true} #1742#return; {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L290 TraceCheckUtils]: 22: Hoare triple {20208#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L272 TraceCheckUtils]: 23: Hoare triple {20208#true} call select_features_#t~ret33#1 := select_one(); {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L290 TraceCheckUtils]: 24: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,859 INFO L290 TraceCheckUtils]: 25: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {20208#true} {20208#true} #1744#return; {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L290 TraceCheckUtils]: 27: Hoare triple {20208#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L272 TraceCheckUtils]: 28: Hoare triple {20208#true} call select_features_#t~ret34#1 := select_one(); {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L290 TraceCheckUtils]: 29: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L290 TraceCheckUtils]: 30: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {20208#true} {20208#true} #1746#return; {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L290 TraceCheckUtils]: 32: Hoare triple {20208#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L272 TraceCheckUtils]: 33: Hoare triple {20208#true} call select_features_#t~ret35#1 := select_one(); {20208#true} is VALID [2022-02-20 17:58:18,860 INFO L290 TraceCheckUtils]: 34: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L290 TraceCheckUtils]: 35: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {20208#true} {20208#true} #1748#return; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L290 TraceCheckUtils]: 37: Hoare triple {20208#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L272 TraceCheckUtils]: 38: Hoare triple {20208#true} call select_features_#t~ret36#1 := select_one(); {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L290 TraceCheckUtils]: 39: Hoare triple {20208#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L290 TraceCheckUtils]: 40: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {20208#true} {20208#true} #1750#return; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L290 TraceCheckUtils]: 42: Hoare triple {20208#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L290 TraceCheckUtils]: 43: Hoare triple {20208#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {20208#true} is VALID [2022-02-20 17:58:18,861 INFO L290 TraceCheckUtils]: 44: Hoare triple {20208#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {20208#true} is VALID [2022-02-20 17:58:18,862 INFO L290 TraceCheckUtils]: 45: Hoare triple {20208#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {20208#true} is VALID [2022-02-20 17:58:18,862 INFO L290 TraceCheckUtils]: 46: Hoare triple {20208#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {20208#true} is VALID [2022-02-20 17:58:18,862 INFO L290 TraceCheckUtils]: 47: Hoare triple {20208#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {20234#(not (= ~__SELECTED_FEATURE_Sign~0 0))} is VALID [2022-02-20 17:58:18,862 INFO L290 TraceCheckUtils]: 48: Hoare triple {20234#(not (= ~__SELECTED_FEATURE_Sign~0 0))} assume 0 != ~__SELECTED_FEATURE_Verify~0; {20234#(not (= ~__SELECTED_FEATURE_Sign~0 0))} is VALID [2022-02-20 17:58:18,863 INFO L290 TraceCheckUtils]: 49: Hoare triple {20234#(not (= ~__SELECTED_FEATURE_Sign~0 0))} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {20234#(not (= ~__SELECTED_FEATURE_Sign~0 0))} is VALID [2022-02-20 17:58:18,863 INFO L290 TraceCheckUtils]: 50: Hoare triple {20234#(not (= ~__SELECTED_FEATURE_Sign~0 0))} assume 0 != ~__SELECTED_FEATURE_Sign~0; {20234#(not (= ~__SELECTED_FEATURE_Sign~0 0))} is VALID [2022-02-20 17:58:18,863 INFO L290 TraceCheckUtils]: 51: Hoare triple {20234#(not (= ~__SELECTED_FEATURE_Sign~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {20209#false} is VALID [2022-02-20 17:58:18,863 INFO L290 TraceCheckUtils]: 52: Hoare triple {20209#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~3#1 := 1; {20209#false} is VALID [2022-02-20 17:58:18,863 INFO L290 TraceCheckUtils]: 53: Hoare triple {20209#false} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {20209#false} is VALID [2022-02-20 17:58:18,863 INFO L290 TraceCheckUtils]: 54: Hoare triple {20209#false} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {20209#false} is VALID [2022-02-20 17:58:18,864 INFO L290 TraceCheckUtils]: 55: Hoare triple {20209#false} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {20209#false} is VALID [2022-02-20 17:58:18,864 INFO L290 TraceCheckUtils]: 56: Hoare triple {20209#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {20209#false} is VALID [2022-02-20 17:58:18,864 INFO L272 TraceCheckUtils]: 57: Hoare triple {20209#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,864 INFO L290 TraceCheckUtils]: 58: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {20208#true} is VALID [2022-02-20 17:58:18,864 INFO L272 TraceCheckUtils]: 59: Hoare triple {20208#true} call setClientId(~bob___0, ~bob___0); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,865 INFO L290 TraceCheckUtils]: 60: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,865 INFO L290 TraceCheckUtils]: 61: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,865 INFO L290 TraceCheckUtils]: 62: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,865 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {20208#true} {20208#true} #1734#return; {20208#true} is VALID [2022-02-20 17:58:18,865 INFO L290 TraceCheckUtils]: 64: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,865 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {20208#true} {20209#false} #1756#return; {20209#false} is VALID [2022-02-20 17:58:18,865 INFO L290 TraceCheckUtils]: 66: Hoare triple {20209#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {20209#false} is VALID [2022-02-20 17:58:18,865 INFO L290 TraceCheckUtils]: 67: Hoare triple {20209#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {20209#false} is VALID [2022-02-20 17:58:18,865 INFO L272 TraceCheckUtils]: 68: Hoare triple {20209#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,866 INFO L290 TraceCheckUtils]: 69: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {20208#true} is VALID [2022-02-20 17:58:18,866 INFO L272 TraceCheckUtils]: 70: Hoare triple {20208#true} call setClientId(~rjh___0, ~rjh___0); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,866 INFO L290 TraceCheckUtils]: 71: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,866 INFO L290 TraceCheckUtils]: 72: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,866 INFO L290 TraceCheckUtils]: 73: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,867 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {20208#true} {20208#true} #1678#return; {20208#true} is VALID [2022-02-20 17:58:18,867 INFO L290 TraceCheckUtils]: 75: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,867 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {20208#true} {20209#false} #1762#return; {20209#false} is VALID [2022-02-20 17:58:18,867 INFO L290 TraceCheckUtils]: 77: Hoare triple {20209#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {20209#false} is VALID [2022-02-20 17:58:18,867 INFO L290 TraceCheckUtils]: 78: Hoare triple {20209#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {20209#false} is VALID [2022-02-20 17:58:18,867 INFO L272 TraceCheckUtils]: 79: Hoare triple {20209#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,867 INFO L290 TraceCheckUtils]: 80: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {20208#true} is VALID [2022-02-20 17:58:18,868 INFO L272 TraceCheckUtils]: 81: Hoare triple {20208#true} call setClientId(~chuck___0, ~chuck___0); {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:18,868 INFO L290 TraceCheckUtils]: 82: Hoare triple {20301#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,868 INFO L290 TraceCheckUtils]: 83: Hoare triple {20208#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,868 INFO L290 TraceCheckUtils]: 84: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,868 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {20208#true} {20208#true} #1624#return; {20208#true} is VALID [2022-02-20 17:58:18,868 INFO L290 TraceCheckUtils]: 86: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,868 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {20208#true} {20209#false} #1768#return; {20209#false} is VALID [2022-02-20 17:58:18,868 INFO L290 TraceCheckUtils]: 88: Hoare triple {20209#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {20209#false} is VALID [2022-02-20 17:58:18,869 INFO L290 TraceCheckUtils]: 89: Hoare triple {20209#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20209#false} is VALID [2022-02-20 17:58:18,869 INFO L290 TraceCheckUtils]: 90: Hoare triple {20209#false} assume !false; {20209#false} is VALID [2022-02-20 17:58:18,869 INFO L290 TraceCheckUtils]: 91: Hoare triple {20209#false} assume !(test_~splverifierCounter~0#1 < 4); {20209#false} is VALID [2022-02-20 17:58:18,869 INFO L290 TraceCheckUtils]: 92: Hoare triple {20209#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {20209#false} is VALID [2022-02-20 17:58:18,869 INFO L272 TraceCheckUtils]: 93: Hoare triple {20209#false} call sendEmail(~bob~0, ~rjh~0); {20209#false} is VALID [2022-02-20 17:58:18,869 INFO L290 TraceCheckUtils]: 94: Hoare triple {20209#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {20209#false} is VALID [2022-02-20 17:58:18,869 INFO L272 TraceCheckUtils]: 95: Hoare triple {20209#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20314#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:18,869 INFO L290 TraceCheckUtils]: 96: Hoare triple {20314#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,869 INFO L290 TraceCheckUtils]: 97: Hoare triple {20208#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,870 INFO L290 TraceCheckUtils]: 98: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,870 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {20208#true} {20209#false} #1646#return; {20209#false} is VALID [2022-02-20 17:58:18,870 INFO L272 TraceCheckUtils]: 100: Hoare triple {20209#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {20315#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:18,870 INFO L290 TraceCheckUtils]: 101: Hoare triple {20315#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,870 INFO L290 TraceCheckUtils]: 102: Hoare triple {20208#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,870 INFO L290 TraceCheckUtils]: 103: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,870 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {20208#true} {20209#false} #1648#return; {20209#false} is VALID [2022-02-20 17:58:18,870 INFO L290 TraceCheckUtils]: 105: Hoare triple {20209#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {20209#false} is VALID [2022-02-20 17:58:18,870 INFO L290 TraceCheckUtils]: 106: Hoare triple {20209#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L272 TraceCheckUtils]: 107: Hoare triple {20209#false} call outgoing(~sender#1, ~email~0#1); {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L290 TraceCheckUtils]: 108: Hoare triple {20209#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L290 TraceCheckUtils]: 109: Hoare triple {20209#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L272 TraceCheckUtils]: 110: Hoare triple {20209#false} call outgoing__before__Sign(~client#1, ~msg#1); {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L290 TraceCheckUtils]: 111: Hoare triple {20209#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L290 TraceCheckUtils]: 112: Hoare triple {20209#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L272 TraceCheckUtils]: 113: Hoare triple {20209#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L290 TraceCheckUtils]: 114: Hoare triple {20209#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L290 TraceCheckUtils]: 115: Hoare triple {20209#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {20209#false} is VALID [2022-02-20 17:58:18,871 INFO L272 TraceCheckUtils]: 116: Hoare triple {20209#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {20209#false} is VALID [2022-02-20 17:58:18,872 INFO L290 TraceCheckUtils]: 117: Hoare triple {20209#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {20209#false} is VALID [2022-02-20 17:58:18,872 INFO L290 TraceCheckUtils]: 118: Hoare triple {20209#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {20209#false} is VALID [2022-02-20 17:58:18,872 INFO L290 TraceCheckUtils]: 119: Hoare triple {20209#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {20209#false} is VALID [2022-02-20 17:58:18,872 INFO L272 TraceCheckUtils]: 120: Hoare triple {20209#false} call setEmailFrom(~msg#1, ~tmp~9#1); {20314#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:18,872 INFO L290 TraceCheckUtils]: 121: Hoare triple {20314#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20208#true} is VALID [2022-02-20 17:58:18,872 INFO L290 TraceCheckUtils]: 122: Hoare triple {20208#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20208#true} is VALID [2022-02-20 17:58:18,872 INFO L290 TraceCheckUtils]: 123: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,872 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {20208#true} {20209#false} #1658#return; {20209#false} is VALID [2022-02-20 17:58:18,872 INFO L290 TraceCheckUtils]: 125: Hoare triple {20209#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {20209#false} is VALID [2022-02-20 17:58:18,873 INFO L272 TraceCheckUtils]: 126: Hoare triple {20209#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {20208#true} is VALID [2022-02-20 17:58:18,873 INFO L290 TraceCheckUtils]: 127: Hoare triple {20208#true} ~handle := #in~handle;havoc ~retValue_acc~26; {20208#true} is VALID [2022-02-20 17:58:18,873 INFO L290 TraceCheckUtils]: 128: Hoare triple {20208#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {20208#true} is VALID [2022-02-20 17:58:18,873 INFO L290 TraceCheckUtils]: 129: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,873 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {20208#true} {20209#false} #1660#return; {20209#false} is VALID [2022-02-20 17:58:18,873 INFO L290 TraceCheckUtils]: 131: Hoare triple {20209#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {20209#false} is VALID [2022-02-20 17:58:18,873 INFO L290 TraceCheckUtils]: 132: Hoare triple {20209#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret68#1, incoming__role__Decrypt_#t~ret69#1, incoming__role__Decrypt_#t~ret70#1, incoming__role__Decrypt_#t~ret71#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~14#1, incoming__role__Decrypt_~tmp___0~4#1, incoming__role__Decrypt_~tmp___1~3#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~14#1;havoc incoming__role__Decrypt_~tmp___0~4#1;havoc incoming__role__Decrypt_~tmp___1~3#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {20209#false} is VALID [2022-02-20 17:58:18,873 INFO L272 TraceCheckUtils]: 133: Hoare triple {20209#false} call incoming__role__Decrypt_#t~ret68#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {20208#true} is VALID [2022-02-20 17:58:18,873 INFO L290 TraceCheckUtils]: 134: Hoare triple {20208#true} ~handle := #in~handle;havoc ~retValue_acc~15; {20208#true} is VALID [2022-02-20 17:58:18,874 INFO L290 TraceCheckUtils]: 135: Hoare triple {20208#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {20208#true} is VALID [2022-02-20 17:58:18,874 INFO L290 TraceCheckUtils]: 136: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,874 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {20208#true} {20209#false} #1662#return; {20209#false} is VALID [2022-02-20 17:58:18,875 INFO L290 TraceCheckUtils]: 138: Hoare triple {20209#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret68#1 && incoming__role__Decrypt_#t~ret68#1 <= 2147483647;incoming__role__Decrypt_~tmp~14#1 := incoming__role__Decrypt_#t~ret68#1;havoc incoming__role__Decrypt_#t~ret68#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~14#1; {20209#false} is VALID [2022-02-20 17:58:18,875 INFO L290 TraceCheckUtils]: 139: Hoare triple {20209#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {20209#false} is VALID [2022-02-20 17:58:18,875 INFO L272 TraceCheckUtils]: 140: Hoare triple {20209#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {20209#false} is VALID [2022-02-20 17:58:18,875 INFO L290 TraceCheckUtils]: 141: Hoare triple {20209#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20209#false} is VALID [2022-02-20 17:58:18,875 INFO L290 TraceCheckUtils]: 142: Hoare triple {20209#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~tmp~19#1, verify_~tmp___0~5#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1; {20209#false} is VALID [2022-02-20 17:58:18,875 INFO L272 TraceCheckUtils]: 143: Hoare triple {20209#false} call verify_#t~ret79#1 := isReadable(verify_~msg#1); {20208#true} is VALID [2022-02-20 17:58:18,875 INFO L290 TraceCheckUtils]: 144: Hoare triple {20208#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {20208#true} is VALID [2022-02-20 17:58:18,875 INFO L290 TraceCheckUtils]: 145: Hoare triple {20208#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {20208#true} is VALID [2022-02-20 17:58:18,875 INFO L272 TraceCheckUtils]: 146: Hoare triple {20208#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {20208#true} is VALID [2022-02-20 17:58:18,876 INFO L290 TraceCheckUtils]: 147: Hoare triple {20208#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {20208#true} is VALID [2022-02-20 17:58:18,876 INFO L290 TraceCheckUtils]: 148: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,876 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {20208#true} {20208#true} #1812#return; {20208#true} is VALID [2022-02-20 17:58:18,876 INFO L290 TraceCheckUtils]: 150: Hoare triple {20208#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {20208#true} is VALID [2022-02-20 17:58:18,876 INFO L290 TraceCheckUtils]: 151: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,876 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {20208#true} {20209#false} #1596#return; {20209#false} is VALID [2022-02-20 17:58:18,876 INFO L290 TraceCheckUtils]: 153: Hoare triple {20209#false} assume -2147483648 <= verify_#t~ret79#1 && verify_#t~ret79#1 <= 2147483647;verify_~tmp~19#1 := verify_#t~ret79#1;havoc verify_#t~ret79#1; {20209#false} is VALID [2022-02-20 17:58:18,876 INFO L290 TraceCheckUtils]: 154: Hoare triple {20209#false} assume !(0 != verify_~tmp~19#1); {20209#false} is VALID [2022-02-20 17:58:18,876 INFO L290 TraceCheckUtils]: 155: Hoare triple {20209#false} assume { :end_inline_verify } true; {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L272 TraceCheckUtils]: 156: Hoare triple {20209#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L290 TraceCheckUtils]: 157: Hoare triple {20209#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L290 TraceCheckUtils]: 158: Hoare triple {20209#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L272 TraceCheckUtils]: 159: Hoare triple {20209#false} call incoming__before__Forward(~client#1, ~msg#1); {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L290 TraceCheckUtils]: 160: Hoare triple {20209#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L290 TraceCheckUtils]: 161: Hoare triple {20209#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L272 TraceCheckUtils]: 162: Hoare triple {20209#false} call incoming__before__AutoResponder(~client#1, ~msg#1); {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L290 TraceCheckUtils]: 163: Hoare triple {20209#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {20209#false} is VALID [2022-02-20 17:58:18,877 INFO L272 TraceCheckUtils]: 164: Hoare triple {20209#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {20208#true} is VALID [2022-02-20 17:58:18,877 INFO L290 TraceCheckUtils]: 165: Hoare triple {20208#true} ~handle := #in~handle;havoc ~retValue_acc~33; {20208#true} is VALID [2022-02-20 17:58:18,878 INFO L290 TraceCheckUtils]: 166: Hoare triple {20208#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {20208#true} is VALID [2022-02-20 17:58:18,878 INFO L290 TraceCheckUtils]: 167: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,878 INFO L284 TraceCheckUtils]: 168: Hoare quadruple {20208#true} {20209#false} #1708#return; {20209#false} is VALID [2022-02-20 17:58:18,878 INFO L290 TraceCheckUtils]: 169: Hoare triple {20209#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {20209#false} is VALID [2022-02-20 17:58:18,878 INFO L290 TraceCheckUtils]: 170: Hoare triple {20209#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {20209#false} is VALID [2022-02-20 17:58:18,878 INFO L272 TraceCheckUtils]: 171: Hoare triple {20209#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {20208#true} is VALID [2022-02-20 17:58:18,878 INFO L290 TraceCheckUtils]: 172: Hoare triple {20208#true} ~handle := #in~handle;havoc ~retValue_acc~25; {20208#true} is VALID [2022-02-20 17:58:18,878 INFO L290 TraceCheckUtils]: 173: Hoare triple {20208#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {20208#true} is VALID [2022-02-20 17:58:18,878 INFO L290 TraceCheckUtils]: 174: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,879 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {20208#true} {20209#false} #1710#return; {20209#false} is VALID [2022-02-20 17:58:18,879 INFO L290 TraceCheckUtils]: 176: Hoare triple {20209#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {20209#false} is VALID [2022-02-20 17:58:18,879 INFO L272 TraceCheckUtils]: 177: Hoare triple {20209#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {20208#true} is VALID [2022-02-20 17:58:18,879 INFO L290 TraceCheckUtils]: 178: Hoare triple {20208#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {20208#true} is VALID [2022-02-20 17:58:18,879 INFO L290 TraceCheckUtils]: 179: Hoare triple {20208#true} assume 1 == ~handle; {20208#true} is VALID [2022-02-20 17:58:18,879 INFO L290 TraceCheckUtils]: 180: Hoare triple {20208#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {20208#true} is VALID [2022-02-20 17:58:18,879 INFO L290 TraceCheckUtils]: 181: Hoare triple {20208#true} assume true; {20208#true} is VALID [2022-02-20 17:58:18,879 INFO L284 TraceCheckUtils]: 182: Hoare quadruple {20208#true} {20209#false} #1712#return; {20209#false} is VALID [2022-02-20 17:58:18,879 INFO L290 TraceCheckUtils]: 183: Hoare triple {20209#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {20209#false} is VALID [2022-02-20 17:58:18,879 INFO L290 TraceCheckUtils]: 184: Hoare triple {20209#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {20209#false} is VALID [2022-02-20 17:58:18,880 INFO L290 TraceCheckUtils]: 185: Hoare triple {20209#false} assume !false; {20209#false} is VALID [2022-02-20 17:58:18,880 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:58:18,880 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:18,880 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1130813811] [2022-02-20 17:58:18,880 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1130813811] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:18,880 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:18,881 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:58:18,881 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2036705970] [2022-02-20 17:58:18,882 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:18,882 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 17.666666666666668) internal successors, (106), 3 states have internal predecessors, (106), 2 states have call successors, (33), 5 states have call predecessors, (33), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 186 [2022-02-20 17:58:18,882 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:18,883 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 17.666666666666668) internal successors, (106), 3 states have internal predecessors, (106), 2 states have call successors, (33), 5 states have call predecessors, (33), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:58:18,988 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 163 edges. 163 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:18,988 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:58:18,988 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:18,989 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:58:18,989 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:58:18,989 INFO L87 Difference]: Start difference. First operand 1148 states and 1693 transitions. Second operand has 6 states, 6 states have (on average 17.666666666666668) internal successors, (106), 3 states have internal predecessors, (106), 2 states have call successors, (33), 5 states have call predecessors, (33), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:58:23,291 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:23,292 INFO L93 Difference]: Finished difference Result 1279 states and 1921 transitions. [2022-02-20 17:58:23,292 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:58:23,292 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 17.666666666666668) internal successors, (106), 3 states have internal predecessors, (106), 2 states have call successors, (33), 5 states have call predecessors, (33), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 186 [2022-02-20 17:58:23,293 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:23,293 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 17.666666666666668) internal successors, (106), 3 states have internal predecessors, (106), 2 states have call successors, (33), 5 states have call predecessors, (33), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:58:23,314 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1917 transitions. [2022-02-20 17:58:23,315 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 17.666666666666668) internal successors, (106), 3 states have internal predecessors, (106), 2 states have call successors, (33), 5 states have call predecessors, (33), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:58:23,336 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1917 transitions. [2022-02-20 17:58:23,336 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1917 transitions. [2022-02-20 17:58:24,827 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1917 edges. 