./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec3_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec3_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 18d9c4eb49bcfbad00b16e4c52915ece2e20abb9b599480aaed1e3c1557875b0 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:58:49,256 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:58:49,258 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:58:49,292 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:58:49,293 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:58:49,295 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:58:49,296 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:58:49,298 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:58:49,300 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:58:49,303 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:58:49,304 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:58:49,305 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:58:49,305 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:58:49,307 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:58:49,308 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:58:49,310 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:58:49,311 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:58:49,311 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:58:49,313 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:58:49,317 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:58:49,318 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:58:49,318 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:58:49,320 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:58:49,320 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:58:49,325 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:58:49,325 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:58:49,325 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:58:49,327 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:58:49,327 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:58:49,328 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:58:49,328 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:58:49,328 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:58:49,329 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:58:49,330 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:58:49,331 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:58:49,331 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:58:49,332 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:58:49,332 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:58:49,332 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:58:49,332 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:58:49,333 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:58:49,333 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:58:49,355 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:58:49,355 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:58:49,356 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:58:49,356 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:58:49,357 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:58:49,357 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:58:49,357 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:58:49,357 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:58:49,357 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:58:49,358 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:58:49,358 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:58:49,358 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:58:49,358 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:58:49,359 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:58:49,359 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:58:49,359 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:58:49,359 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:58:49,359 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:58:49,359 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:58:49,359 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:58:49,360 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:58:49,360 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:58:49,360 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:58:49,360 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:58:49,360 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:49,360 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:58:49,360 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:58:49,361 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:58:49,361 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:58:49,362 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:58:49,362 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:58:49,362 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:58:49,362 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:58:49,362 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 18d9c4eb49bcfbad00b16e4c52915ece2e20abb9b599480aaed1e3c1557875b0 [2022-02-20 17:58:49,555 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:58:49,568 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:58:49,570 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:58:49,571 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:58:49,571 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:58:49,572 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec3_productSimulator.cil.c [2022-02-20 17:58:49,613 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e13a26f23/87e36967936e4cc687950595d40858fc/FLAG62392f486 [2022-02-20 17:58:50,089 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:58:50,090 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_productSimulator.cil.c [2022-02-20 17:58:50,117 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e13a26f23/87e36967936e4cc687950595d40858fc/FLAG62392f486 [2022-02-20 17:58:50,391 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e13a26f23/87e36967936e4cc687950595d40858fc [2022-02-20 17:58:50,393 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:58:50,394 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:58:50,395 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:50,395 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:58:50,397 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:58:50,398 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:50" (1/1) ... [2022-02-20 17:58:50,399 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@7683544e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:50, skipping insertion in model container [2022-02-20 17:58:50,399 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:50" (1/1) ... [2022-02-20 17:58:50,404 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:58:50,458 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:58:50,663 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_productSimulator.cil.c[9250,9263] [2022-02-20 17:58:50,921 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:50,941 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:58:50,964 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_productSimulator.cil.c[9250,9263] [2022-02-20 17:58:51,060 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:51,121 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:58:51,122 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51 WrapperNode [2022-02-20 17:58:51,122 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:51,123 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:51,123 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:58:51,123 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:58:51,130 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,184 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,258 INFO L137 Inliner]: procedures = 152, calls = 292, calls flagged for inlining = 67, calls inlined = 64, statements flattened = 1344 [2022-02-20 17:58:51,259 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:51,259 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:58:51,260 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:58:51,260 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:58:51,265 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,265 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,274 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,274 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,303 