1917 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:24,860 INFO L225 Difference]: With dead ends: 1279 [2022-02-20 17:58:24,861 INFO L226 Difference]: Without dead ends: 732 [2022-02-20 17:58:24,862 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 61 GetRequests, 51 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:24,863 INFO L933 BasicCegarLoop]: 877 mSDtfsCounter, 2031 mSDsluCounter, 684 mSDsCounter, 0 mSdLazyCounter, 505 mSolverCounterSat, 826 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2058 SdHoareTripleChecker+Valid, 1561 SdHoareTripleChecker+Invalid, 1331 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 826 IncrementalHoareTripleChecker+Valid, 505 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:24,863 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2058 Valid, 1561 Invalid, 1331 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [826 Valid, 505 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-02-20 17:58:24,864 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 732 states. [2022-02-20 17:58:24,881 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 732 to 603. [2022-02-20 17:58:24,881 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:24,882 INFO L82 GeneralOperation]: Start isEquivalent. First operand 732 states. Second operand has 603 states, 448 states have (on average 1.4732142857142858) internal successors, (660), 463 states have internal predecessors, (660), 108 states have call successors, (108), 46 states have call predecessors, (108), 46 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 17:58:24,883 INFO L74 IsIncluded]: Start isIncluded. First operand 732 states. Second operand has 603 states, 448 states have (on average 1.4732142857142858) internal successors, (660), 463 states have internal predecessors, (660), 108 states have call successors, (108), 46 states have call predecessors, (108), 46 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 17:58:24,884 INFO L87 Difference]: Start difference. First operand 732 states. Second operand has 603 states, 448 states have (on average 1.4732142857142858) internal successors, (660), 463 states have internal predecessors, (660), 108 states have call successors, (108), 46 states have call predecessors, (108), 46 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 17:58:24,904 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:24,905 INFO L93 Difference]: Finished difference Result 732 states and 1092 transitions. [2022-02-20 17:58:24,905 INFO L276 IsEmpty]: Start isEmpty. Operand 732 states and 1092 transitions. [2022-02-20 17:58:24,907 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:24,907 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:24,908 INFO L74 IsIncluded]: Start isIncluded. First operand has 603 states, 448 states have (on average 1.4732142857142858) internal successors, (660), 463 states have internal predecessors, (660), 108 states have call successors, (108), 46 states have call predecessors, (108), 46 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) Second operand 732 states. [2022-02-20 17:58:24,909 INFO L87 Difference]: Start difference. First operand has 603 states, 448 states have (on average 1.4732142857142858) internal successors, (660), 463 states have internal predecessors, (660), 108 states have call successors, (108), 46 states have call predecessors, (108), 46 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) Second operand 732 states. [2022-02-20 17:58:24,930 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:24,930 INFO L93 Difference]: Finished difference Result 732 states and 1092 transitions. [2022-02-20 17:58:24,930 INFO L276 IsEmpty]: Start isEmpty. Operand 732 states and 1092 transitions. [2022-02-20 17:58:24,933 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:24,933 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:24,933 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:24,933 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:24,934 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 603 states, 448 states have (on average 1.4732142857142858) internal successors, (660), 463 states have internal predecessors, (660), 108 states have call successors, (108), 46 states have call predecessors, (108), 46 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 17:58:24,957 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 603 states to 603 states and 875 transitions. [2022-02-20 17:58:24,958 INFO L78 Accepts]: Start accepts. Automaton has 603 states and 875 transitions. Word has length 186 [2022-02-20 17:58:24,958 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:24,958 INFO L470 AbstractCegarLoop]: Abstraction has 603 states and 875 transitions. [2022-02-20 17:58:24,958 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 17.666666666666668) internal successors, (106), 3 states have internal predecessors, (106), 2 states have call successors, (33), 5 states have call predecessors, (33), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 17:58:24,958 INFO L276 IsEmpty]: Start isEmpty. Operand 603 states and 875 transitions. [2022-02-20 17:58:24,961 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 196 [2022-02-20 17:58:24,961 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:24,961 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:24,961 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 17:58:24,961 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:24,961 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:24,962 INFO L85 PathProgramCache]: Analyzing trace with hash 2046699704, now seen corresponding path program 1 times [2022-02-20 17:58:24,962 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:24,962 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [25616816] [2022-02-20 17:58:24,962 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:24,962 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:25,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:58:25,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,048 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,048 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1736#return; {24402#true} is VALID [2022-02-20 17:58:25,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:58:25,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,052 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,052 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1738#return; {24402#true} is VALID [2022-02-20 17:58:25,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:58:25,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,056 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,056 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,056 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1740#return; {24402#true} is VALID [2022-02-20 17:58:25,057 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:25,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,061 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,061 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1742#return; {24402#true} is VALID [2022-02-20 17:58:25,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:58:25,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,065 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,065 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1744#return; {24402#true} is VALID [2022-02-20 17:58:25,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:58:25,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,069 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,070 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,070 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1746#return; {24402#true} is VALID [2022-02-20 17:58:25,070 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:58:25,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,073 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,073 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1748#return; {24402#true} is VALID [2022-02-20 17:58:25,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:25,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,077 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,077 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1750#return; {24402#true} is VALID [2022-02-20 17:58:25,083 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:58:25,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,089 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:25,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,092 INFO L290 TraceCheckUtils]: 0: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,092 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,092 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,093 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24402#true} #1734#return; {24402#true} is VALID [2022-02-20 17:58:25,093 INFO L290 TraceCheckUtils]: 0: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {24402#true} is VALID [2022-02-20 17:58:25,093 INFO L272 TraceCheckUtils]: 1: Hoare triple {24402#true} call setClientId(~bob___0, ~bob___0); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,093 INFO L290 TraceCheckUtils]: 3: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,094 INFO L290 TraceCheckUtils]: 4: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,094 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24402#true} {24402#true} #1734#return; {24402#true} is VALID [2022-02-20 17:58:25,094 INFO L290 TraceCheckUtils]: 6: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,094 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {24402#true} {24403#false} #1756#return; {24403#false} is VALID [2022-02-20 17:58:25,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:25,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,097 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:25,099 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,101 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,101 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24402#true} #1678#return; {24402#true} is VALID [2022-02-20 17:58:25,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {24402#true} is VALID [2022-02-20 17:58:25,102 INFO L272 TraceCheckUtils]: 1: Hoare triple {24402#true} call setClientId(~rjh___0, ~rjh___0); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,102 INFO L290 TraceCheckUtils]: 3: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,102 INFO L290 TraceCheckUtils]: 4: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,103 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24402#true} {24402#true} #1678#return; {24402#true} is VALID [2022-02-20 17:58:25,103 INFO L290 TraceCheckUtils]: 6: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,103 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {24402#true} {24403#false} #1762#return; {24403#false} is VALID [2022-02-20 17:58:25,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:58:25,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:25,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,108 INFO L290 TraceCheckUtils]: 0: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,108 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24402#true} #1624#return; {24402#true} is VALID [2022-02-20 17:58:25,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {24402#true} is VALID [2022-02-20 17:58:25,109 INFO L272 TraceCheckUtils]: 1: Hoare triple {24402#true} call setClientId(~chuck___0, ~chuck___0); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,109 INFO L290 TraceCheckUtils]: 2: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,109 INFO L290 TraceCheckUtils]: 3: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,110 INFO L290 TraceCheckUtils]: 4: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,110 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24402#true} {24402#true} #1624#return; {24402#true} is VALID [2022-02-20 17:58:25,110 INFO L290 TraceCheckUtils]: 6: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,110 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {24402#true} {24403#false} #1768#return; {24403#false} is VALID [2022-02-20 17:58:25,114 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:58:25,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {24512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,116 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,116 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24403#false} #1646#return; {24403#false} is VALID [2022-02-20 17:58:25,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:25,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,124 INFO L290 TraceCheckUtils]: 0: Hoare triple {24513#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,124 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,124 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,125 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24403#false} #1648#return; {24403#false} is VALID [2022-02-20 17:58:25,125 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:58:25,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~15; {24402#true} is VALID [2022-02-20 17:58:25,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {24402#true} is VALID [2022-02-20 17:58:25,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,128 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24403#false} #1590#return; {24403#false} is VALID [2022-02-20 17:58:25,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:58:25,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,130 INFO L290 TraceCheckUtils]: 0: Hoare triple {24512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,130 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,131 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,131 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24403#false} #1658#return; {24403#false} is VALID [2022-02-20 17:58:25,131 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 17:58:25,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,133 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~26; {24402#true} is VALID [2022-02-20 17:58:25,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {24402#true} is VALID [2022-02-20 17:58:25,133 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24403#false} #1660#return; {24403#false} is VALID [2022-02-20 17:58:25,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:58:25,134 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,135 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~15; {24402#true} is VALID [2022-02-20 17:58:25,135 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {24402#true} is VALID [2022-02-20 17:58:25,135 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,136 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24403#false} #1662#return; {24403#false} is VALID [2022-02-20 17:58:25,136 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 152 [2022-02-20 17:58:25,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,139 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:58:25,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {24402#true} is VALID [2022-02-20 17:58:25,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,141 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24402#true} {24402#true} #1812#return; {24402#true} is VALID [2022-02-20 17:58:25,141 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {24402#true} is VALID [2022-02-20 17:58:25,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {24402#true} is VALID [2022-02-20 17:58:25,141 INFO L272 TraceCheckUtils]: 2: Hoare triple {24402#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {24402#true} is VALID [2022-02-20 17:58:25,141 INFO L290 TraceCheckUtils]: 3: Hoare triple {24402#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {24402#true} is VALID [2022-02-20 17:58:25,141 INFO L290 TraceCheckUtils]: 4: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,141 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24402#true} {24402#true} #1812#return; {24402#true} is VALID [2022-02-20 17:58:25,142 INFO L290 TraceCheckUtils]: 6: Hoare triple {24402#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {24402#true} is VALID [2022-02-20 17:58:25,142 INFO L290 TraceCheckUtils]: 7: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,142 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {24402#true} {24403#false} #1596#return; {24403#false} is VALID [2022-02-20 17:58:25,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 173 [2022-02-20 17:58:25,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~33; {24402#true} is VALID [2022-02-20 17:58:25,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {24402#true} is VALID [2022-02-20 17:58:25,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,144 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24403#false} #1708#return; {24403#false} is VALID [2022-02-20 17:58:25,145 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 180 [2022-02-20 17:58:25,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,147 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~25; {24402#true} is VALID [2022-02-20 17:58:25,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {24402#true} is VALID [2022-02-20 17:58:25,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,147 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24402#true} {24403#false} #1710#return; {24403#false} is VALID [2022-02-20 17:58:25,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 186 [2022-02-20 17:58:25,148 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:25,149 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {24402#true} is VALID [2022-02-20 17:58:25,149 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume 1 == ~handle; {24402#true} is VALID [2022-02-20 17:58:25,149 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {24402#true} is VALID [2022-02-20 17:58:25,150 INFO L290 TraceCheckUtils]: 3: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,150 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24402#true} {24403#false} #1712#return; {24403#false} is VALID [2022-02-20 17:58:25,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {24402#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {24402#true} is VALID [2022-02-20 17:58:25,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {24402#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {24402#true} is VALID [2022-02-20 17:58:25,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {24402#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {24402#true} is VALID [2022-02-20 17:58:25,150 INFO L272 TraceCheckUtils]: 3: Hoare triple {24402#true} call select_features_#t~ret29#1 := select_one(); {24402#true} is VALID [2022-02-20 17:58:25,150 INFO L290 TraceCheckUtils]: 4: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,150 INFO L290 TraceCheckUtils]: 5: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {24402#true} {24402#true} #1736#return; {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L290 TraceCheckUtils]: 7: Hoare triple {24402#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L272 TraceCheckUtils]: 8: Hoare triple {24402#true} call select_features_#t~ret30#1 := select_one(); {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L290 TraceCheckUtils]: 9: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L290 TraceCheckUtils]: 10: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {24402#true} {24402#true} #1738#return; {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L290 TraceCheckUtils]: 12: Hoare triple {24402#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L272 TraceCheckUtils]: 13: Hoare triple {24402#true} call select_features_#t~ret31#1 := select_one(); {24402#true} is VALID [2022-02-20 17:58:25,151 INFO L290 TraceCheckUtils]: 14: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L290 TraceCheckUtils]: 15: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24402#true} {24402#true} #1740#return; {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L290 TraceCheckUtils]: 17: Hoare triple {24402#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L272 TraceCheckUtils]: 18: Hoare triple {24402#true} call select_features_#t~ret32#1 := select_one(); {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L290 TraceCheckUtils]: 19: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L290 TraceCheckUtils]: 20: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {24402#true} {24402#true} #1742#return; {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L290 TraceCheckUtils]: 22: Hoare triple {24402#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L272 TraceCheckUtils]: 23: Hoare triple {24402#true} call select_features_#t~ret33#1 := select_one(); {24402#true} is VALID [2022-02-20 17:58:25,152 INFO L290 TraceCheckUtils]: 24: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L290 TraceCheckUtils]: 25: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {24402#true} {24402#true} #1744#return; {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L290 TraceCheckUtils]: 27: Hoare triple {24402#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L272 TraceCheckUtils]: 28: Hoare triple {24402#true} call select_features_#t~ret34#1 := select_one(); {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L290 TraceCheckUtils]: 29: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L290 TraceCheckUtils]: 30: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {24402#true} {24402#true} #1746#return; {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L290 TraceCheckUtils]: 32: Hoare triple {24402#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {24402#true} is VALID [2022-02-20 17:58:25,153 INFO L272 TraceCheckUtils]: 33: Hoare triple {24402#true} call select_features_#t~ret35#1 := select_one(); {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L290 TraceCheckUtils]: 34: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L290 TraceCheckUtils]: 35: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {24402#true} {24402#true} #1748#return; {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L290 TraceCheckUtils]: 37: Hoare triple {24402#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L272 TraceCheckUtils]: 38: Hoare triple {24402#true} call select_features_#t~ret36#1 := select_one(); {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L290 TraceCheckUtils]: 39: Hoare triple {24402#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L290 TraceCheckUtils]: 40: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {24402#true} {24402#true} #1750#return; {24402#true} is VALID [2022-02-20 17:58:25,154 INFO L290 TraceCheckUtils]: 42: Hoare triple {24402#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 43: Hoare triple {24402#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 44: Hoare triple {24402#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 45: Hoare triple {24402#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 46: Hoare triple {24402#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 47: Hoare triple {24402#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 48: Hoare triple {24402#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 49: Hoare triple {24402#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 50: Hoare triple {24402#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {24402#true} is VALID [2022-02-20 17:58:25,155 INFO L290 TraceCheckUtils]: 51: Hoare triple {24402#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {24402#true} is VALID [2022-02-20 17:58:25,156 INFO L290 TraceCheckUtils]: 52: Hoare triple {24402#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:58:25,156 INFO L290 TraceCheckUtils]: 53: Hoare triple {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~3#1 := 1; {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:58:25,156 INFO L290 TraceCheckUtils]: 54: Hoare triple {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:58:25,157 INFO L290 TraceCheckUtils]: 55: Hoare triple {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:58:25,157 INFO L290 TraceCheckUtils]: 56: Hoare triple {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:58:25,157 INFO L290 TraceCheckUtils]: 57: Hoare triple {24428#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {24403#false} is VALID [2022-02-20 17:58:25,157 INFO L272 TraceCheckUtils]: 58: Hoare triple {24403#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,157 INFO L290 TraceCheckUtils]: 59: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {24402#true} is VALID [2022-02-20 17:58:25,158 INFO L272 TraceCheckUtils]: 60: Hoare triple {24402#true} call setClientId(~bob___0, ~bob___0); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,158 INFO L290 TraceCheckUtils]: 61: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,158 INFO L290 TraceCheckUtils]: 62: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,158 INFO L290 TraceCheckUtils]: 63: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,158 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {24402#true} {24402#true} #1734#return; {24402#true} is VALID [2022-02-20 17:58:25,159 INFO L290 TraceCheckUtils]: 65: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,159 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {24402#true} {24403#false} #1756#return; {24403#false} is VALID [2022-02-20 17:58:25,159 INFO L290 TraceCheckUtils]: 67: Hoare triple {24403#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {24403#false} is VALID [2022-02-20 17:58:25,159 INFO L290 TraceCheckUtils]: 68: Hoare triple {24403#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {24403#false} is VALID [2022-02-20 17:58:25,159 INFO L272 TraceCheckUtils]: 69: Hoare triple {24403#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,159 INFO L290 TraceCheckUtils]: 70: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {24402#true} is VALID [2022-02-20 17:58:25,160 INFO L272 TraceCheckUtils]: 71: Hoare triple {24402#true} call setClientId(~rjh___0, ~rjh___0); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,160 INFO L290 TraceCheckUtils]: 72: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,160 INFO L290 TraceCheckUtils]: 73: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,160 INFO L290 TraceCheckUtils]: 74: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,160 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {24402#true} {24402#true} #1678#return; {24402#true} is VALID [2022-02-20 17:58:25,160 INFO L290 TraceCheckUtils]: 76: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,160 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {24402#true} {24403#false} #1762#return; {24403#false} is VALID [2022-02-20 17:58:25,160 INFO L290 TraceCheckUtils]: 78: Hoare triple {24403#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {24403#false} is VALID [2022-02-20 17:58:25,161 INFO L290 TraceCheckUtils]: 79: Hoare triple {24403#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {24403#false} is VALID [2022-02-20 17:58:25,161 INFO L272 TraceCheckUtils]: 80: Hoare triple {24403#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,161 INFO L290 TraceCheckUtils]: 81: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {24402#true} is VALID [2022-02-20 17:58:25,161 INFO L272 TraceCheckUtils]: 82: Hoare triple {24402#true} call setClientId(~chuck___0, ~chuck___0); {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:25,161 INFO L290 TraceCheckUtils]: 83: Hoare triple {24499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,162 INFO L290 TraceCheckUtils]: 84: Hoare triple {24402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,162 INFO L290 TraceCheckUtils]: 85: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,162 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {24402#true} {24402#true} #1624#return; {24402#true} is VALID [2022-02-20 17:58:25,162 INFO L290 TraceCheckUtils]: 87: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,162 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {24402#true} {24403#false} #1768#return; {24403#false} is VALID [2022-02-20 17:58:25,162 INFO L290 TraceCheckUtils]: 89: Hoare triple {24403#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {24403#false} is VALID [2022-02-20 17:58:25,162 INFO L290 TraceCheckUtils]: 90: Hoare triple {24403#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24403#false} is VALID [2022-02-20 17:58:25,162 INFO L290 TraceCheckUtils]: 91: Hoare triple {24403#false} assume !false; {24403#false} is VALID [2022-02-20 17:58:25,162 INFO L290 TraceCheckUtils]: 92: Hoare triple {24403#false} assume !(test_~splverifierCounter~0#1 < 4); {24403#false} is VALID [2022-02-20 17:58:25,162 INFO L290 TraceCheckUtils]: 93: Hoare triple {24403#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {24403#false} is VALID [2022-02-20 17:58:25,163 INFO L272 TraceCheckUtils]: 94: Hoare triple {24403#false} call sendEmail(~bob~0, ~rjh~0); {24403#false} is VALID [2022-02-20 17:58:25,163 INFO L290 TraceCheckUtils]: 95: Hoare triple {24403#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24403#false} is VALID [2022-02-20 17:58:25,163 INFO L272 TraceCheckUtils]: 96: Hoare triple {24403#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:25,163 INFO L290 TraceCheckUtils]: 97: Hoare triple {24512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,163 INFO L290 TraceCheckUtils]: 98: Hoare triple {24402#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,163 INFO L290 TraceCheckUtils]: 99: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,163 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {24402#true} {24403#false} #1646#return; {24403#false} is VALID [2022-02-20 17:58:25,163 INFO L272 TraceCheckUtils]: 101: Hoare triple {24403#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24513#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:25,163 INFO L290 TraceCheckUtils]: 102: Hoare triple {24513#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,164 INFO L290 TraceCheckUtils]: 103: Hoare triple {24402#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,164 INFO L290 TraceCheckUtils]: 104: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,164 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {24402#true} {24403#false} #1648#return; {24403#false} is VALID [2022-02-20 17:58:25,164 INFO L290 TraceCheckUtils]: 106: Hoare triple {24403#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {24403#false} is VALID [2022-02-20 17:58:25,164 INFO L290 TraceCheckUtils]: 107: Hoare triple {24403#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {24403#false} is VALID [2022-02-20 17:58:25,164 INFO L272 TraceCheckUtils]: 108: Hoare triple {24403#false} call outgoing(~sender#1, ~email~0#1); {24403#false} is VALID [2022-02-20 17:58:25,164 INFO L290 TraceCheckUtils]: 109: Hoare triple {24403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24403#false} is VALID [2022-02-20 17:58:25,164 INFO L290 TraceCheckUtils]: 110: Hoare triple {24403#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret77#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~18#1; {24403#false} is VALID [2022-02-20 17:58:25,165 INFO L272 TraceCheckUtils]: 111: Hoare triple {24403#false} call sign_#t~ret77#1 := getClientPrivateKey(sign_~client#1); {24402#true} is VALID [2022-02-20 17:58:25,165 INFO L290 TraceCheckUtils]: 112: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~15; {24402#true} is VALID [2022-02-20 17:58:25,165 INFO L290 TraceCheckUtils]: 113: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {24402#true} is VALID [2022-02-20 17:58:25,165 INFO L290 TraceCheckUtils]: 114: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,165 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {24402#true} {24403#false} #1590#return; {24403#false} is VALID [2022-02-20 17:58:25,165 INFO L290 TraceCheckUtils]: 116: Hoare triple {24403#false} assume -2147483648 <= sign_#t~ret77#1 && sign_#t~ret77#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret77#1;havoc sign_#t~ret77#1;sign_~privkey~1#1 := sign_~tmp~18#1; {24403#false} is VALID [2022-02-20 17:58:25,165 INFO L290 TraceCheckUtils]: 117: Hoare triple {24403#false} assume 0 == sign_~privkey~1#1; {24403#false} is VALID [2022-02-20 17:58:25,165 INFO L290 TraceCheckUtils]: 118: Hoare triple {24403#false} assume { :end_inline_sign } true; {24403#false} is VALID [2022-02-20 17:58:25,165 INFO L272 TraceCheckUtils]: 119: Hoare triple {24403#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L290 TraceCheckUtils]: 120: Hoare triple {24403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L290 TraceCheckUtils]: 121: Hoare triple {24403#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L272 TraceCheckUtils]: 122: Hoare triple {24403#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L290 TraceCheckUtils]: 123: Hoare triple {24403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L290 TraceCheckUtils]: 124: Hoare triple {24403#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L272 TraceCheckUtils]: 125: Hoare triple {24403#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L290 TraceCheckUtils]: 126: Hoare triple {24403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L290 TraceCheckUtils]: 127: Hoare triple {24403#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L290 TraceCheckUtils]: 128: Hoare triple {24403#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {24403#false} is VALID [2022-02-20 17:58:25,166 INFO L272 TraceCheckUtils]: 129: Hoare triple {24403#false} call setEmailFrom(~msg#1, ~tmp~9#1); {24512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:25,167 INFO L290 TraceCheckUtils]: 130: Hoare triple {24512#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24402#true} is VALID [2022-02-20 17:58:25,167 INFO L290 TraceCheckUtils]: 131: Hoare triple {24402#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24402#true} is VALID [2022-02-20 17:58:25,167 INFO L290 TraceCheckUtils]: 132: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,167 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {24402#true} {24403#false} #1658#return; {24403#false} is VALID [2022-02-20 17:58:25,167 INFO L290 TraceCheckUtils]: 134: Hoare triple {24403#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {24403#false} is VALID [2022-02-20 17:58:25,167 INFO L272 TraceCheckUtils]: 135: Hoare triple {24403#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {24402#true} is VALID [2022-02-20 17:58:25,167 INFO L290 TraceCheckUtils]: 136: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~26; {24402#true} is VALID [2022-02-20 17:58:25,167 INFO L290 TraceCheckUtils]: 137: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {24402#true} is VALID [2022-02-20 17:58:25,167 INFO L290 TraceCheckUtils]: 138: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,168 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {24402#true} {24403#false} #1660#return; {24403#false} is VALID [2022-02-20 17:58:25,168 INFO L290 TraceCheckUtils]: 140: Hoare triple {24403#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {24403#false} is VALID [2022-02-20 17:58:25,168 INFO L290 TraceCheckUtils]: 141: Hoare triple {24403#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret68#1, incoming__role__Decrypt_#t~ret69#1, incoming__role__Decrypt_#t~ret70#1, incoming__role__Decrypt_#t~ret71#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~14#1, incoming__role__Decrypt_~tmp___0~4#1, incoming__role__Decrypt_~tmp___1~3#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~14#1;havoc incoming__role__Decrypt_~tmp___0~4#1;havoc incoming__role__Decrypt_~tmp___1~3#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {24403#false} is VALID [2022-02-20 17:58:25,168 INFO L272 TraceCheckUtils]: 142: Hoare triple {24403#false} call incoming__role__Decrypt_#t~ret68#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {24402#true} is VALID [2022-02-20 17:58:25,168 INFO L290 TraceCheckUtils]: 143: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~15; {24402#true} is VALID [2022-02-20 17:58:25,168 INFO L290 TraceCheckUtils]: 144: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {24402#true} is VALID [2022-02-20 17:58:25,168 INFO L290 TraceCheckUtils]: 145: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,168 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {24402#true} {24403#false} #1662#return; {24403#false} is VALID [2022-02-20 17:58:25,168 INFO L290 TraceCheckUtils]: 147: Hoare triple {24403#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret68#1 && incoming__role__Decrypt_#t~ret68#1 <= 2147483647;incoming__role__Decrypt_~tmp~14#1 := incoming__role__Decrypt_#t~ret68#1;havoc incoming__role__Decrypt_#t~ret68#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~14#1; {24403#false} is VALID [2022-02-20 17:58:25,169 INFO L290 TraceCheckUtils]: 148: Hoare triple {24403#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {24403#false} is VALID [2022-02-20 17:58:25,169 INFO L272 TraceCheckUtils]: 149: Hoare triple {24403#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {24403#false} is VALID [2022-02-20 17:58:25,169 INFO L290 TraceCheckUtils]: 150: Hoare triple {24403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24403#false} is VALID [2022-02-20 17:58:25,169 INFO L290 TraceCheckUtils]: 151: Hoare triple {24403#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~tmp~19#1, verify_~tmp___0~5#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1; {24403#false} is VALID [2022-02-20 17:58:25,169 INFO L272 TraceCheckUtils]: 152: Hoare triple {24403#false} call verify_#t~ret79#1 := isReadable(verify_~msg#1); {24402#true} is VALID [2022-02-20 17:58:25,169 INFO L290 TraceCheckUtils]: 153: Hoare triple {24402#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {24402#true} is VALID [2022-02-20 17:58:25,169 INFO L290 TraceCheckUtils]: 154: Hoare triple {24402#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {24402#true} is VALID [2022-02-20 17:58:25,169 INFO L272 TraceCheckUtils]: 155: Hoare triple {24402#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {24402#true} is VALID [2022-02-20 17:58:25,169 INFO L290 TraceCheckUtils]: 156: Hoare triple {24402#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {24402#true} is VALID [2022-02-20 17:58:25,170 INFO L290 TraceCheckUtils]: 157: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,170 INFO L284 TraceCheckUtils]: 158: Hoare quadruple {24402#true} {24402#true} #1812#return; {24402#true} is VALID [2022-02-20 17:58:25,170 INFO L290 TraceCheckUtils]: 159: Hoare triple {24402#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {24402#true} is VALID [2022-02-20 17:58:25,170 INFO L290 TraceCheckUtils]: 160: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,170 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {24402#true} {24403#false} #1596#return; {24403#false} is VALID [2022-02-20 17:58:25,170 INFO L290 TraceCheckUtils]: 162: Hoare triple {24403#false} assume -2147483648 <= verify_#t~ret79#1 && verify_#t~ret79#1 <= 2147483647;verify_~tmp~19#1 := verify_#t~ret79#1;havoc verify_#t~ret79#1; {24403#false} is VALID [2022-02-20 17:58:25,170 INFO L290 TraceCheckUtils]: 163: Hoare triple {24403#false} assume !(0 != verify_~tmp~19#1); {24403#false} is VALID [2022-02-20 17:58:25,170 INFO L290 TraceCheckUtils]: 164: Hoare triple {24403#false} assume { :end_inline_verify } true; {24403#false} is VALID [2022-02-20 17:58:25,170 INFO L272 TraceCheckUtils]: 165: Hoare triple {24403#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {24403#false} is VALID [2022-02-20 17:58:25,171 INFO L290 TraceCheckUtils]: 166: Hoare triple {24403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24403#false} is VALID [2022-02-20 17:58:25,171 INFO L290 TraceCheckUtils]: 167: Hoare triple {24403#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {24403#false} is VALID [2022-02-20 17:58:25,171 INFO L272 TraceCheckUtils]: 168: Hoare triple {24403#false} call incoming__before__Forward(~client#1, ~msg#1); {24403#false} is VALID [2022-02-20 17:58:25,171 INFO L290 TraceCheckUtils]: 169: Hoare triple {24403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24403#false} is VALID [2022-02-20 17:58:25,171 INFO L290 TraceCheckUtils]: 170: Hoare triple {24403#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {24403#false} is VALID [2022-02-20 17:58:25,171 INFO L272 TraceCheckUtils]: 171: Hoare triple {24403#false} call incoming__before__AutoResponder(~client#1, ~msg#1); {24403#false} is VALID [2022-02-20 17:58:25,171 INFO L290 TraceCheckUtils]: 172: Hoare triple {24403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {24403#false} is VALID [2022-02-20 17:58:25,171 INFO L272 TraceCheckUtils]: 173: Hoare triple {24403#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {24402#true} is VALID [2022-02-20 17:58:25,171 INFO L290 TraceCheckUtils]: 174: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~33; {24402#true} is VALID [2022-02-20 17:58:25,172 INFO L290 TraceCheckUtils]: 175: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {24402#true} is VALID [2022-02-20 17:58:25,172 INFO L290 TraceCheckUtils]: 176: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,172 INFO L284 TraceCheckUtils]: 177: Hoare quadruple {24402#true} {24403#false} #1708#return; {24403#false} is VALID [2022-02-20 17:58:25,172 INFO L290 TraceCheckUtils]: 178: Hoare triple {24403#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {24403#false} is VALID [2022-02-20 17:58:25,172 INFO L290 TraceCheckUtils]: 179: Hoare triple {24403#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {24403#false} is VALID [2022-02-20 17:58:25,172 INFO L272 TraceCheckUtils]: 180: Hoare triple {24403#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {24402#true} is VALID [2022-02-20 17:58:25,172 INFO L290 TraceCheckUtils]: 181: Hoare triple {24402#true} ~handle := #in~handle;havoc ~retValue_acc~25; {24402#true} is VALID [2022-02-20 17:58:25,172 INFO L290 TraceCheckUtils]: 182: Hoare triple {24402#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {24402#true} is VALID [2022-02-20 17:58:25,172 INFO L290 TraceCheckUtils]: 183: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,173 INFO L284 TraceCheckUtils]: 184: Hoare quadruple {24402#true} {24403#false} #1710#return; {24403#false} is VALID [2022-02-20 17:58:25,173 INFO L290 TraceCheckUtils]: 185: Hoare triple {24403#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {24403#false} is VALID [2022-02-20 17:58:25,173 INFO L272 TraceCheckUtils]: 186: Hoare triple {24403#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {24402#true} is VALID [2022-02-20 17:58:25,173 INFO L290 TraceCheckUtils]: 187: Hoare triple {24402#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {24402#true} is VALID [2022-02-20 17:58:25,173 INFO L290 TraceCheckUtils]: 188: Hoare triple {24402#true} assume 1 == ~handle; {24402#true} is VALID [2022-02-20 17:58:25,173 INFO L290 TraceCheckUtils]: 189: Hoare triple {24402#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {24402#true} is VALID [2022-02-20 17:58:25,173 INFO L290 TraceCheckUtils]: 190: Hoare triple {24402#true} assume true; {24402#true} is VALID [2022-02-20 17:58:25,173 INFO L284 TraceCheckUtils]: 191: Hoare quadruple {24402#true} {24403#false} #1712#return; {24403#false} is VALID [2022-02-20 17:58:25,173 INFO L290 TraceCheckUtils]: 192: Hoare triple {24403#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {24403#false} is VALID [2022-02-20 17:58:25,173 INFO L290 TraceCheckUtils]: 193: Hoare triple {24403#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {24403#false} is VALID [2022-02-20 17:58:25,174 INFO L290 TraceCheckUtils]: 194: Hoare triple {24403#false} assume !false; {24403#false} is VALID [2022-02-20 17:58:25,174 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 17:58:25,174 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:25,174 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [25616816] [2022-02-20 17:58:25,174 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [25616816] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:25,174 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:25,175 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:58:25,175 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1303432332] [2022-02-20 17:58:25,175 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:25,175 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 18.333333333333332) internal successors, (110), 3 states have internal predecessors, (110), 2 states have call successors, (34), 5 states have call predecessors, (34), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 195 [2022-02-20 17:58:25,176 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:25,176 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 18.333333333333332) internal successors, (110), 3 states have internal predecessors, (110), 2 states have call successors, (34), 5 states have call predecessors, (34), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:58:25,285 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 169 edges. 169 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:25,285 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:58:25,285 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:25,286 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:58:25,286 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:58:25,286 INFO L87 Difference]: Start difference. First operand 603 states and 875 transitions. Second operand has 6 states, 6 states have (on average 18.333333333333332) internal successors, (110), 3 states have internal predecessors, (110), 2 states have call successors, (34), 5 states have call predecessors, (34), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:58:29,605 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:29,606 INFO L93 Difference]: Finished difference Result 1289 states and 1904 transitions. [2022-02-20 17:58:29,606 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:58:29,606 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 18.333333333333332) internal successors, (110), 3 states have internal predecessors, (110), 2 states have call successors, (34), 5 states have call predecessors, (34), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 195 [2022-02-20 17:58:29,606 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:29,606 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 18.333333333333332) internal successors, (110), 3 states have internal predecessors, (110), 2 states have call successors, (34), 5 states have call predecessors, (34), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:58:29,624 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1900 transitions. [2022-02-20 17:58:29,624 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 18.333333333333332) internal successors, (110), 3 states have internal predecessors, (110), 2 states have call successors, (34), 5 states have call predecessors, (34), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:58:29,641 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1900 transitions. [2022-02-20 17:58:29,642 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1900 transitions. [2022-02-20 17:58:31,077 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1900 edges. 1900 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:31,107 INFO L225 Difference]: With dead ends: 1289 [2022-02-20 17:58:31,107 INFO L226 Difference]: Without dead ends: 735 [2022-02-20 17:58:31,108 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 53 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:31,109 INFO L933 BasicCegarLoop]: 857 mSDtfsCounter, 2028 mSDsluCounter, 643 mSDsCounter, 0 mSdLazyCounter, 502 mSolverCounterSat, 855 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2052 SdHoareTripleChecker+Valid, 1500 SdHoareTripleChecker+Invalid, 1357 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 855 IncrementalHoareTripleChecker+Valid, 502 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:31,110 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2052 Valid, 1500 Invalid, 1357 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [855 Valid, 502 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-02-20 17:58:31,111 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 735 states. [2022-02-20 17:58:31,136 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 735 to 600. [2022-02-20 17:58:31,136 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:31,137 INFO L82 GeneralOperation]: Start isEquivalent. First operand 735 states. Second operand has 600 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 458 states have internal predecessors, (649), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 17:58:31,138 INFO L74 IsIncluded]: Start isIncluded. First operand 735 states. Second operand has 600 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 458 states have internal predecessors, (649), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 17:58:31,138 INFO L87 Difference]: Start difference. First operand 735 states. Second operand has 600 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 458 states have internal predecessors, (649), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 17:58:31,156 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:31,157 INFO L93 Difference]: Finished difference Result 735 states and 1078 transitions. [2022-02-20 17:58:31,157 INFO L276 IsEmpty]: Start isEmpty. Operand 735 states and 1078 transitions. [2022-02-20 17:58:31,159 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:31,159 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:31,160 INFO L74 IsIncluded]: Start isIncluded. First operand has 600 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 458 states have internal predecessors, (649), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 735 states. [2022-02-20 17:58:31,161 INFO L87 Difference]: Start difference. First operand has 600 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 458 states have internal predecessors, (649), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 735 states. [2022-02-20 17:58:31,179 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:31,179 INFO L93 Difference]: Finished difference Result 735 states and 1078 transitions. [2022-02-20 17:58:31,179 INFO L276 IsEmpty]: Start isEmpty. Operand 735 states and 1078 transitions. [2022-02-20 17:58:31,181 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:31,181 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:31,182 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:31,182 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:31,183 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 600 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 458 states have internal predecessors, (649), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 17:58:31,200 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 600 states to 600 states and 858 transitions. [2022-02-20 17:58:31,200 INFO L78 Accepts]: Start accepts. Automaton has 600 states and 858 transitions. Word has length 195 [2022-02-20 17:58:31,200 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:31,200 INFO L470 AbstractCegarLoop]: Abstraction has 600 states and 858 transitions. [2022-02-20 17:58:31,201 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 18.333333333333332) internal successors, (110), 3 states have internal predecessors, (110), 2 states have call successors, (34), 5 states have call predecessors, (34), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:58:31,201 INFO L276 IsEmpty]: Start isEmpty. Operand 600 states and 858 transitions. [2022-02-20 17:58:31,203 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 207 [2022-02-20 17:58:31,203 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:31,203 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:31,203 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:58:31,204 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:31,204 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:31,204 INFO L85 PathProgramCache]: Analyzing trace with hash 876862815, now seen corresponding path program 1 times [2022-02-20 17:58:31,204 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:31,204 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [548063483] [2022-02-20 17:58:31,204 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:31,204 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:31,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:58:31,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,269 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1736#return; {28612#true} is VALID [2022-02-20 17:58:31,269 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:58:31,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,272 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,272 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1738#return; {28612#true} is VALID [2022-02-20 17:58:31,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:58:31,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,275 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,275 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,276 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1740#return; {28612#true} is VALID [2022-02-20 17:58:31,276 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:31,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,279 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,279 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1742#return; {28612#true} is VALID [2022-02-20 17:58:31,279 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:58:31,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,282 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,282 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1744#return; {28612#true} is VALID [2022-02-20 17:58:31,282 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:58:31,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,285 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1746#return; {28612#true} is VALID [2022-02-20 17:58:31,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:58:31,287 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,289 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1748#return; {28612#true} is VALID [2022-02-20 17:58:31,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:31,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,292 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,292 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1750#return; {28612#true} is VALID [2022-02-20 17:58:31,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:58:31,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:31,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,302 INFO L290 TraceCheckUtils]: 0: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,303 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,303 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,303 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28612#true} #1734#return; {28612#true} is VALID [2022-02-20 17:58:31,303 INFO L290 TraceCheckUtils]: 0: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {28612#true} is VALID [2022-02-20 17:58:31,304 INFO L272 TraceCheckUtils]: 1: Hoare triple {28612#true} call setClientId(~bob___0, ~bob___0); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,304 INFO L290 TraceCheckUtils]: 2: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,304 INFO L290 TraceCheckUtils]: 3: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,304 INFO L290 TraceCheckUtils]: 4: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,304 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28612#true} {28612#true} #1734#return; {28612#true} is VALID [2022-02-20 17:58:31,304 INFO L290 TraceCheckUtils]: 6: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,304 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {28612#true} {28612#true} #1752#return; {28612#true} is VALID [2022-02-20 17:58:31,309 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:58:31,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,313 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28612#true} #1754#return; {28612#true} is VALID [2022-02-20 17:58:31,313 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:58:31,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,332 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:31,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28730#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {28730#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28731#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,350 INFO L290 TraceCheckUtils]: 2: Hoare triple {28731#(= |setClientId_#in~handle| 1)} assume true; {28731#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,351 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28731#(= |setClientId_#in~handle| 1)} {28724#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1678#return; {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:31,351 INFO L290 TraceCheckUtils]: 0: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {28724#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:58:31,352 INFO L272 TraceCheckUtils]: 1: Hoare triple {28724#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,352 INFO L290 TraceCheckUtils]: 2: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28730#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,352 INFO L290 TraceCheckUtils]: 3: Hoare triple {28730#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28731#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,353 INFO L290 TraceCheckUtils]: 4: Hoare triple {28731#(= |setClientId_#in~handle| 1)} assume true; {28731#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,353 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28731#(= |setClientId_#in~handle| 