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,311 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,316 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,323 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:58:51,324 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:58:51,324 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:58:51,324 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:58:51,325 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (1/1) ... [2022-02-20 17:58:51,330 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:51,339 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:51,348 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:58:51,394 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:58:51,410 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:58:51,411 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:58:51,411 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 17:58:51,411 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 17:58:51,411 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 17:58:51,411 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 17:58:51,411 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:58:51,411 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:58:51,413 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:58:51,413 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:58:51,413 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:58:51,413 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:58:51,413 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:58:51,413 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:58:51,413 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 17:58:51,413 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 17:58:51,414 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:58:51,414 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:58:51,414 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 17:58:51,414 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 17:58:51,414 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:58:51,414 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:58:51,414 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:58:51,414 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:58:51,415 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:58:51,415 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:58:51,415 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 17:58:51,415 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 17:58:51,415 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 17:58:51,415 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 17:58:51,415 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:58:51,415 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:58:51,416 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:58:51,416 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:58:51,416 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:58:51,416 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:58:51,416 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:58:51,416 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 17:58:51,416 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 17:58:51,417 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:58:51,417 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:58:51,417 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 17:58:51,417 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 17:58:51,417 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:58:51,417 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:58:51,417 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 17:58:51,417 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 17:58:51,418 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:58:51,418 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:58:51,418 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:58:51,418 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:58:51,418 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:58:51,418 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 17:58:51,419 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 17:58:51,419 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 17:58:51,420 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 17:58:51,420 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 17:58:51,420 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 17:58:51,421 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:58:51,421 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:58:51,421 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:58:51,421 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:58:51,421 INFO L130 BoogieDeclarations]: Found specification of procedure __automaton_fail [2022-02-20 17:58:51,422 INFO L138 BoogieDeclarations]: Found implementation of procedure __automaton_fail [2022-02-20 17:58:51,422 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:58:51,422 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:58:51,422 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:58:51,422 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:58:51,422 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:58:51,422 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:58:51,422 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:58:51,422 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:58:51,423 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:58:51,423 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:58:51,423 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 17:58:51,423 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 17:58:51,423 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 17:58:51,424 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 17:58:51,424 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:58:51,424 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:58:51,424 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:58:51,424 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:58:51,424 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:58:51,424 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:58:51,424 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:58:51,425 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 17:58:51,425 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 17:58:51,425 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 17:58:51,425 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 17:58:51,425 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:58:51,425 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:58:51,425 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:58:51,426 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:58:51,591 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:58:51,593 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:58:52,517 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:58:52,534 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:58:52,534 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:58:52,536 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:52 BoogieIcfgContainer [2022-02-20 17:58:52,536 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:58:52,537 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:58:52,537 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:58:52,539 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:58:52,540 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:58:50" (1/3) ... [2022-02-20 17:58:52,540 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2e8ec9d0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:52, skipping insertion in model container [2022-02-20 17:58:52,541 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:51" (2/3) ... [2022-02-20 17:58:52,541 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2e8ec9d0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:52, skipping insertion in model container [2022-02-20 17:58:52,541 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:52" (3/3) ... [2022-02-20 17:58:52,545 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec3_productSimulator.cil.c [2022-02-20 17:58:52,549 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:58:52,549 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:58:52,594 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:58:52,599 