1)} {28724#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1678#return; {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:31,353 INFO L290 TraceCheckUtils]: 6: Hoare triple {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:31,354 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {28651#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1758#return; {28613#false} is VALID [2022-02-20 17:58:31,354 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:58:31,355 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,357 INFO L290 TraceCheckUtils]: 0: Hoare triple {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,357 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,357 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,357 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1760#return; {28613#false} is VALID [2022-02-20 17:58:31,357 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:31,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,360 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:31,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,363 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28612#true} #1624#return; {28612#true} is VALID [2022-02-20 17:58:31,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {28612#true} is VALID [2022-02-20 17:58:31,364 INFO L272 TraceCheckUtils]: 1: Hoare triple {28612#true} call setClientId(~chuck___0, ~chuck___0); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,364 INFO L290 TraceCheckUtils]: 3: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,364 INFO L290 TraceCheckUtils]: 4: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,364 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28612#true} {28612#true} #1624#return; {28612#true} is VALID [2022-02-20 17:58:31,364 INFO L290 TraceCheckUtils]: 6: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,364 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {28612#true} {28613#false} #1764#return; {28613#false} is VALID [2022-02-20 17:58:31,364 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:31,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,380 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,380 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,380 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1766#return; {28613#false} is VALID [2022-02-20 17:58:31,388 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:31,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {28736#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,391 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,391 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1646#return; {28613#false} is VALID [2022-02-20 17:58:31,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:58:31,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,401 INFO L290 TraceCheckUtils]: 0: Hoare triple {28737#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,402 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,402 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,402 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1648#return; {28613#false} is VALID [2022-02-20 17:58:31,402 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:58:31,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,404 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} ~handle := #in~handle;havoc ~retValue_acc~15; {28612#true} is VALID [2022-02-20 17:58:31,404 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {28612#true} is VALID [2022-02-20 17:58:31,404 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,404 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1590#return; {28613#false} is VALID [2022-02-20 17:58:31,404 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-02-20 17:58:31,405 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {28736#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,406 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,406 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1658#return; {28613#false} is VALID [2022-02-20 17:58:31,406 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 17:58:31,407 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,408 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} ~handle := #in~handle;havoc ~retValue_acc~26; {28612#true} is VALID [2022-02-20 17:58:31,408 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {28612#true} is VALID [2022-02-20 17:58:31,408 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,408 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1660#return; {28613#false} is VALID [2022-02-20 17:58:31,408 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 17:58:31,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,411 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:58:31,411 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,427 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {28612#true} is VALID [2022-02-20 17:58:31,427 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,427 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28612#true} {28612#true} #1812#return; {28612#true} is VALID [2022-02-20 17:58:31,427 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {28612#true} is VALID [2022-02-20 17:58:31,427 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28612#true} is VALID [2022-02-20 17:58:31,427 INFO L272 TraceCheckUtils]: 2: Hoare triple {28612#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {28612#true} is VALID [2022-02-20 17:58:31,428 INFO L290 TraceCheckUtils]: 3: Hoare triple {28612#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {28612#true} is VALID [2022-02-20 17:58:31,428 INFO L290 TraceCheckUtils]: 4: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,428 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28612#true} {28612#true} #1812#return; {28612#true} is VALID [2022-02-20 17:58:31,428 INFO L290 TraceCheckUtils]: 6: Hoare triple {28612#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {28612#true} is VALID [2022-02-20 17:58:31,428 INFO L290 TraceCheckUtils]: 7: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,428 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {28612#true} {28613#false} #1596#return; {28613#false} is VALID [2022-02-20 17:58:31,428 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 184 [2022-02-20 17:58:31,429 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} ~handle := #in~handle;havoc ~retValue_acc~33; {28612#true} is VALID [2022-02-20 17:58:31,430 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {28612#true} is VALID [2022-02-20 17:58:31,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,430 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1708#return; {28613#false} is VALID [2022-02-20 17:58:31,430 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 191 [2022-02-20 17:58:31,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,432 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} ~handle := #in~handle;havoc ~retValue_acc~25; {28612#true} is VALID [2022-02-20 17:58:31,432 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {28612#true} is VALID [2022-02-20 17:58:31,432 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,432 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28612#true} {28613#false} #1710#return; {28613#false} is VALID [2022-02-20 17:58:31,432 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 197 [2022-02-20 17:58:31,433 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,434 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {28612#true} is VALID [2022-02-20 17:58:31,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume 1 == ~handle; {28612#true} is VALID [2022-02-20 17:58:31,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 3: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28612#true} {28613#false} #1712#return; {28613#false} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L272 TraceCheckUtils]: 3: Hoare triple {28612#true} call select_features_#t~ret29#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 4: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 5: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {28612#true} {28612#true} #1736#return; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 7: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L272 TraceCheckUtils]: 8: Hoare triple {28612#true} call select_features_#t~ret30#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 9: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 10: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {28612#true} {28612#true} #1738#return; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 12: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L272 TraceCheckUtils]: 13: Hoare triple {28612#true} call select_features_#t~ret31#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 14: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,435 INFO L290 TraceCheckUtils]: 15: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {28612#true} {28612#true} #1740#return; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 17: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L272 TraceCheckUtils]: 18: Hoare triple {28612#true} call select_features_#t~ret32#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 19: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 20: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {28612#true} {28612#true} #1742#return; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 22: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L272 TraceCheckUtils]: 23: Hoare triple {28612#true} call select_features_#t~ret33#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 24: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 25: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {28612#true} {28612#true} #1744#return; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 27: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L272 TraceCheckUtils]: 28: Hoare triple {28612#true} call select_features_#t~ret34#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 29: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 30: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {28612#true} {28612#true} #1746#return; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 32: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L272 TraceCheckUtils]: 33: Hoare triple {28612#true} call select_features_#t~ret35#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:31,436 INFO L290 TraceCheckUtils]: 34: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 35: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {28612#true} {28612#true} #1748#return; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 37: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L272 TraceCheckUtils]: 38: Hoare triple {28612#true} call select_features_#t~ret36#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 39: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 40: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {28612#true} {28612#true} #1750#return; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 42: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 43: Hoare triple {28612#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 44: Hoare triple {28612#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 45: Hoare triple {28612#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 46: Hoare triple {28612#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 47: Hoare triple {28612#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 48: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 49: Hoare triple {28612#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 50: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 51: Hoare triple {28612#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 52: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 53: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~3#1 := 1; {28612#true} is VALID [2022-02-20 17:58:31,437 INFO L290 TraceCheckUtils]: 54: Hoare triple {28612#true} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {28612#true} is VALID [2022-02-20 17:58:31,438 INFO L290 TraceCheckUtils]: 55: Hoare triple {28612#true} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {28612#true} is VALID [2022-02-20 17:58:31,438 INFO L290 TraceCheckUtils]: 56: Hoare triple {28612#true} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {28612#true} is VALID [2022-02-20 17:58:31,438 INFO L290 TraceCheckUtils]: 57: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {28612#true} is VALID [2022-02-20 17:58:31,438 INFO L272 TraceCheckUtils]: 58: Hoare triple {28612#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,438 INFO L290 TraceCheckUtils]: 59: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {28612#true} is VALID [2022-02-20 17:58:31,439 INFO L272 TraceCheckUtils]: 60: Hoare triple {28612#true} call setClientId(~bob___0, ~bob___0); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,439 INFO L290 TraceCheckUtils]: 61: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,439 INFO L290 TraceCheckUtils]: 62: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,439 INFO L290 TraceCheckUtils]: 63: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,439 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {28612#true} {28612#true} #1734#return; {28612#true} is VALID [2022-02-20 17:58:31,439 INFO L290 TraceCheckUtils]: 65: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,439 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {28612#true} {28612#true} #1752#return; {28612#true} is VALID [2022-02-20 17:58:31,440 INFO L272 TraceCheckUtils]: 67: Hoare triple {28612#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,440 INFO L290 TraceCheckUtils]: 68: Hoare triple {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,440 INFO L290 TraceCheckUtils]: 69: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,440 INFO L290 TraceCheckUtils]: 70: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,440 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {28612#true} {28612#true} #1754#return; {28612#true} is VALID [2022-02-20 17:58:31,440 INFO L290 TraceCheckUtils]: 72: Hoare triple {28612#true} assume { :end_inline_setup_bob__role__Keys } true; {28612#true} is VALID [2022-02-20 17:58:31,440 INFO L290 TraceCheckUtils]: 73: Hoare triple {28612#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {28650#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:31,441 INFO L290 TraceCheckUtils]: 74: Hoare triple {28650#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {28651#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:31,441 INFO L272 TraceCheckUtils]: 75: Hoare triple {28651#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,441 INFO L290 TraceCheckUtils]: 76: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {28724#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:58:31,442 INFO L272 TraceCheckUtils]: 77: Hoare triple {28724#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,442 INFO L290 TraceCheckUtils]: 78: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28730#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,442 INFO L290 TraceCheckUtils]: 79: Hoare triple {28730#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28731#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,443 INFO L290 TraceCheckUtils]: 80: Hoare triple {28731#(= |setClientId_#in~handle| 1)} assume true; {28731#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,443 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {28731#(= |setClientId_#in~handle| 1)} {28724#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1678#return; {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:31,443 INFO L290 TraceCheckUtils]: 82: Hoare triple {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:31,444 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {28729#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {28651#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1758#return; {28613#false} is VALID [2022-02-20 17:58:31,444 INFO L272 TraceCheckUtils]: 84: Hoare triple {28613#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,444 INFO L290 TraceCheckUtils]: 85: Hoare triple {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,444 INFO L290 TraceCheckUtils]: 86: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,444 INFO L290 TraceCheckUtils]: 87: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,444 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {28612#true} {28613#false} #1760#return; {28613#false} is VALID [2022-02-20 17:58:31,444 INFO L290 TraceCheckUtils]: 89: Hoare triple {28613#false} assume { :end_inline_setup_rjh__role__Keys } true; {28613#false} is VALID [2022-02-20 17:58:31,444 INFO L290 TraceCheckUtils]: 90: Hoare triple {28613#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {28613#false} is VALID [2022-02-20 17:58:31,444 INFO L290 TraceCheckUtils]: 91: Hoare triple {28613#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {28613#false} is VALID [2022-02-20 17:58:31,444 INFO L272 TraceCheckUtils]: 92: Hoare triple {28613#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,444 INFO L290 TraceCheckUtils]: 93: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L272 TraceCheckUtils]: 94: Hoare triple {28612#true} call setClientId(~chuck___0, ~chuck___0); {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,445 INFO L290 TraceCheckUtils]: 95: Hoare triple {28718#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L290 TraceCheckUtils]: 96: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L290 TraceCheckUtils]: 97: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {28612#true} {28612#true} #1624#return; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L290 TraceCheckUtils]: 99: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {28612#true} {28613#false} #1764#return; {28613#false} is VALID [2022-02-20 17:58:31,445 INFO L272 TraceCheckUtils]: 101: Hoare triple {28613#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,445 INFO L290 TraceCheckUtils]: 102: Hoare triple {28723#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L290 TraceCheckUtils]: 103: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L290 TraceCheckUtils]: 104: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,445 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {28612#true} {28613#false} #1766#return; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 106: Hoare triple {28613#false} assume { :end_inline_setup_chuck__role__Keys } true; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 107: Hoare triple {28613#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 108: Hoare triple {28613#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 109: Hoare triple {28613#false} assume !false; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 110: Hoare triple {28613#false} assume !(test_~splverifierCounter~0#1 < 4); {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 111: Hoare triple {28613#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L272 TraceCheckUtils]: 112: Hoare triple {28613#false} call sendEmail(~bob~0, ~rjh~0); {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 113: Hoare triple {28613#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L272 TraceCheckUtils]: 114: Hoare triple {28613#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {28736#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 115: Hoare triple {28736#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 116: Hoare triple {28612#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 117: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,446 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {28612#true} {28613#false} #1646#return; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L272 TraceCheckUtils]: 119: Hoare triple {28613#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {28737#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 120: Hoare triple {28737#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 121: Hoare triple {28612#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 122: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,446 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {28612#true} {28613#false} #1648#return; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 124: Hoare triple {28613#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {28613#false} is VALID [2022-02-20 17:58:31,446 INFO L290 TraceCheckUtils]: 125: Hoare triple {28613#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L272 TraceCheckUtils]: 126: Hoare triple {28613#false} call outgoing(~sender#1, ~email~0#1); {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 127: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 128: Hoare triple {28613#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret77#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~18#1; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L272 TraceCheckUtils]: 129: Hoare triple {28613#false} call sign_#t~ret77#1 := getClientPrivateKey(sign_~client#1); {28612#true} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 130: Hoare triple {28612#true} ~handle := #in~handle;havoc ~retValue_acc~15; {28612#true} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 131: Hoare triple {28612#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {28612#true} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 132: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,447 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {28612#true} {28613#false} #1590#return; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 134: Hoare triple {28613#false} assume -2147483648 <= sign_#t~ret77#1 && sign_#t~ret77#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret77#1;havoc sign_#t~ret77#1;sign_~privkey~1#1 := sign_~tmp~18#1; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 135: Hoare triple {28613#false} assume 0 == sign_~privkey~1#1; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 136: Hoare triple {28613#false} assume { :end_inline_sign } true; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L272 TraceCheckUtils]: 137: Hoare triple {28613#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 138: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 139: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L272 TraceCheckUtils]: 140: Hoare triple {28613#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 141: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 142: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L272 TraceCheckUtils]: 143: Hoare triple {28613#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {28613#false} is VALID [2022-02-20 17:58:31,447 INFO L290 TraceCheckUtils]: 144: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 145: Hoare triple {28613#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 146: Hoare triple {28613#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L272 TraceCheckUtils]: 147: Hoare triple {28613#false} call setEmailFrom(~msg#1, ~tmp~9#1); {28736#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 148: Hoare triple {28736#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 149: Hoare triple {28612#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 150: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,448 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {28612#true} {28613#false} #1658#return; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 152: Hoare triple {28613#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L272 TraceCheckUtils]: 153: Hoare triple {28613#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {28612#true} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 154: Hoare triple {28612#true} ~handle := #in~handle;havoc ~retValue_acc~26; {28612#true} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 155: Hoare triple {28612#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {28612#true} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 156: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,448 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {28612#true} {28613#false} #1660#return; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 158: Hoare triple {28613#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 159: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L272 TraceCheckUtils]: 160: Hoare triple {28613#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 161: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 162: Hoare triple {28613#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~tmp~19#1, verify_~tmp___0~5#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1; {28613#false} is VALID [2022-02-20 17:58:31,448 INFO L272 TraceCheckUtils]: 163: Hoare triple {28613#false} call verify_#t~ret79#1 := isReadable(verify_~msg#1); {28612#true} is VALID [2022-02-20 17:58:31,448 INFO L290 TraceCheckUtils]: 164: Hoare triple {28612#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {28612#true} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 165: Hoare triple {28612#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28612#true} is VALID [2022-02-20 17:58:31,449 INFO L272 TraceCheckUtils]: 166: Hoare triple {28612#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {28612#true} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 167: Hoare triple {28612#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {28612#true} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 168: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,449 INFO L284 TraceCheckUtils]: 169: Hoare quadruple {28612#true} {28612#true} #1812#return; {28612#true} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 170: Hoare triple {28612#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {28612#true} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 171: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,449 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {28612#true} {28613#false} #1596#return; {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 173: Hoare triple {28613#false} assume -2147483648 <= verify_#t~ret79#1 && verify_#t~ret79#1 <= 2147483647;verify_~tmp~19#1 := verify_#t~ret79#1;havoc verify_#t~ret79#1; {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 174: Hoare triple {28613#false} assume !