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:58:52,599 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:58:52,626 INFO L276 IsEmpty]: Start isEmpty. Operand has 614 states, 453 states have (on average 1.5121412803532008) internal successors, (685), 475 states have internal predecessors, (685), 115 states have call successors, (115), 44 states have call predecessors, (115), 44 states have return successors, (115), 113 states have call predecessors, (115), 115 states have call successors, (115) [2022-02-20 17:58:52,658 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 153 [2022-02-20 17:58:52,658 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:52,659 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:52,659 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:52,663 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:52,663 INFO L85 PathProgramCache]: Analyzing trace with hash -1093087284, now seen corresponding path program 1 times [2022-02-20 17:58:52,669 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:52,669 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [501451299] [2022-02-20 17:58:52,669 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:52,670 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:52,831 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:58:52,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:52,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,925 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {617#true} #1754#return; {617#true} is VALID [2022-02-20 17:58:52,926 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:58:52,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:52,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,932 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {617#true} #1756#return; {617#true} is VALID [2022-02-20 17:58:52,932 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:58:52,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,937 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:52,937 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,937 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {617#true} #1758#return; {617#true} is VALID [2022-02-20 17:58:52,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:52,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:52,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,942 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {617#true} #1760#return; {617#true} is VALID [2022-02-20 17:58:52,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:58:52,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,947 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:52,947 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,947 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {617#true} #1762#return; {617#true} is VALID [2022-02-20 17:58:52,947 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:58:52,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,951 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:52,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,952 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {617#true} #1764#return; {617#true} is VALID [2022-02-20 17:58:52,952 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:58:52,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,956 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:52,956 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,957 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {617#true} #1766#return; {617#true} is VALID [2022-02-20 17:58:52,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:52,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,961 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:52,961 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,962 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {617#true} #1768#return; {617#true} is VALID [2022-02-20 17:58:52,974 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:58:52,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:52,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:52,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:52,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,983 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {617#true} #1752#return; {617#true} is VALID [2022-02-20 17:58:52,983 INFO L290 TraceCheckUtils]: 0: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {617#true} is VALID [2022-02-20 17:58:52,984 INFO L272 TraceCheckUtils]: 1: Hoare triple {617#true} call setClientId(~bob___0, ~bob___0); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:52,984 INFO L290 TraceCheckUtils]: 2: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:52,984 INFO L290 TraceCheckUtils]: 3: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:52,984 INFO L290 TraceCheckUtils]: 4: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,985 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {617#true} {617#true} #1752#return; {617#true} is VALID [2022-02-20 17:58:52,985 INFO L290 TraceCheckUtils]: 6: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,985 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {617#true} {617#true} #1774#return; {617#true} is VALID [2022-02-20 17:58:52,985 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:52,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,990 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:52,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,993 INFO L290 TraceCheckUtils]: 0: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:52,993 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:52,993 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,993 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {617#true} #1704#return; {617#true} is VALID [2022-02-20 17:58:52,993 INFO L290 TraceCheckUtils]: 0: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {617#true} is VALID [2022-02-20 17:58:52,994 INFO L272 TraceCheckUtils]: 1: Hoare triple {617#true} call setClientId(~rjh___0, ~rjh___0); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:52,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:52,995 INFO L290 TraceCheckUtils]: 3: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:52,995 INFO L290 TraceCheckUtils]: 4: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,995 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {617#true} {617#true} #1704#return; {617#true} is VALID [2022-02-20 17:58:52,995 INFO L290 TraceCheckUtils]: 6: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:52,995 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {617#true} {617#true} #1780#return; {617#true} is VALID [2022-02-20 17:58:52,996 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:58:52,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:53,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,003 INFO L290 TraceCheckUtils]: 0: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,004 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,004 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,004 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {617#true} #1648#return; {617#true} is VALID [2022-02-20 17:58:53,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {617#true} is VALID [2022-02-20 17:58:53,005 INFO L272 TraceCheckUtils]: 1: Hoare triple {617#true} call setClientId(~chuck___0, ~chuck___0); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:53,005 INFO L290 TraceCheckUtils]: 2: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,005 INFO L290 TraceCheckUtils]: 3: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,006 INFO L290 TraceCheckUtils]: 4: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,006 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {617#true} {617#true} #1648#return; {617#true} is VALID [2022-02-20 17:58:53,006 INFO L290 TraceCheckUtils]: 6: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,006 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {617#true} {617#true} #1786#return; {617#true} is VALID [2022-02-20 17:58:53,010 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:58:53,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,013 INFO L290 TraceCheckUtils]: 0: Hoare triple {709#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,013 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,013 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,014 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {618#false} #1670#return; {618#false} is