(0 != verify_~tmp~19#1); {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 175: Hoare triple {28613#false} assume { :end_inline_verify } true; {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L272 TraceCheckUtils]: 176: Hoare triple {28613#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 177: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 178: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L272 TraceCheckUtils]: 179: Hoare triple {28613#false} call incoming__before__Forward(~client#1, ~msg#1); {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 180: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 181: Hoare triple {28613#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret66#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~12#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~12#1; {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L272 TraceCheckUtils]: 182: Hoare triple {28613#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {28613#false} is VALID [2022-02-20 17:58:31,449 INFO L290 TraceCheckUtils]: 183: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {28613#false} is VALID [2022-02-20 17:58:31,450 INFO L272 TraceCheckUtils]: 184: Hoare triple {28613#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 185: Hoare triple {28612#true} ~handle := #in~handle;havoc ~retValue_acc~33; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 186: Hoare triple {28612#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 187: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L284 TraceCheckUtils]: 188: Hoare quadruple {28612#true} {28613#false} #1708#return; {28613#false} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 189: Hoare triple {28613#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {28613#false} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 190: Hoare triple {28613#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {28613#false} is VALID [2022-02-20 17:58:31,450 INFO L272 TraceCheckUtils]: 191: Hoare triple {28613#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 192: Hoare triple {28612#true} ~handle := #in~handle;havoc ~retValue_acc~25; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 193: Hoare triple {28612#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 194: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L284 TraceCheckUtils]: 195: Hoare quadruple {28612#true} {28613#false} #1710#return; {28613#false} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 196: Hoare triple {28613#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {28613#false} is VALID [2022-02-20 17:58:31,450 INFO L272 TraceCheckUtils]: 197: Hoare triple {28613#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 198: Hoare triple {28612#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 199: Hoare triple {28612#true} assume 1 == ~handle; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 200: Hoare triple {28612#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 201: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:31,450 INFO L284 TraceCheckUtils]: 202: Hoare quadruple {28612#true} {28613#false} #1712#return; {28613#false} is VALID [2022-02-20 17:58:31,450 INFO L290 TraceCheckUtils]: 203: Hoare triple {28613#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {28613#false} is VALID [2022-02-20 17:58:31,451 INFO L290 TraceCheckUtils]: 204: Hoare triple {28613#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {28613#false} is VALID [2022-02-20 17:58:31,451 INFO L290 TraceCheckUtils]: 205: Hoare triple {28613#false} assume !false; {28613#false} is VALID [2022-02-20 17:58:31,451 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2022-02-20 17:58:31,451 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:31,451 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [548063483] [2022-02-20 17:58:31,451 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [548063483] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:31,451 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1088825126] [2022-02-20 17:58:31,451 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:31,452 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:31,452 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:31,453 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:31,457 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:58:31,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,780 INFO L263 TraceCheckSpWp]: Trace formula consists of 1653 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:58:31,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,870 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:32,295 INFO L290 TraceCheckUtils]: 0: Hoare triple {28612#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {28612#true} is VALID [2022-02-20 17:58:32,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {28612#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {28612#true} is VALID [2022-02-20 17:58:32,295 INFO L290 TraceCheckUtils]: 2: Hoare triple {28612#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {28612#true} is VALID [2022-02-20 17:58:32,295 INFO L272 TraceCheckUtils]: 3: Hoare triple {28612#true} call select_features_#t~ret29#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:32,295 INFO L290 TraceCheckUtils]: 4: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L290 TraceCheckUtils]: 5: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {28612#true} {28612#true} #1736#return; {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L290 TraceCheckUtils]: 7: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L272 TraceCheckUtils]: 8: Hoare triple {28612#true} call select_features_#t~ret30#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L290 TraceCheckUtils]: 9: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L290 TraceCheckUtils]: 10: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {28612#true} {28612#true} #1738#return; {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L290 TraceCheckUtils]: 12: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {28612#true} is VALID [2022-02-20 17:58:32,296 INFO L272 TraceCheckUtils]: 13: Hoare triple {28612#true} call select_features_#t~ret31#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L290 TraceCheckUtils]: 14: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L290 TraceCheckUtils]: 15: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {28612#true} {28612#true} #1740#return; {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L290 TraceCheckUtils]: 17: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L272 TraceCheckUtils]: 18: Hoare triple {28612#true} call select_features_#t~ret32#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L290 TraceCheckUtils]: 19: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L290 TraceCheckUtils]: 20: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {28612#true} {28612#true} #1742#return; {28612#true} is VALID [2022-02-20 17:58:32,297 INFO L290 TraceCheckUtils]: 22: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L272 TraceCheckUtils]: 23: Hoare triple {28612#true} call select_features_#t~ret33#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L290 TraceCheckUtils]: 24: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L290 TraceCheckUtils]: 25: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {28612#true} {28612#true} #1744#return; {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L290 TraceCheckUtils]: 27: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L272 TraceCheckUtils]: 28: Hoare triple {28612#true} call select_features_#t~ret34#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L290 TraceCheckUtils]: 29: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L290 TraceCheckUtils]: 30: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,298 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {28612#true} {28612#true} #1746#return; {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L290 TraceCheckUtils]: 32: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L272 TraceCheckUtils]: 33: Hoare triple {28612#true} call select_features_#t~ret35#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L290 TraceCheckUtils]: 34: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L290 TraceCheckUtils]: 35: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {28612#true} {28612#true} #1748#return; {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L290 TraceCheckUtils]: 37: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L272 TraceCheckUtils]: 38: Hoare triple {28612#true} call select_features_#t~ret36#1 := select_one(); {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L290 TraceCheckUtils]: 39: Hoare triple {28612#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {28612#true} is VALID [2022-02-20 17:58:32,299 INFO L290 TraceCheckUtils]: 40: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {28612#true} {28612#true} #1750#return; {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 42: Hoare triple {28612#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 43: Hoare triple {28612#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 44: Hoare triple {28612#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 45: Hoare triple {28612#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 46: Hoare triple {28612#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 47: Hoare triple {28612#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 48: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 49: Hoare triple {28612#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {28612#true} is VALID [2022-02-20 17:58:32,300 INFO L290 TraceCheckUtils]: 50: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L290 TraceCheckUtils]: 51: Hoare triple {28612#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L290 TraceCheckUtils]: 52: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L290 TraceCheckUtils]: 53: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~3#1 := 1; {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L290 TraceCheckUtils]: 54: Hoare triple {28612#true} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L290 TraceCheckUtils]: 55: Hoare triple {28612#true} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L290 TraceCheckUtils]: 56: Hoare triple {28612#true} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L290 TraceCheckUtils]: 57: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L272 TraceCheckUtils]: 58: Hoare triple {28612#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {28612#true} is VALID [2022-02-20 17:58:32,301 INFO L290 TraceCheckUtils]: 59: Hoare triple {28612#true} ~bob___0 := #in~bob___0; {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L272 TraceCheckUtils]: 60: Hoare triple {28612#true} call setClientId(~bob___0, ~bob___0); {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L290 TraceCheckUtils]: 61: Hoare triple {28612#true} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L290 TraceCheckUtils]: 62: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L290 TraceCheckUtils]: 63: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {28612#true} {28612#true} #1734#return; {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L290 TraceCheckUtils]: 65: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {28612#true} {28612#true} #1752#return; {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L272 TraceCheckUtils]: 67: Hoare triple {28612#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {28612#true} is VALID [2022-02-20 17:58:32,302 INFO L290 TraceCheckUtils]: 68: Hoare triple {28612#true} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:32,303 INFO L290 TraceCheckUtils]: 69: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:32,303 INFO L290 TraceCheckUtils]: 70: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,303 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {28612#true} {28612#true} #1754#return; {28612#true} is VALID [2022-02-20 17:58:32,303 INFO L290 TraceCheckUtils]: 72: Hoare triple {28612#true} assume { :end_inline_setup_bob__role__Keys } true; {28612#true} is VALID [2022-02-20 17:58:32,306 INFO L290 TraceCheckUtils]: 73: Hoare triple {28612#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L290 TraceCheckUtils]: 74: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L272 TraceCheckUtils]: 75: Hoare triple {28612#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L290 TraceCheckUtils]: 76: Hoare triple {28612#true} ~rjh___0 := #in~rjh___0; {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L272 TraceCheckUtils]: 77: Hoare triple {28612#true} call setClientId(~rjh___0, ~rjh___0); {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L290 TraceCheckUtils]: 78: Hoare triple {28612#true} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L290 TraceCheckUtils]: 79: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L290 TraceCheckUtils]: 80: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {28612#true} {28612#true} #1678#return; {28612#true} is VALID [2022-02-20 17:58:32,307 INFO L290 TraceCheckUtils]: 82: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {28612#true} {28612#true} #1758#return; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L272 TraceCheckUtils]: 84: Hoare triple {28612#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L290 TraceCheckUtils]: 85: Hoare triple {28612#true} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L290 TraceCheckUtils]: 86: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L290 TraceCheckUtils]: 87: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {28612#true} {28612#true} #1760#return; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L290 TraceCheckUtils]: 89: Hoare triple {28612#true} assume { :end_inline_setup_rjh__role__Keys } true; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L290 TraceCheckUtils]: 90: Hoare triple {28612#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L290 TraceCheckUtils]: 91: Hoare triple {28612#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {28612#true} is VALID [2022-02-20 17:58:32,308 INFO L272 TraceCheckUtils]: 92: Hoare triple {28612#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L290 TraceCheckUtils]: 93: Hoare triple {28612#true} ~chuck___0 := #in~chuck___0; {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L272 TraceCheckUtils]: 94: Hoare triple {28612#true} call setClientId(~chuck___0, ~chuck___0); {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L290 TraceCheckUtils]: 95: Hoare triple {28612#true} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L290 TraceCheckUtils]: 96: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L290 TraceCheckUtils]: 97: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {28612#true} {28612#true} #1624#return; {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L290 TraceCheckUtils]: 99: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {28612#true} {28612#true} #1764#return; {28612#true} is VALID [2022-02-20 17:58:32,309 INFO L272 TraceCheckUtils]: 101: Hoare triple {28612#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {28612#true} is VALID [2022-02-20 17:58:32,310 INFO L290 TraceCheckUtils]: 102: Hoare triple {28612#true} ~handle := #in~handle;~value := #in~value; {28612#true} is VALID [2022-02-20 17:58:32,310 INFO L290 TraceCheckUtils]: 103: Hoare triple {28612#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28612#true} is VALID [2022-02-20 17:58:32,310 INFO L290 TraceCheckUtils]: 104: Hoare triple {28612#true} assume true; {28612#true} is VALID [2022-02-20 17:58:32,310 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {28612#true} {28612#true} #1766#return; {28612#true} is VALID [2022-02-20 17:58:32,310 INFO L290 TraceCheckUtils]: 106: Hoare triple {28612#true} assume { :end_inline_setup_chuck__role__Keys } true; {28612#true} is VALID [2022-02-20 17:58:32,310 INFO L290 TraceCheckUtils]: 107: Hoare triple {28612#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {28612#true} is VALID [2022-02-20 17:58:32,311 INFO L290 TraceCheckUtils]: 108: Hoare triple {28612#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29068#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:32,311 INFO L290 TraceCheckUtils]: 109: Hoare triple {29068#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {29068#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:32,312 INFO L290 TraceCheckUtils]: 110: Hoare triple {29068#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {28613#false} is VALID [2022-02-20 17:58:32,312 INFO L290 TraceCheckUtils]: 111: Hoare triple {28613#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L272 TraceCheckUtils]: 112: Hoare triple {28613#false} call sendEmail(~bob~0, ~rjh~0); {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L290 TraceCheckUtils]: 113: Hoare triple {28613#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L272 TraceCheckUtils]: 114: Hoare triple {28613#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L290 TraceCheckUtils]: 115: Hoare triple {28613#false} ~handle := #in~handle;~value := #in~value; {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L290 TraceCheckUtils]: 116: Hoare triple {28613#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L290 TraceCheckUtils]: 117: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {28613#false} {28613#false} #1646#return; {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L272 TraceCheckUtils]: 119: Hoare triple {28613#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L290 TraceCheckUtils]: 120: Hoare triple {28613#false} ~handle := #in~handle;~value := #in~value; {28613#false} is VALID [2022-02-20 17:58:32,313 INFO L290 TraceCheckUtils]: 121: Hoare triple {28613#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L290 TraceCheckUtils]: 122: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {28613#false} {28613#false} #1648#return; {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L290 TraceCheckUtils]: 124: Hoare triple {28613#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L290 TraceCheckUtils]: 125: Hoare triple {28613#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L272 TraceCheckUtils]: 126: Hoare triple {28613#false} call outgoing(~sender#1, ~email~0#1); {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L290 TraceCheckUtils]: 127: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L290 TraceCheckUtils]: 128: Hoare triple {28613#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret77#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~18#1; {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L272 TraceCheckUtils]: 129: Hoare triple {28613#false} call sign_#t~ret77#1 := getClientPrivateKey(sign_~client#1); {28613#false} is VALID [2022-02-20 17:58:32,314 INFO L290 TraceCheckUtils]: 130: Hoare triple {28613#false} ~handle := #in~handle;havoc ~retValue_acc~15; {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L290 TraceCheckUtils]: 131: Hoare triple {28613#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L290 TraceCheckUtils]: 132: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {28613#false} {28613#false} #1590#return; {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L290 TraceCheckUtils]: 134: Hoare triple {28613#false} assume -2147483648 <= sign_#t~ret77#1 && sign_#t~ret77#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret77#1;havoc sign_#t~ret77#1;sign_~privkey~1#1 := sign_~tmp~18#1; {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L290 TraceCheckUtils]: 135: Hoare triple {28613#false} assume 0 == sign_~privkey~1#1; {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L290 TraceCheckUtils]: 136: Hoare triple {28613#false} assume { :end_inline_sign } true; {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L272 TraceCheckUtils]: 137: Hoare triple {28613#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L290 TraceCheckUtils]: 138: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L290 TraceCheckUtils]: 139: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {28613#false} is VALID [2022-02-20 17:58:32,315 INFO L272 TraceCheckUtils]: 140: Hoare triple {28613#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L290 TraceCheckUtils]: 141: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L290 TraceCheckUtils]: 142: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L272 TraceCheckUtils]: 143: Hoare triple {28613#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L290 TraceCheckUtils]: 144: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L290 TraceCheckUtils]: 145: Hoare triple {28613#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L290 TraceCheckUtils]: 146: Hoare triple {28613#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L272 TraceCheckUtils]: 147: Hoare triple {28613#false} call setEmailFrom(~msg#1, ~tmp~9#1); {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L290 TraceCheckUtils]: 148: Hoare triple {28613#false} ~handle := #in~handle;~value := #in~value; {28613#false} is VALID [2022-02-20 17:58:32,316 INFO L290 TraceCheckUtils]: 149: Hoare triple {28613#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L290 TraceCheckUtils]: 150: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {28613#false} {28613#false} #1658#return; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L290 TraceCheckUtils]: 152: Hoare triple {28613#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L272 TraceCheckUtils]: 153: Hoare triple {28613#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L290 TraceCheckUtils]: 154: Hoare triple {28613#false} ~handle := #in~handle;havoc ~retValue_acc~26; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L290 TraceCheckUtils]: 155: Hoare triple {28613#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L290 TraceCheckUtils]: 156: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {28613#false} {28613#false} #1660#return; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L290 TraceCheckUtils]: 158: Hoare triple {28613#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {28613#false} is VALID [2022-02-20 17:58:32,317 INFO L290 TraceCheckUtils]: 159: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L272 TraceCheckUtils]: 160: Hoare triple {28613#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L290 TraceCheckUtils]: 161: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L290 TraceCheckUtils]: 162: Hoare triple {28613#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~tmp~19#1, verify_~tmp___0~5#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1; {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L272 TraceCheckUtils]: 163: Hoare triple {28613#false} call verify_#t~ret79#1 := isReadable(verify_~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L290 TraceCheckUtils]: 164: Hoare triple {28613#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L290 TraceCheckUtils]: 165: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L272 TraceCheckUtils]: 166: Hoare triple {28613#false} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L290 TraceCheckUtils]: 167: Hoare triple {28613#false} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {28613#false} is VALID [2022-02-20 17:58:32,318 INFO L290 TraceCheckUtils]: 168: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L284 TraceCheckUtils]: 169: Hoare quadruple {28613#false} {28613#false} #1812#return; {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L290 TraceCheckUtils]: 170: Hoare triple {28613#false} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L290 TraceCheckUtils]: 171: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {28613#false} {28613#false} #1596#return; {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L290 TraceCheckUtils]: 173: Hoare triple {28613#false} assume -2147483648 <= verify_#t~ret79#1 && verify_#t~ret79#1 <= 2147483647;verify_~tmp~19#1 := verify_#t~ret79#1;havoc verify_#t~ret79#1; {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L290 TraceCheckUtils]: 174: Hoare triple {28613#false} assume !(0 != verify_~tmp~19#1); {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L290 TraceCheckUtils]: 175: Hoare triple {28613#false} assume { :end_inline_verify } true; {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L272 TraceCheckUtils]: 176: Hoare triple {28613#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L290 TraceCheckUtils]: 177: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:32,319 INFO L290 TraceCheckUtils]: 178: Hoare triple {28613#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L272 TraceCheckUtils]: 179: Hoare triple {28613#false} call incoming__before__Forward(~client#1, ~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L290 TraceCheckUtils]: 180: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L290 TraceCheckUtils]: 181: Hoare triple {28613#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret66#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~12#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~12#1; {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L272 TraceCheckUtils]: 182: Hoare triple {28613#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L290 TraceCheckUtils]: 183: Hoare triple {28613#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L272 TraceCheckUtils]: 184: Hoare triple {28613#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L290 TraceCheckUtils]: 185: Hoare triple {28613#false} ~handle := #in~handle;havoc ~retValue_acc~33; {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L290 TraceCheckUtils]: 186: Hoare triple {28613#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {28613#false} is VALID [2022-02-20 17:58:32,320 INFO L290 TraceCheckUtils]: 187: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L284 TraceCheckUtils]: 188: Hoare quadruple {28613#false} {28613#false} #1708#return; {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L290 TraceCheckUtils]: 189: Hoare triple {28613#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L290 TraceCheckUtils]: 190: Hoare triple {28613#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L272 TraceCheckUtils]: 191: Hoare triple {28613#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L290 TraceCheckUtils]: 192: Hoare triple {28613#false} ~handle := #in~handle;havoc ~retValue_acc~25; {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L290 TraceCheckUtils]: 193: Hoare triple {28613#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L290 TraceCheckUtils]: 194: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L284 TraceCheckUtils]: 195: Hoare quadruple {28613#false} {28613#false} #1710#return; {28613#false} is VALID [2022-02-20 17:58:32,321 INFO L290 TraceCheckUtils]: 196: Hoare triple {28613#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L272 TraceCheckUtils]: 197: Hoare triple {28613#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L290 TraceCheckUtils]: 198: Hoare triple {28613#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L290 TraceCheckUtils]: 199: Hoare triple {28613#false} assume 1 == ~handle; {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L290 TraceCheckUtils]: 200: Hoare triple {28613#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L290 TraceCheckUtils]: 201: Hoare triple {28613#false} assume true; {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L284 TraceCheckUtils]: 202: Hoare quadruple {28613#false} {28613#false} #1712#return; {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L290 TraceCheckUtils]: 203: Hoare triple {28613#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L290 TraceCheckUtils]: 204: Hoare triple {28613#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {28613#false} is VALID [2022-02-20 17:58:32,322 INFO L290 TraceCheckUtils]: 205: Hoare triple {28613#false} assume !false; {28613#false} is VALID [2022-02-20 17:58:32,323 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 17:58:32,323 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:32,323 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1088825126] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:32,323 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:32,323 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 17:58:32,323 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1053807602] [2022-02-20 17:58:32,324 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:32,324 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 2 states have call successors, (36), 2 states have call predecessors, (36), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) Word has length 206 [2022-02-20 17:58:32,326 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:32,326 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 2 states have call successors, (36), 2 states have call predecessors, (36), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 17:58:32,454 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 177 edges. 177 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:32,454 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:32,454 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:32,455 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:32,455 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:32,455 INFO L87 Difference]: Start difference. First operand 600 states and 858 transitions. Second operand has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 2 states have call successors, (36), 2 states have call predecessors, (36), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 17:58:33,062 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:33,062 INFO L93 Difference]: Finished difference Result 932 states and 1315 transitions. [2022-02-20 17:58:33,062 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:33,063 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 2 states have call successors, (36), 2 states have call predecessors, (36), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) Word has length 206 [2022-02-20 17:58:33,063 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:33,063 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 2 states have call successors, (36), 2 states have call predecessors, (36), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 17:58:33,073 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1311 transitions. [2022-02-20 17:58:33,073 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 2 states have call successors, (36), 2 states have call predecessors, (36), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 17:58:33,083 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1311 transitions. [2022-02-20 17:58:33,083 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1311 transitions. [2022-02-20 17:58:33,823 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1311 edges. 1311 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:33,839 INFO L225 Difference]: With dead ends: 932 [2022-02-20 17:58:33,839 INFO L226 Difference]: Without dead ends: 603 [2022-02-20 17:58:33,840 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 265 GetRequests, 254 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:33,841 INFO L933 BasicCegarLoop]: 852 mSDtfsCounter, 1 mSDsluCounter, 850 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1702 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:33,841 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1702 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:33,842 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 603 states. [2022-02-20 17:58:33,858 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 603 to 602. [2022-02-20 17:58:33,859 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:33,860 INFO L82 GeneralOperation]: Start isEquivalent. First operand 603 states. Second operand has 602 states, 450 states have (on average 1.4466666666666668) internal successors, (651), 460 states have internal predecessors, (651), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 17:58:33,860 INFO L74 IsIncluded]: Start isIncluded. First operand 603 states. Second operand has 602 states, 450 states have (on average 1.4466666666666668) internal successors, (651), 460 states have internal predecessors, (651), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 17:58:33,861 INFO L87 Difference]: Start difference. First operand 603 states. Second operand has 602 states, 450 states have (on average 1.4466666666666668) internal successors, (651), 460 states have internal predecessors, (651), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 17:58:33,873 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:33,873 INFO L93 Difference]: Finished difference Result 603 states and 861 transitions. [2022-02-20 17:58:33,873 INFO L276 IsEmpty]: Start isEmpty. Operand 603 states and 861 transitions. [2022-02-20 17:58:33,875 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:33,875 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:33,876 INFO L74 IsIncluded]: Start isIncluded. First operand has 602 states, 450 states have (on average 1.4466666666666668) internal successors, (651), 460 states have internal predecessors, (651), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 603 states. [2022-02-20 17:58:33,876 INFO L87 Difference]: Start difference. First operand has 602 states, 450 states have (on average 1.4466666666666668) internal successors, (651), 460 states have internal predecessors, (651), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 603 states. [2022-02-20 17:58:33,889 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:33,889 INFO L93 Difference]: Finished difference Result 603 states and 861 transitions. [2022-02-20 17:58:33,889 INFO L276 IsEmpty]: Start isEmpty. Operand 603 states and 861 transitions. [2022-02-20 17:58:33,890 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:33,890 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:33,890 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:33,890 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:33,891 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 602 states, 450 states have (on average 1.4466666666666668) internal successors, (651), 460 states have internal predecessors, (651), 105 states have call successors, (105), 46 states have call predecessors, (105), 46 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 17:58:33,907 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 602 states to 602 states and 860 transitions. [2022-02-20 17:58:33,907 INFO L78 Accepts]: Start accepts. Automaton has 602 states and 860 transitions. Word has length 206 [2022-02-20 17:58:33,909 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:33,909 INFO L470 AbstractCegarLoop]: Abstraction has 602 states and 860 transitions. [2022-02-20 17:58:33,909 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 2 states have call successors, (36), 2 states have call predecessors, (36), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 17:58:33,909 INFO L276 IsEmpty]: Start isEmpty. Operand 602 states and 860 transitions. [2022-02-20 17:58:33,911 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 222 [2022-02-20 17:58:33,911 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:33,911 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:33,932 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 17:58:34,123 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:34,123 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:34,124 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:34,124 INFO L85 PathProgramCache]: Analyzing trace with hash 1714641347, now seen corresponding path program 1 times [2022-02-20 17:58:34,124 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:34,124 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1344398582] [2022-02-20 17:58:34,124 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:34,124 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:34,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:58:34,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,183 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,183 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1736#return; {32684#true} is VALID [2022-02-20 17:58:34,183 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:58:34,184 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,186 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,186 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,186 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1738#return; {32684#true} is VALID [2022-02-20 17:58:34,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:58:34,187 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,188 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1740#return; {32684#true} is VALID [2022-02-20 17:58:34,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:34,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,191 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,191 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,191 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1742#return; {32684#true} is VALID [2022-02-20 17:58:34,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:58:34,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,193 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,193 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,193 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1744#return; {32684#true} is VALID [2022-02-20 17:58:34,193 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:58:34,194 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,195 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,196 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1746#return; {32684#true} is VALID [2022-02-20 17:58:34,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:58:34,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,198 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,198 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1748#return; {32684#true} is VALID [2022-02-20 17:58:34,198 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:34,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,200 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,200 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,200 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1750#return; {32684#true} is VALID [2022-02-20 17:58:34,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:58:34,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:34,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,209 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,209 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32684#true} #1734#return; {32684#true} is VALID [2022-02-20 17:58:34,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {32684#true} is VALID [2022-02-20 17:58:34,210 INFO L272 TraceCheckUtils]: 1: Hoare triple {32684#true} call setClientId(~bob___0, ~bob___0); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,210 INFO L290 TraceCheckUtils]: 2: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,210 INFO L290 TraceCheckUtils]: 3: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,210 INFO L290 TraceCheckUtils]: 4: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,210 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {32684#true} {32684#true} #1734#return; {32684#true} is VALID [2022-02-20 17:58:34,210 INFO L290 TraceCheckUtils]: 6: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,210 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {32684#true} {32684#true} #1752#return; {32684#true} is VALID [2022-02-20 17:58:34,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:58:34,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,217 INFO L290 TraceCheckUtils]: 0: Hoare triple {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,217 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,217 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,218 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32684#true} #1754#return; {32684#true} is VALID [2022-02-20 17:58:34,218 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:58:34,219 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:34,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32806#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:34,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {32806#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32807#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,245 INFO L290 TraceCheckUtils]: 2: Hoare triple {32807#(= |setClientId_#in~handle| 1)} assume true; {32807#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,245 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32807#(= |setClientId_#in~handle| 1)} {32800#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1678#return; {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:34,245 INFO L290 TraceCheckUtils]: 0: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {32800#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:58:34,246 INFO L272 TraceCheckUtils]: 1: Hoare triple {32800#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,246 INFO L290 TraceCheckUtils]: 2: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32806#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:34,247 INFO L290 TraceCheckUtils]: 3: Hoare triple {32806#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32807#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,247 INFO L290 TraceCheckUtils]: 4: Hoare triple {32807#(= |setClientId_#in~handle| 1)} assume true; {32807#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,247 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {32807#(= |setClientId_#in~handle| 1)} {32800#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1678#return; {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:34,247 INFO L290 TraceCheckUtils]: 6: Hoare triple {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:34,248 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {32723#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1758#return; {32685#false} is VALID [2022-02-20 17:58:34,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:58:34,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,257 INFO L290 TraceCheckUtils]: 0: Hoare triple {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,257 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,257 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,257 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1760#return; {32685#false} is VALID [2022-02-20 17:58:34,257 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:34,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:34,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,265 INFO L290 TraceCheckUtils]: 0: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,265 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,265 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32684#true} #1624#return; {32684#true} is VALID [2022-02-20 17:58:34,265 INFO L290 TraceCheckUtils]: 0: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {32684#true} is VALID [2022-02-20 17:58:34,266 INFO L272 TraceCheckUtils]: 1: Hoare triple {32684#true} call setClientId(~chuck___0, ~chuck___0); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,266 INFO L290 TraceCheckUtils]: 2: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,266 INFO L290 TraceCheckUtils]: 3: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,266 INFO L290 TraceCheckUtils]: 4: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,266 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {32684#true} {32684#true} #1624#return; {32684#true} is VALID [2022-02-20 17:58:34,266 INFO L290 TraceCheckUtils]: 6: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,267 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {32684#true} {32685#false} #1764#return; {32685#false} is VALID [2022-02-20 17:58:34,267 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:34,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,270 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1766#return; {32685#false} is VALID [2022-02-20 17:58:34,276 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:58:34,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {32812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,278 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,278 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,278 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1646#return; {32685#false} is VALID [2022-02-20 17:58:34,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:58:34,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {32813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,290 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,290 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1648#return; {32685#false} is VALID [2022-02-20 17:58:34,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 17:58:34,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~15; {32684#true} is VALID [2022-02-20 17:58:34,292 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {32684#true} is VALID [2022-02-20 17:58:34,292 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,292 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1590#return; {32685#false} is VALID [2022-02-20 17:58:34,292 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 155 [2022-02-20 17:58:34,293 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {32812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,294 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1658#return; {32685#false} is VALID [2022-02-20 17:58:34,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 161 [2022-02-20 17:58:34,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,297 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~26; {32684#true} is VALID [2022-02-20 17:58:34,297 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {32684#true} is VALID [2022-02-20 17:58:34,297 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,297 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1660#return; {32685#false} is VALID [2022-02-20 17:58:34,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 168 [2022-02-20 17:58:34,298 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~15; {32684#true} is VALID [2022-02-20 17:58:34,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {32684#true} is VALID [2022-02-20 17:58:34,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,300 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1662#return; {32685#false} is VALID [2022-02-20 17:58:34,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 178 [2022-02-20 17:58:34,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,306 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 17:58:34,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {32684#true} is VALID [2022-02-20 17:58:34,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,307 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32684#true} {32684#true} #1812#return; {32684#true} is VALID [2022-02-20 17:58:34,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {32684#true} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32684#true} is VALID [2022-02-20 17:58:34,308 INFO L272 TraceCheckUtils]: 2: Hoare triple {32684#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {32684#true} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 3: Hoare triple {32684#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {32684#true} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 4: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,308 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {32684#true} {32684#true} #1812#return; {32684#true} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 6: Hoare triple {32684#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {32684#true} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 7: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,308 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {32684#true} {32685#false} #1596#return; {32685#false} is VALID [2022-02-20 17:58:34,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 199 [2022-02-20 17:58:34,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,310 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~33; {32684#true} is VALID [2022-02-20 17:58:34,310 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {32684#true} is VALID [2022-02-20 17:58:34,310 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,310 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1708#return; {32685#false} is VALID [2022-02-20 17:58:34,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 206 [2022-02-20 17:58:34,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~25; {32684#true} is VALID [2022-02-20 17:58:34,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {32684#true} is VALID [2022-02-20 17:58:34,312 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,313 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32684#true} {32685#false} #1710#return; {32685#false} is VALID [2022-02-20 17:58:34,313 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 212 [2022-02-20 17:58:34,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {32684#true} is VALID [2022-02-20 17:58:34,314 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume 1 == ~handle; {32684#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {32684#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 3: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,315 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {32684#true} {32685#false} #1712#return; {32685#false} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {32684#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {32684#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {32684#true} is VALID [2022-02-20 17:58:34,315 INFO L272 TraceCheckUtils]: 3: Hoare triple {32684#true} call select_features_#t~ret29#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 4: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 5: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {32684#true} {32684#true} #1736#return; {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 7: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L272 TraceCheckUtils]: 8: Hoare triple {32684#true} call select_features_#t~ret30#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 9: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 10: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {32684#true} {32684#true} #1738#return; {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 12: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L272 TraceCheckUtils]: 13: Hoare triple {32684#true} call select_features_#t~ret31#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 14: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 15: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {32684#true} {32684#true} #1740#return; {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 17: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L272 TraceCheckUtils]: 18: Hoare triple {32684#true} call select_features_#t~ret32#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 19: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 20: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {32684#true} {32684#true} #1742#return; {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 22: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L272 TraceCheckUtils]: 23: Hoare triple {32684#true} call select_features_#t~ret33#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 24: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 25: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {32684#true} {32684#true} #1744#return; {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 27: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L272 TraceCheckUtils]: 28: Hoare triple {32684#true} call select_features_#t~ret34#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 29: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 30: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {32684#true} {32684#true} #1746#return; {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 32: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L272 TraceCheckUtils]: 33: Hoare triple {32684#true} call select_features_#t~ret35#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 34: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L290 TraceCheckUtils]: 35: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {32684#true} {32684#true} #1748#return; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L290 TraceCheckUtils]: 37: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L272 TraceCheckUtils]: 38: Hoare triple {32684#true} call select_features_#t~ret36#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L290 TraceCheckUtils]: 39: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L290 TraceCheckUtils]: 40: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {32684#true} {32684#true} #1750#return; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L290 TraceCheckUtils]: 42: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L290 TraceCheckUtils]: 43: Hoare triple {32684#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {32684#true} is VALID [2022-02-20 17:58:34,319 INFO L290 TraceCheckUtils]: 44: Hoare triple {32684#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 45: Hoare triple {32684#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 46: Hoare triple {32684#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 47: Hoare triple {32684#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 48: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 49: Hoare triple {32684#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 50: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 51: Hoare triple {32684#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 52: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 53: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~3#1 := 1; {32684#true} is VALID [2022-02-20 17:58:34,320 INFO L290 TraceCheckUtils]: 54: Hoare triple {32684#true} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {32684#true} is VALID [2022-02-20 17:58:34,321 INFO L290 TraceCheckUtils]: 55: Hoare triple {32684#true} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {32684#true} is VALID [2022-02-20 17:58:34,321 INFO L290 TraceCheckUtils]: 56: Hoare triple {32684#true} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {32684#true} is VALID [2022-02-20 17:58:34,321 INFO L290 TraceCheckUtils]: 57: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {32684#true} is VALID [2022-02-20 17:58:34,321 INFO L272 TraceCheckUtils]: 58: Hoare triple {32684#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,321 INFO L290 TraceCheckUtils]: 59: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {32684#true} is VALID [2022-02-20 17:58:34,322 INFO L272 TraceCheckUtils]: 60: Hoare triple {32684#true} call setClientId(~bob___0, ~bob___0); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,322 INFO L290 TraceCheckUtils]: 61: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,322 INFO L290 TraceCheckUtils]: 62: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,322 INFO L290 TraceCheckUtils]: 63: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,322 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {32684#true} {32684#true} #1734#return; {32684#true} is VALID [2022-02-20 17:58:34,322 INFO L290 TraceCheckUtils]: 65: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,322 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {32684#true} {32684#true} #1752#return; {32684#true} is VALID [2022-02-20 17:58:34,323 INFO L272 TraceCheckUtils]: 67: Hoare triple {32684#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:34,323 INFO L290 TraceCheckUtils]: 68: Hoare triple {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,323 INFO L290 TraceCheckUtils]: 69: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,323 INFO L290 TraceCheckUtils]: 70: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,323 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {32684#true} {32684#true} #1754#return; {32684#true} is VALID [2022-02-20 17:58:34,323 INFO L290 TraceCheckUtils]: 72: Hoare triple {32684#true} assume { :end_inline_setup_bob__role__Keys } true; {32684#true} is VALID [2022-02-20 17:58:34,324 INFO L290 TraceCheckUtils]: 73: Hoare triple {32684#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {32722#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:34,324 INFO L290 TraceCheckUtils]: 74: Hoare triple {32722#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {32723#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:34,325 INFO L272 TraceCheckUtils]: 75: Hoare triple {32723#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,325 INFO L290 TraceCheckUtils]: 76: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {32800#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:58:34,325 INFO L272 TraceCheckUtils]: 77: Hoare triple {32800#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,326 INFO L290 TraceCheckUtils]: 78: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32806#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:34,326 INFO L290 TraceCheckUtils]: 79: Hoare triple {32806#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32807#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,326 INFO L290 TraceCheckUtils]: 80: Hoare triple {32807#(= |setClientId_#in~handle| 1)} assume true; {32807#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,327 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {32807#(= |setClientId_#in~handle| 1)} {32800#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1678#return; {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:34,327 INFO L290 TraceCheckUtils]: 82: Hoare triple {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:58:34,327 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {32805#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {32723#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1758#return; {32685#false} is VALID [2022-02-20 17:58:34,327 INFO L272 TraceCheckUtils]: 84: Hoare triple {32685#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:34,327 INFO L290 TraceCheckUtils]: 85: Hoare triple {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,328 INFO L290 TraceCheckUtils]: 86: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,328 INFO L290 TraceCheckUtils]: 87: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,328 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {32684#true} {32685#false} #1760#return; {32685#false} is VALID [2022-02-20 17:58:34,328 INFO L290 TraceCheckUtils]: 89: Hoare triple {32685#false} assume { :end_inline_setup_rjh__role__Keys } true; {32685#false} is VALID [2022-02-20 17:58:34,328 INFO L290 TraceCheckUtils]: 90: Hoare triple {32685#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {32685#false} is VALID [2022-02-20 17:58:34,328 INFO L290 TraceCheckUtils]: 91: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {32685#false} is VALID [2022-02-20 17:58:34,328 INFO L272 TraceCheckUtils]: 92: Hoare triple {32685#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,328 INFO L290 TraceCheckUtils]: 93: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {32684#true} is VALID [2022-02-20 17:58:34,329 INFO L272 TraceCheckUtils]: 94: Hoare triple {32684#true} call setClientId(~chuck___0, ~chuck___0); {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,329 INFO L290 TraceCheckUtils]: 95: Hoare triple {32794#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,329 INFO L290 TraceCheckUtils]: 96: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,329 INFO L290 TraceCheckUtils]: 97: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,329 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {32684#true} {32684#true} #1624#return; {32684#true} is VALID [2022-02-20 17:58:34,329 INFO L290 TraceCheckUtils]: 99: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,329 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {32684#true} {32685#false} #1764#return; {32685#false} is VALID [2022-02-20 17:58:34,329 INFO L272 TraceCheckUtils]: 101: Hoare triple {32685#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:34,330 INFO L290 TraceCheckUtils]: 102: Hoare triple {32799#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,330 INFO L290 TraceCheckUtils]: 103: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,330 INFO L290 TraceCheckUtils]: 104: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,330 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {32684#true} {32685#false} #1766#return; {32685#false} is VALID [2022-02-20 17:58:34,330 INFO L290 TraceCheckUtils]: 106: Hoare triple {32685#false} assume { :end_inline_setup_chuck__role__Keys } true; {32685#false} is VALID [2022-02-20 17:58:34,330 INFO L290 TraceCheckUtils]: 107: Hoare triple {32685#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {32685#false} is VALID [2022-02-20 17:58:34,330 INFO L290 TraceCheckUtils]: 108: Hoare triple {32685#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {32685#false} is VALID [2022-02-20 17:58:34,330 INFO L290 TraceCheckUtils]: 109: Hoare triple {32685#false} assume !false; {32685#false} is VALID [2022-02-20 17:58:34,330 INFO L290 TraceCheckUtils]: 110: Hoare triple {32685#false} assume test_~splverifierCounter~0#1 < 4; {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 111: Hoare triple {32685#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 112: Hoare triple {32685#false} assume !(0 == test_~op1~0#1); {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 113: Hoare triple {32685#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 114: Hoare triple {32685#false} assume 0 != test_~tmp___8~0#1; {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 115: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 116: Hoare triple {32685#false} test_~op2~0#1 := 1; {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 117: Hoare triple {32685#false} assume !false; {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 118: Hoare triple {32685#false} assume !(test_~splverifierCounter~0#1 < 4); {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L290 TraceCheckUtils]: 119: Hoare triple {32685#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {32685#false} is VALID [2022-02-20 17:58:34,331 INFO L272 TraceCheckUtils]: 120: Hoare triple {32685#false} call sendEmail(~bob~0, ~rjh~0); {32685#false} is VALID [2022-02-20 17:58:34,332 INFO L290 TraceCheckUtils]: 121: Hoare triple {32685#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {32685#false} is VALID [2022-02-20 17:58:34,332 INFO L272 TraceCheckUtils]: 122: Hoare triple {32685#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {32812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:34,332 INFO L290 TraceCheckUtils]: 123: Hoare triple {32812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,332 INFO L290 TraceCheckUtils]: 124: Hoare triple {32684#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,332 INFO L290 TraceCheckUtils]: 125: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,332 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {32684#true} {32685#false} #1646#return; {32685#false} is VALID [2022-02-20 17:58:34,332 INFO L272 TraceCheckUtils]: 127: Hoare triple {32685#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {32813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:34,332 INFO L290 TraceCheckUtils]: 128: Hoare triple {32813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,332 INFO L290 TraceCheckUtils]: 129: Hoare triple {32684#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,332 INFO L290 TraceCheckUtils]: 130: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,333 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {32684#true} {32685#false} #1648#return; {32685#false} is VALID [2022-02-20 17:58:34,333 INFO L290 TraceCheckUtils]: 132: Hoare triple {32685#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {32685#false} is VALID [2022-02-20 17:58:34,333 INFO L290 TraceCheckUtils]: 133: Hoare triple {32685#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {32685#false} is VALID [2022-02-20 17:58:34,333 INFO L272 TraceCheckUtils]: 134: Hoare triple {32685#false} call outgoing(~sender#1, ~email~0#1); {32685#false} is VALID [2022-02-20 17:58:34,333 INFO L290 TraceCheckUtils]: 135: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:34,333 INFO L290 TraceCheckUtils]: 136: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret77#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~18#1; {32685#false} is VALID [2022-02-20 17:58:34,333 INFO L272 TraceCheckUtils]: 137: Hoare triple {32685#false} call sign_#t~ret77#1 := getClientPrivateKey(sign_~client#1); {32684#true} is VALID [2022-02-20 17:58:34,333 INFO L290 TraceCheckUtils]: 138: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~15; {32684#true} is VALID [2022-02-20 17:58:34,333 INFO L290 TraceCheckUtils]: 139: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {32684#true} is VALID [2022-02-20 17:58:34,333 INFO L290 TraceCheckUtils]: 140: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,334 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {32684#true} {32685#false} #1590#return; {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L290 TraceCheckUtils]: 142: Hoare triple {32685#false} assume -2147483648 <= sign_#t~ret77#1 && sign_#t~ret77#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret77#1;havoc sign_#t~ret77#1;sign_~privkey~1#1 := sign_~tmp~18#1; {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L290 TraceCheckUtils]: 143: Hoare triple {32685#false} assume 0 == sign_~privkey~1#1; {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L290 TraceCheckUtils]: 144: Hoare triple {32685#false} assume { :end_inline_sign } true; {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L272 TraceCheckUtils]: 145: Hoare triple {32685#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L290 TraceCheckUtils]: 146: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L290 TraceCheckUtils]: 147: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L272 TraceCheckUtils]: 148: Hoare triple {32685#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L290 TraceCheckUtils]: 149: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:34,334 INFO L290 TraceCheckUtils]: 150: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32685#false} is VALID [2022-02-20 17:58:34,335 INFO L272 TraceCheckUtils]: 151: Hoare triple {32685#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {32685#false} is VALID [2022-02-20 17:58:34,335 INFO L290 TraceCheckUtils]: 152: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {32685#false} is VALID [2022-02-20 17:58:34,335 INFO L290 TraceCheckUtils]: 153: Hoare triple {32685#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {32685#false} is VALID [2022-02-20 17:58:34,335 INFO L290 TraceCheckUtils]: 154: Hoare triple {32685#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {32685#false} is VALID [2022-02-20 17:58:34,335 INFO L272 TraceCheckUtils]: 155: Hoare triple {32685#false} call setEmailFrom(~msg#1, ~tmp~9#1); {32812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:34,335 INFO L290 TraceCheckUtils]: 156: Hoare triple {32812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:34,335 INFO L290 TraceCheckUtils]: 157: Hoare triple {32684#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:34,335 INFO L290 TraceCheckUtils]: 158: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,335 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {32684#true} {32685#false} #1658#return; {32685#false} is VALID [2022-02-20 17:58:34,335 INFO L290 TraceCheckUtils]: 160: Hoare triple {32685#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {32685#false} is VALID [2022-02-20 17:58:34,336 INFO L272 TraceCheckUtils]: 161: Hoare triple {32685#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {32684#true} is VALID [2022-02-20 17:58:34,336 INFO L290 TraceCheckUtils]: 162: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~26; {32684#true} is VALID [2022-02-20 17:58:34,336 INFO L290 TraceCheckUtils]: 163: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {32684#true} is VALID [2022-02-20 17:58:34,336 INFO L290 TraceCheckUtils]: 164: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,336 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {32684#true} {32685#false} #1660#return; {32685#false} is VALID [2022-02-20 17:58:34,336 INFO L290 TraceCheckUtils]: 166: Hoare triple {32685#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {32685#false} is VALID [2022-02-20 17:58:34,336 INFO L290 TraceCheckUtils]: 167: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret68#1, incoming__role__Decrypt_#t~ret69#1, incoming__role__Decrypt_#t~ret70#1, incoming__role__Decrypt_#t~ret71#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~14#1, incoming__role__Decrypt_~tmp___0~4#1, incoming__role__Decrypt_~tmp___1~3#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~14#1;havoc incoming__role__Decrypt_~tmp___0~4#1;havoc incoming__role__Decrypt_~tmp___1~3#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {32685#false} is VALID [2022-02-20 17:58:34,336 INFO L272 TraceCheckUtils]: 168: Hoare triple {32685#false} call incoming__role__Decrypt_#t~ret68#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {32684#true} is VALID [2022-02-20 17:58:34,336 INFO L290 TraceCheckUtils]: 169: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~15; {32684#true} is VALID [2022-02-20 17:58:34,336 INFO L290 TraceCheckUtils]: 170: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {32684#true} is VALID [2022-02-20 17:58:34,337 INFO L290 TraceCheckUtils]: 171: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,337 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {32684#true} {32685#false} #1662#return; {32685#false} is VALID [2022-02-20 17:58:34,337 INFO L290 TraceCheckUtils]: 173: Hoare triple {32685#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret68#1 && incoming__role__Decrypt_#t~ret68#1 <= 2147483647;incoming__role__Decrypt_~tmp~14#1 := incoming__role__Decrypt_#t~ret68#1;havoc incoming__role__Decrypt_#t~ret68#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~14#1; {32685#false} is VALID [2022-02-20 17:58:34,337 INFO L290 TraceCheckUtils]: 174: Hoare triple {32685#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {32685#false} is VALID [2022-02-20 17:58:34,337 INFO L272 TraceCheckUtils]: 175: Hoare triple {32685#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {32685#false} is VALID [2022-02-20 17:58:34,337 INFO L290 TraceCheckUtils]: 176: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:34,337 INFO L290 TraceCheckUtils]: 177: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~tmp~19#1, verify_~tmp___0~5#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1; {32685#false} is VALID [2022-02-20 17:58:34,337 INFO L272 TraceCheckUtils]: 178: Hoare triple {32685#false} call verify_#t~ret79#1 := isReadable(verify_~msg#1); {32684#true} is VALID [2022-02-20 17:58:34,337 INFO L290 TraceCheckUtils]: 179: Hoare triple {32684#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {32684#true} is VALID [2022-02-20 17:58:34,338 INFO L290 TraceCheckUtils]: 180: Hoare triple {32684#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32684#true} is VALID [2022-02-20 17:58:34,338 INFO L272 TraceCheckUtils]: 181: Hoare triple {32684#true} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {32684#true} is VALID [2022-02-20 17:58:34,338 INFO L290 TraceCheckUtils]: 182: Hoare triple {32684#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {32684#true} is VALID [2022-02-20 17:58:34,338 INFO L290 TraceCheckUtils]: 183: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,338 INFO L284 TraceCheckUtils]: 184: Hoare quadruple {32684#true} {32684#true} #1812#return; {32684#true} is VALID [2022-02-20 17:58:34,338 INFO L290 TraceCheckUtils]: 185: Hoare triple {32684#true} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {32684#true} is VALID [2022-02-20 17:58:34,338 INFO L290 TraceCheckUtils]: 186: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,338 INFO L284 TraceCheckUtils]: 187: Hoare quadruple {32684#true} {32685#false} #1596#return; {32685#false} is VALID [2022-02-20 17:58:34,338 INFO L290 TraceCheckUtils]: 188: Hoare triple {32685#false} assume -2147483648 <= verify_#t~ret79#1 && verify_#t~ret79#1 <= 2147483647;verify_~tmp~19#1 := verify_#t~ret79#1;havoc verify_#t~ret79#1; {32685#false} is VALID [2022-02-20 17:58:34,338 INFO L290 TraceCheckUtils]: 189: Hoare triple {32685#false} assume !(0 != verify_~tmp~19#1); {32685#false} is VALID [2022-02-20 17:58:34,338 INFO L290 TraceCheckUtils]: 190: Hoare triple {32685#false} assume { :end_inline_verify } true; {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L272 TraceCheckUtils]: 191: Hoare triple {32685#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L290 TraceCheckUtils]: 192: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L290 TraceCheckUtils]: 193: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L272 TraceCheckUtils]: 194: Hoare triple {32685#false} call incoming__before__Forward(~client#1, ~msg#1); {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L290 TraceCheckUtils]: 195: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L290 TraceCheckUtils]: 196: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret66#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~12#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~12#1; {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L272 TraceCheckUtils]: 197: Hoare triple {32685#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L290 TraceCheckUtils]: 198: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {32685#false} is VALID [2022-02-20 17:58:34,339 INFO L272 TraceCheckUtils]: 199: Hoare triple {32685#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {32684#true} is VALID [2022-02-20 17:58:34,340 INFO L290 TraceCheckUtils]: 200: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~33; {32684#true} is VALID [2022-02-20 17:58:34,340 INFO L290 TraceCheckUtils]: 201: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {32684#true} is VALID [2022-02-20 17:58:34,340 INFO L290 TraceCheckUtils]: 202: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,340 INFO L284 TraceCheckUtils]: 203: Hoare quadruple {32684#true} {32685#false} #1708#return; {32685#false} is VALID [2022-02-20 17:58:34,340 INFO L290 TraceCheckUtils]: 204: Hoare triple {32685#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {32685#false} is VALID [2022-02-20 17:58:34,340 INFO L290 TraceCheckUtils]: 205: Hoare triple {32685#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {32685#false} is VALID [2022-02-20 17:58:34,340 INFO L272 TraceCheckUtils]: 206: Hoare triple {32685#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {32684#true} is VALID [2022-02-20 17:58:34,340 INFO L290 TraceCheckUtils]: 207: Hoare triple {32684#true} ~handle := #in~handle;havoc ~retValue_acc~25; {32684#true} is VALID [2022-02-20 17:58:34,340 INFO L290 TraceCheckUtils]: 208: Hoare triple {32684#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {32684#true} is VALID [2022-02-20 17:58:34,340 INFO L290 TraceCheckUtils]: 209: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,341 INFO L284 TraceCheckUtils]: 210: Hoare quadruple {32684#true} {32685#false} #1710#return; {32685#false} is VALID [2022-02-20 17:58:34,341 INFO L290 TraceCheckUtils]: 211: Hoare triple {32685#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {32685#false} is VALID [2022-02-20 17:58:34,341 INFO L272 TraceCheckUtils]: 212: Hoare triple {32685#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {32684#true} is VALID [2022-02-20 17:58:34,341 INFO L290 TraceCheckUtils]: 213: Hoare triple {32684#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {32684#true} is VALID [2022-02-20 17:58:34,341 INFO L290 TraceCheckUtils]: 214: Hoare triple {32684#true} assume 1 == ~handle; {32684#true} is VALID [2022-02-20 17:58:34,341 INFO L290 TraceCheckUtils]: 215: Hoare triple {32684#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {32684#true} is VALID [2022-02-20 17:58:34,341 INFO L290 TraceCheckUtils]: 216: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:34,341 INFO L284 TraceCheckUtils]: 217: Hoare quadruple {32684#true} {32685#false} #1712#return; {32685#false} is VALID [2022-02-20 17:58:34,341 INFO L290 TraceCheckUtils]: 218: Hoare triple {32685#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {32685#false} is VALID [2022-02-20 17:58:34,342 INFO L290 TraceCheckUtils]: 219: Hoare triple {32685#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {32685#false} is VALID [2022-02-20 17:58:34,342 INFO L290 TraceCheckUtils]: 220: Hoare triple {32685#false} assume !false; {32685#false} is VALID [2022-02-20 17:58:34,343 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 17:58:34,343 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:34,343 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1344398582] [2022-02-20 17:58:34,343 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1344398582] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:34,343 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [152158948] [2022-02-20 17:58:34,343 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:34,344 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:34,344 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:34,345 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:34,346 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:58:34,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,630 INFO L263 TraceCheckSpWp]: Trace formula consists of 1699 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:58:34,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,708 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:35,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {32684#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(36, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(16, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(12, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(18, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(21, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(25, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {32684#true} is VALID [2022-02-20 17:58:35,088 INFO L290 TraceCheckUtils]: 1: Hoare triple {32684#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret93#1, main_~retValue_acc~39#1, main_~tmp~21#1;havoc main_~retValue_acc~39#1;havoc main_~tmp~21#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {32684#true} is VALID [2022-02-20 17:58:35,088 INFO L290 TraceCheckUtils]: 2: Hoare triple {32684#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1, select_features_#t~ret35#1, select_features_#t~ret36#1; {32684#true} is VALID [2022-02-20 17:58:35,088 INFO L272 TraceCheckUtils]: 3: Hoare triple {32684#true} call select_features_#t~ret29#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:35,088 INFO L290 TraceCheckUtils]: 4: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:35,088 INFO L290 TraceCheckUtils]: 5: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,088 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {32684#true} {32684#true} #1736#return; {32684#true} is VALID [2022-02-20 17:58:35,088 INFO L290 TraceCheckUtils]: 7: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {32684#true} is VALID [2022-02-20 17:58:35,088 INFO L272 TraceCheckUtils]: 8: Hoare triple {32684#true} call select_features_#t~ret30#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 9: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 10: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {32684#true} {32684#true} #1738#return; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 12: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L272 TraceCheckUtils]: 13: Hoare triple {32684#true} call select_features_#t~ret31#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 14: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 15: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {32684#true} {32684#true} #1740#return; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 17: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L272 TraceCheckUtils]: 18: Hoare triple {32684#true} call select_features_#t~ret32#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 19: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 20: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {32684#true} {32684#true} #1742#return; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 22: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L272 TraceCheckUtils]: 23: Hoare triple {32684#true} call select_features_#t~ret33#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 24: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 25: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {32684#true} {32684#true} #1744#return; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 27: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L272 TraceCheckUtils]: 28: Hoare triple {32684#true} call select_features_#t~ret34#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 29: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:35,089 INFO L290 TraceCheckUtils]: 30: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {32684#true} {32684#true} #1746#return; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 32: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L272 TraceCheckUtils]: 33: Hoare triple {32684#true} call select_features_#t~ret35#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 34: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 35: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {32684#true} {32684#true} #1748#return; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 37: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret35#1 && select_features_#t~ret35#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret35#1;havoc select_features_#t~ret35#1;~__SELECTED_FEATURE_Verify~0 := 1; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L272 TraceCheckUtils]: 38: Hoare triple {32684#true} call select_features_#t~ret36#1 := select_one(); {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 39: Hoare triple {32684#true} havoc ~retValue_acc~4;assume -2147483648 <= #t~nondet28 && #t~nondet28 <= 2147483647;~choice~0 := #t~nondet28;havoc #t~nondet28;~retValue_acc~4 := ~choice~0;#res := ~retValue_acc~4; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 40: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {32684#true} {32684#true} #1750#return; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 42: Hoare triple {32684#true} assume -2147483648 <= select_features_#t~ret36#1 && select_features_#t~ret36#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret36#1;havoc select_features_#t~ret36#1; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 43: Hoare triple {32684#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1, valid_product_~tmp~3#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~tmp~3#1; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 44: Hoare triple {32684#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 45: Hoare triple {32684#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 46: Hoare triple {32684#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 47: Hoare triple {32684#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 48: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 49: Hoare triple {32684#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 50: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {32684#true} is VALID [2022-02-20 17:58:35,090 INFO L290 TraceCheckUtils]: 51: Hoare triple {32684#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 52: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 53: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~3#1 := 1; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 54: Hoare triple {32684#true} valid_product_~retValue_acc~5#1 := valid_product_~tmp~3#1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 55: Hoare triple {32684#true} main_#t~ret93#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret93#1 && main_#t~ret93#1 <= 2147483647;main_~tmp~21#1 := main_#t~ret93#1;havoc main_#t~ret93#1; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 56: Hoare triple {32684#true} assume 0 != main_~tmp~21#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet90#1, setup_#t~nondet91#1, setup_#t~nondet92#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 57: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L272 TraceCheckUtils]: 58: Hoare triple {32684#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 59: Hoare triple {32684#true} ~bob___0 := #in~bob___0; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L272 TraceCheckUtils]: 60: Hoare triple {32684#true} call setClientId(~bob___0, ~bob___0); {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 61: Hoare triple {32684#true} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 62: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 63: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {32684#true} {32684#true} #1734#return; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 65: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {32684#true} {32684#true} #1752#return; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L272 TraceCheckUtils]: 67: Hoare triple {32684#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 68: Hoare triple {32684#true} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 69: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 70: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {32684#true} {32684#true} #1754#return; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 72: Hoare triple {32684#true} assume { :end_inline_setup_bob__role__Keys } true; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 73: Hoare triple {32684#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet90#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {32684#true} is VALID [2022-02-20 17:58:35,091 INFO L290 TraceCheckUtils]: 74: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L272 TraceCheckUtils]: 75: Hoare triple {32684#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 76: Hoare triple {32684#true} ~rjh___0 := #in~rjh___0; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L272 TraceCheckUtils]: 77: Hoare triple {32684#true} call setClientId(~rjh___0, ~rjh___0); {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 78: Hoare triple {32684#true} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 79: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 80: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {32684#true} {32684#true} #1678#return; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 82: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {32684#true} {32684#true} #1758#return; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L272 TraceCheckUtils]: 84: Hoare triple {32684#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 85: Hoare triple {32684#true} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 86: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 87: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {32684#true} {32684#true} #1760#return; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 89: Hoare triple {32684#true} assume { :end_inline_setup_rjh__role__Keys } true; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 90: Hoare triple {32684#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet91#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {32684#true} is VALID [2022-02-20 17:58:35,092 INFO L290 TraceCheckUtils]: 91: Hoare triple {32684#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L272 TraceCheckUtils]: 92: Hoare triple {32684#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 93: Hoare triple {32684#true} ~chuck___0 := #in~chuck___0; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L272 TraceCheckUtils]: 94: Hoare triple {32684#true} call setClientId(~chuck___0, ~chuck___0); {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 95: Hoare triple {32684#true} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 96: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 97: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {32684#true} {32684#true} #1624#return; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 99: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {32684#true} {32684#true} #1764#return; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L272 TraceCheckUtils]: 101: Hoare triple {32684#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 102: Hoare triple {32684#true} ~handle := #in~handle;~value := #in~value; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 103: Hoare triple {32684#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 104: Hoare triple {32684#true} assume true; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {32684#true} {32684#true} #1766#return; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 106: Hoare triple {32684#true} assume { :end_inline_setup_chuck__role__Keys } true; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 107: Hoare triple {32684#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet92#1; {32684#true} is VALID [2022-02-20 17:58:35,093 INFO L290 TraceCheckUtils]: 108: Hoare triple {32684#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet39#1, test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {33144#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:35,094 INFO L290 TraceCheckUtils]: 109: Hoare triple {33144#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {33144#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:35,094 INFO L290 TraceCheckUtils]: 110: Hoare triple {33144#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {33144#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:35,094 INFO L290 TraceCheckUtils]: 111: Hoare triple {33144#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {33144#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:35,094 INFO L290 TraceCheckUtils]: 112: Hoare triple {33144#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {32685#false} is VALID [2022-02-20 17:58:35,095 INFO L290 TraceCheckUtils]: 113: Hoare triple {32685#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {32685#false} is VALID [2022-02-20 17:58:35,107 INFO L290 TraceCheckUtils]: 114: Hoare triple {32685#false} assume 0 != test_~tmp___8~0#1; {32685#false} is VALID [2022-02-20 17:58:35,107 INFO L290 TraceCheckUtils]: 115: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {32685#false} is VALID [2022-02-20 17:58:35,107 INFO L290 TraceCheckUtils]: 116: Hoare triple {32685#false} test_~op2~0#1 := 1; {32685#false} is VALID [2022-02-20 17:58:35,107 INFO L290 TraceCheckUtils]: 117: Hoare triple {32685#false} assume !false; {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L290 TraceCheckUtils]: 118: Hoare triple {32685#false} assume !(test_~splverifierCounter~0#1 < 4); {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L290 TraceCheckUtils]: 119: Hoare triple {32685#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret85#1, bobToRjh_#t~ret86#1, bobToRjh_#t~ret87#1, bobToRjh_#t~ret88#1, bobToRjh_~tmp~20#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~20#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret85#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret85#1 && bobToRjh_#t~ret85#1 <= 2147483647;havoc bobToRjh_#t~ret85#1; {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L272 TraceCheckUtils]: 120: Hoare triple {32685#false} call sendEmail(~bob~0, ~rjh~0); {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L290 TraceCheckUtils]: 121: Hoare triple {32685#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~44#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~44#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L272 TraceCheckUtils]: 122: Hoare triple {32685#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L290 TraceCheckUtils]: 123: Hoare triple {32685#false} ~handle := #in~handle;~value := #in~value; {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L290 TraceCheckUtils]: 124: Hoare triple {32685#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L290 TraceCheckUtils]: 125: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {32685#false} {32685#false} #1646#return; {32685#false} is VALID [2022-02-20 17:58:35,108 INFO L272 TraceCheckUtils]: 127: Hoare triple {32685#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L290 TraceCheckUtils]: 128: Hoare triple {32685#false} ~handle := #in~handle;~value := #in~value; {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L290 TraceCheckUtils]: 129: Hoare triple {32685#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L290 TraceCheckUtils]: 130: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {32685#false} {32685#false} #1648#return; {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L290 TraceCheckUtils]: 132: Hoare triple {32685#false} createEmail_~retValue_acc~44#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~44#1; {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L290 TraceCheckUtils]: 133: Hoare triple {32685#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~16#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~16#1; {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L272 TraceCheckUtils]: 134: Hoare triple {32685#false} call outgoing(~sender#1, ~email~0#1); {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L290 TraceCheckUtils]: 135: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L290 TraceCheckUtils]: 136: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret77#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~18#1; {32685#false} is VALID [2022-02-20 17:58:35,109 INFO L272 TraceCheckUtils]: 137: Hoare triple {32685#false} call sign_#t~ret77#1 := getClientPrivateKey(sign_~client#1); {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L290 TraceCheckUtils]: 138: Hoare triple {32685#false} ~handle := #in~handle;havoc ~retValue_acc~15; {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L290 TraceCheckUtils]: 139: Hoare triple {32685#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L290 TraceCheckUtils]: 140: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {32685#false} {32685#false} #1590#return; {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L290 TraceCheckUtils]: 142: Hoare triple {32685#false} assume -2147483648 <= sign_#t~ret77#1 && sign_#t~ret77#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret77#1;havoc sign_#t~ret77#1;sign_~privkey~1#1 := sign_~tmp~18#1; {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L290 TraceCheckUtils]: 143: Hoare triple {32685#false} assume 0 == sign_~privkey~1#1; {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L290 TraceCheckUtils]: 144: Hoare triple {32685#false} assume { :end_inline_sign } true; {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L272 TraceCheckUtils]: 145: Hoare triple {32685#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,110 INFO L290 TraceCheckUtils]: 146: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L290 TraceCheckUtils]: 147: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L272 TraceCheckUtils]: 148: Hoare triple {32685#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L290 TraceCheckUtils]: 149: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L290 TraceCheckUtils]: 150: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L272 TraceCheckUtils]: 151: Hoare triple {32685#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L290 TraceCheckUtils]: 152: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L290 TraceCheckUtils]: 153: Hoare triple {32685#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L290 TraceCheckUtils]: 154: Hoare triple {32685#false} #t~ret56#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret56#1 && #t~ret56#1 <= 2147483647;~tmp~9#1 := #t~ret56#1;havoc #t~ret56#1; {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L272 TraceCheckUtils]: 155: Hoare triple {32685#false} call setEmailFrom(~msg#1, ~tmp~9#1); {32685#false} is VALID [2022-02-20 17:58:35,111 INFO L290 TraceCheckUtils]: 156: Hoare triple {32685#false} ~handle := #in~handle;~value := #in~value; {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L290 TraceCheckUtils]: 157: Hoare triple {32685#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L290 TraceCheckUtils]: 158: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {32685#false} {32685#false} #1658#return; {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L290 TraceCheckUtils]: 160: Hoare triple {32685#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret54#1, mail_#t~ret55#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret54#1 := puts(18, 0);assume -2147483648 <= mail_#t~ret54#1 && mail_#t~ret54#1 <= 2147483647;havoc mail_#t~ret54#1; {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L272 TraceCheckUtils]: 161: Hoare triple {32685#false} call mail_#t~ret55#1 := getEmailTo(mail_~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L290 TraceCheckUtils]: 162: Hoare triple {32685#false} ~handle := #in~handle;havoc ~retValue_acc~26; {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L290 TraceCheckUtils]: 163: Hoare triple {32685#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L290 TraceCheckUtils]: 164: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,112 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {32685#false} {32685#false} #1660#return; {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L290 TraceCheckUtils]: 166: Hoare triple {32685#false} assume -2147483648 <= mail_#t~ret55#1 && mail_#t~ret55#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret55#1;havoc mail_#t~ret55#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L290 TraceCheckUtils]: 167: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret68#1, incoming__role__Decrypt_#t~ret69#1, incoming__role__Decrypt_#t~ret70#1, incoming__role__Decrypt_#t~ret71#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~14#1, incoming__role__Decrypt_~tmp___0~4#1, incoming__role__Decrypt_~tmp___1~3#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~14#1;havoc incoming__role__Decrypt_~tmp___0~4#1;havoc incoming__role__Decrypt_~tmp___1~3#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L272 TraceCheckUtils]: 168: Hoare triple {32685#false} call incoming__role__Decrypt_#t~ret68#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L290 TraceCheckUtils]: 169: Hoare triple {32685#false} ~handle := #in~handle;havoc ~retValue_acc~15; {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L290 TraceCheckUtils]: 170: Hoare triple {32685#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L290 TraceCheckUtils]: 171: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {32685#false} {32685#false} #1662#return; {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L290 TraceCheckUtils]: 173: Hoare triple {32685#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret68#1 && incoming__role__Decrypt_#t~ret68#1 <= 2147483647;incoming__role__Decrypt_~tmp~14#1 := incoming__role__Decrypt_#t~ret68#1;havoc incoming__role__Decrypt_#t~ret68#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~14#1; {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L290 TraceCheckUtils]: 174: Hoare triple {32685#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {32685#false} is VALID [2022-02-20 17:58:35,113 INFO L272 TraceCheckUtils]: 175: Hoare triple {32685#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L290 TraceCheckUtils]: 176: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L290 TraceCheckUtils]: 177: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~tmp~19#1, verify_~tmp___0~5#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1; {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L272 TraceCheckUtils]: 178: Hoare triple {32685#false} call verify_#t~ret79#1 := isReadable(verify_~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L290 TraceCheckUtils]: 179: Hoare triple {32685#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~42#1; {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L290 TraceCheckUtils]: 180: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L272 TraceCheckUtils]: 181: Hoare triple {32685#false} call #t~ret126#1 := isReadable__before__Encrypt(~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L290 TraceCheckUtils]: 182: Hoare triple {32685#false} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L290 TraceCheckUtils]: 183: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L284 TraceCheckUtils]: 184: Hoare quadruple {32685#false} {32685#false} #1812#return; {32685#false} is VALID [2022-02-20 17:58:35,114 INFO L290 TraceCheckUtils]: 185: Hoare triple {32685#false} assume -2147483648 <= #t~ret126#1 && #t~ret126#1 <= 2147483647;~retValue_acc~42#1 := #t~ret126#1;havoc #t~ret126#1;#res#1 := ~retValue_acc~42#1; {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L290 TraceCheckUtils]: 186: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L284 TraceCheckUtils]: 187: Hoare quadruple {32685#false} {32685#false} #1596#return; {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L290 TraceCheckUtils]: 188: Hoare triple {32685#false} assume -2147483648 <= verify_#t~ret79#1 && verify_#t~ret79#1 <= 2147483647;verify_~tmp~19#1 := verify_#t~ret79#1;havoc verify_#t~ret79#1; {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L290 TraceCheckUtils]: 189: Hoare triple {32685#false} assume !(0 != verify_~tmp~19#1); {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L290 TraceCheckUtils]: 190: Hoare triple {32685#false} assume { :end_inline_verify } true; {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L272 TraceCheckUtils]: 191: Hoare triple {32685#false} call incoming__before__Verify(incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L290 TraceCheckUtils]: 192: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L290 TraceCheckUtils]: 193: Hoare triple {32685#false} assume !(0 != ~__SELECTED_FEATURE_Forward~0); {32685#false} is VALID [2022-02-20 17:58:35,115 INFO L272 TraceCheckUtils]: 194: Hoare triple {32685#false} call incoming__before__Forward(~client#1, ~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L290 TraceCheckUtils]: 195: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L290 TraceCheckUtils]: 196: Hoare triple {32685#false} assume 0 != ~__SELECTED_FEATURE_AutoResponder~0;assume { :begin_inline_incoming__role__AutoResponder } true;incoming__role__AutoResponder_#in~client#1, incoming__role__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__AutoResponder_#t~ret66#1, incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1, incoming__role__AutoResponder_~tmp~12#1;incoming__role__AutoResponder_~client#1 := incoming__role__AutoResponder_#in~client#1;incoming__role__AutoResponder_~msg#1 := incoming__role__AutoResponder_#in~msg#1;havoc incoming__role__AutoResponder_~tmp~12#1; {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L272 TraceCheckUtils]: 197: Hoare triple {32685#false} call incoming__before__AutoResponder(incoming__role__AutoResponder_~client#1, incoming__role__AutoResponder_~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L290 TraceCheckUtils]: 198: Hoare triple {32685#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_deliver } true;deliver_#in~client#1, deliver_#in~msg#1 := ~client#1, ~msg#1;havoc deliver_#t~ret65#1, deliver_~client#1, deliver_~msg#1, deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;deliver_~client#1 := deliver_#in~client#1;deliver_~msg#1 := deliver_#in~msg#1;havoc deliver_~__utac__ad__arg1~0#1;havoc deliver_~__utac__ad__arg2~0#1;deliver_~__utac__ad__arg1~0#1 := deliver_~client#1;deliver_~__utac__ad__arg2~0#1 := deliver_~msg#1;assume { :begin_inline___utac_acc__VerifyForward_spec__1 } true;__utac_acc__VerifyForward_spec__1_#in~client#1, __utac_acc__VerifyForward_spec__1_#in~msg#1 := deliver_~__utac__ad__arg1~0#1, deliver_~__utac__ad__arg2~0#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1, __utac_acc__VerifyForward_spec__1_#t~ret51#1, __utac_acc__VerifyForward_spec__1_#t~ret52#1, __utac_acc__VerifyForward_spec__1_#t~ret53#1, __utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~msg#1, __utac_acc__VerifyForward_spec__1_~pubkey~0#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1, __utac_acc__VerifyForward_spec__1_~tmp___0~1#1, __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;__utac_acc__VerifyForward_spec__1_~client#1 := __utac_acc__VerifyForward_spec__1_#in~client#1;__utac_acc__VerifyForward_spec__1_~msg#1 := __utac_acc__VerifyForward_spec__1_#in~msg#1;havoc __utac_acc__VerifyForward_spec__1_~pubkey~0#1;havoc __utac_acc__VerifyForward_spec__1_~tmp~7#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___0~1#1;havoc __utac_acc__VerifyForward_spec__1_~tmp___1~1#1;call __utac_acc__VerifyForward_spec__1_#t~ret50#1 := puts(17, 0);assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret50#1 && __utac_acc__VerifyForward_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__VerifyForward_spec__1_#t~ret50#1; {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L272 TraceCheckUtils]: 199: Hoare triple {32685#false} call __utac_acc__VerifyForward_spec__1_#t~ret51#1 := isVerified(__utac_acc__VerifyForward_spec__1_~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L290 TraceCheckUtils]: 200: Hoare triple {32685#false} ~handle := #in~handle;havoc ~retValue_acc~33; {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L290 TraceCheckUtils]: 201: Hoare triple {32685#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSignatureVerified0~0;#res := ~retValue_acc~33; {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L290 TraceCheckUtils]: 202: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L284 TraceCheckUtils]: 203: Hoare quadruple {32685#false} {32685#false} #1708#return; {32685#false} is VALID [2022-02-20 17:58:35,116 INFO L290 TraceCheckUtils]: 204: Hoare triple {32685#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret51#1 && __utac_acc__VerifyForward_spec__1_#t~ret51#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___1~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret51#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret51#1; {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L290 TraceCheckUtils]: 205: Hoare triple {32685#false} assume 0 != __utac_acc__VerifyForward_spec__1_~tmp___1~1#1; {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L272 TraceCheckUtils]: 206: Hoare triple {32685#false} call __utac_acc__VerifyForward_spec__1_#t~ret52#1 := getEmailFrom(__utac_acc__VerifyForward_spec__1_~msg#1); {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L290 TraceCheckUtils]: 207: Hoare triple {32685#false} ~handle := #in~handle;havoc ~retValue_acc~25; {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L290 TraceCheckUtils]: 208: Hoare triple {32685#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_email_from0~0;#res := ~retValue_acc~25; {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L290 TraceCheckUtils]: 209: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L284 TraceCheckUtils]: 210: Hoare quadruple {32685#false} {32685#false} #1710#return; {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L290 TraceCheckUtils]: 211: Hoare triple {32685#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret52#1 && __utac_acc__VerifyForward_spec__1_#t~ret52#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp~7#1 := __utac_acc__VerifyForward_spec__1_#t~ret52#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret52#1; {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L272 TraceCheckUtils]: 212: Hoare triple {32685#false} call __utac_acc__VerifyForward_spec__1_#t~ret53#1 := findPublicKey(__utac_acc__VerifyForward_spec__1_~client#1, __utac_acc__VerifyForward_spec__1_~tmp~7#1); {32685#false} is VALID [2022-02-20 17:58:35,117 INFO L290 TraceCheckUtils]: 213: Hoare triple {32685#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {32685#false} is VALID [2022-02-20 17:58:35,118 INFO L290 TraceCheckUtils]: 214: Hoare triple {32685#false} assume 1 == ~handle; {32685#false} is VALID [2022-02-20 17:58:35,118 INFO L290 TraceCheckUtils]: 215: Hoare triple {32685#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {32685#false} is VALID [2022-02-20 17:58:35,118 INFO L290 TraceCheckUtils]: 216: Hoare triple {32685#false} assume true; {32685#false} is VALID [2022-02-20 17:58:35,118 INFO L284 TraceCheckUtils]: 217: Hoare quadruple {32685#false} {32685#false} #1712#return; {32685#false} is VALID [2022-02-20 17:58:35,118 INFO L290 TraceCheckUtils]: 218: Hoare triple {32685#false} assume -2147483648 <= __utac_acc__VerifyForward_spec__1_#t~ret53#1 && __utac_acc__VerifyForward_spec__1_#t~ret53#1 <= 2147483647;__utac_acc__VerifyForward_spec__1_~tmp___0~1#1 := __utac_acc__VerifyForward_spec__1_#t~ret53#1;havoc __utac_acc__VerifyForward_spec__1_#t~ret53#1;__utac_acc__VerifyForward_spec__1_~pubkey~0#1 := __utac_acc__VerifyForward_spec__1_~tmp___0~1#1; {32685#false} is VALID [2022-02-20 17:58:35,118 INFO L290 TraceCheckUtils]: 219: Hoare triple {32685#false} assume 0 == __utac_acc__VerifyForward_spec__1_~pubkey~0#1;assume { :begin_inline___automaton_fail } true; {32685#false} is VALID [2022-02-20 17:58:35,118 INFO L290 TraceCheckUtils]: 220: Hoare triple {32685#false} assume !false; {32685#false} is VALID [2022-02-20 17:58:35,119 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 116 trivial. 0 not checked. [2022-02-20 17:58:35,119 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:35,119 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [152158948] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:35,119 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:35,119 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 17:58:35,119 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1052193323] [2022-02-20 17:58:35,119 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:35,120 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 41.333333333333336) internal successors, (124), 3 states have internal predecessors, (124), 2 states have call successors, (37), 2 states have call predecessors, (37), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) Word has length 221 [2022-02-20 17:58:35,120 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:35,120 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 41.333333333333336) internal successors, (124), 3 states have internal predecessors, (124), 2 states have call successors, (37), 2 states have call predecessors, (37), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 17:58:35,224 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 189 edges. 189 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:35,225 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:35,225 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:35,227 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:35,227 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:35,227 INFO L87 Difference]: Start difference. First operand 602 states and 860 transitions. Second operand has 3 states, 3 states have (on average 41.333333333333336) internal successors, (124), 3 states have internal predecessors, (124), 2 states have call successors, (37), 2 states have call predecessors, (37), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 17:58:35,899 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:35,899 INFO L93 Difference]: Finished difference Result 1221 states and 1779 transitions. [2022-02-20 17:58:35,899 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:35,899 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 41.333333333333336) internal successors, (124), 3 states have internal predecessors, (124), 2 states have call successors, (37), 2 states have call predecessors, (37), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) Word has length 221 [2022-02-20 17:58:35,899 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:35,899 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 41.333333333333336) internal successors, (124), 3 states have internal predecessors, (124), 2 states have call successors, (37), 2 states have call predecessors, (37), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 17:58:35,913 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1773 transitions. [2022-02-20 17:58:35,913 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 41.333333333333336) internal successors, (124), 3 states have internal predecessors, (124), 2 states have call successors, (37), 2 states have call predecessors, (37), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 17:58:35,926 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1773 transitions. [2022-02-20 17:58:35,926 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1773 transitions. [2022-02-20 17:58:36,919 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1773 edges. 1773 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:36,940 INFO L225 Difference]: With dead ends: 1221 [2022-02-20 17:58:36,940 INFO L226 Difference]: Without dead ends: 700 [2022-02-20 17:58:36,941 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 282 GetRequests, 271 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:36,942 INFO L933 BasicCegarLoop]: 882 mSDtfsCounter, 165 mSDsluCounter, 807 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1689 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:36,942 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 1689 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:36,943 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 700 states.