VALID [2022-02-20 17:58:53,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:53,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {710#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,021 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,022 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {618#false} #1672#return; {618#false} is VALID [2022-02-20 17:58:53,022 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:58:53,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {709#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,025 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {618#false} #1682#return; {618#false} is VALID [2022-02-20 17:58:53,026 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:58:53,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,028 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} ~handle := #in~handle;havoc ~retValue_acc~24; {617#true} is VALID [2022-02-20 17:58:53,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {617#true} is VALID [2022-02-20 17:58:53,029 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,029 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {618#false} #1684#return; {618#false} is VALID [2022-02-20 17:58:53,029 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:58:53,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} ~handle := #in~handle;havoc ~retValue_acc~19; {617#true} is VALID [2022-02-20 17:58:53,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {617#true} is VALID [2022-02-20 17:58:53,033 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,033 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {618#false} #1686#return; {618#false} is VALID [2022-02-20 17:58:53,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 17:58:53,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} ~handle := #in~handle;havoc ~retValue_acc~18; {617#true} is VALID [2022-02-20 17:58:53,036 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {617#true} is VALID [2022-02-20 17:58:53,036 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,036 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {617#true} {618#false} #1608#return; {618#false} is VALID [2022-02-20 17:58:53,037 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:58:53,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:53,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {617#true} is VALID [2022-02-20 17:58:53,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume 1 == ~handle; {617#true} is VALID [2022-02-20 17:58:53,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {617#true} is VALID [2022-02-20 17:58:53,040 INFO L290 TraceCheckUtils]: 3: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,040 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {617#true} {618#false} #1610#return; {618#false} is VALID [2022-02-20 17:58:53,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {617#true} is VALID [2022-02-20 17:58:53,041 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {617#true} is VALID [2022-02-20 17:58:53,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {617#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {617#true} is VALID [2022-02-20 17:58:53,042 INFO L272 TraceCheckUtils]: 3: Hoare triple {617#true} call select_features_#t~ret27#1 := select_one(); {617#true} is VALID [2022-02-20 17:58:53,042 INFO L290 TraceCheckUtils]: 4: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:53,042 INFO L290 TraceCheckUtils]: 5: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,042 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {617#true} {617#true} #1754#return; {617#true} is VALID [2022-02-20 17:58:53,043 INFO L290 TraceCheckUtils]: 7: Hoare triple {617#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {617#true} is VALID [2022-02-20 17:58:53,043 INFO L272 TraceCheckUtils]: 8: Hoare triple {617#true} call select_features_#t~ret28#1 := select_one(); {617#true} is VALID [2022-02-20 17:58:53,043 INFO L290 TraceCheckUtils]: 9: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:53,043 INFO L290 TraceCheckUtils]: 10: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,043 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {617#true} {617#true} #1756#return; {617#true} is VALID [2022-02-20 17:58:53,043 INFO L290 TraceCheckUtils]: 12: Hoare triple {617#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {617#true} is VALID [2022-02-20 17:58:53,044 INFO L272 TraceCheckUtils]: 13: Hoare triple {617#true} call select_features_#t~ret29#1 := select_one(); {617#true} is VALID [2022-02-20 17:58:53,044 INFO L290 TraceCheckUtils]: 14: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:53,044 INFO L290 TraceCheckUtils]: 15: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,044 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {617#true} {617#true} #1758#return; {617#true} is VALID [2022-02-20 17:58:53,044 INFO L290 TraceCheckUtils]: 17: Hoare triple {617#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {617#true} is VALID [2022-02-20 17:58:53,045 INFO L272 TraceCheckUtils]: 18: Hoare triple {617#true} call select_features_#t~ret30#1 := select_one(); {617#true} is VALID [2022-02-20 17:58:53,045 INFO L290 TraceCheckUtils]: 19: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:53,045 INFO L290 TraceCheckUtils]: 20: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,045 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {617#true} {617#true} #1760#return; {617#true} is VALID [2022-02-20 17:58:53,045 INFO L290 TraceCheckUtils]: 22: Hoare triple {617#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {617#true} is VALID [2022-02-20 17:58:53,046 INFO L272 TraceCheckUtils]: 23: Hoare triple {617#true} call select_features_#t~ret31#1 := select_one(); {617#true} is VALID [2022-02-20 17:58:53,046 INFO L290 TraceCheckUtils]: 24: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:53,046 INFO L290 TraceCheckUtils]: 25: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,046 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {617#true} {617#true} #1762#return; {617#true} is VALID [2022-02-20 17:58:53,046 INFO L290 TraceCheckUtils]: 27: Hoare triple {617#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {617#true} is VALID [2022-02-20 17:58:53,046 INFO L272 TraceCheckUtils]: 28: Hoare triple {617#true} call select_features_#t~ret32#1 := select_one(); {617#true} is VALID [2022-02-20 17:58:53,047 INFO L290 TraceCheckUtils]: 29: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:53,047 INFO L290 TraceCheckUtils]: 30: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,047 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {617#true} {617#true} #1764#return; {617#true} is VALID [2022-02-20 17:58:53,047 INFO L290 TraceCheckUtils]: 32: Hoare triple {617#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {617#true} is VALID [2022-02-20 17:58:53,047 INFO L272 TraceCheckUtils]: 33: Hoare triple {617#true} call select_features_#t~ret33#1 := select_one(); {617#true} is VALID [2022-02-20 17:58:53,048 INFO L290 TraceCheckUtils]: 34: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:53,048 INFO L290 TraceCheckUtils]: 35: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,048 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {617#true} {617#true} #1766#return; {617#true} is VALID [2022-02-20 17:58:53,048 INFO L290 TraceCheckUtils]: 37: Hoare triple {617#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {617#true} is VALID [2022-02-20 17:58:53,048 INFO L272 TraceCheckUtils]: 38: Hoare triple {617#true} call select_features_#t~ret34#1 := select_one(); {617#true} is VALID [2022-02-20 17:58:53,048 INFO L290 TraceCheckUtils]: 39: Hoare triple {617#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 17:58:53,049 INFO L290 TraceCheckUtils]: 40: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,049 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {617#true} {617#true} #1768#return; {617#true} is VALID [2022-02-20 17:58:53,049 INFO L290 TraceCheckUtils]: 42: Hoare triple {617#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {617#true} is VALID [2022-02-20 17:58:53,049 INFO L290 TraceCheckUtils]: 43: Hoare triple {617#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {617#true} is VALID [2022-02-20 17:58:53,049 INFO L290 TraceCheckUtils]: 44: Hoare triple {617#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {617#true} is VALID [2022-02-20 17:58:53,050 INFO L290 TraceCheckUtils]: 45: Hoare triple {617#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~5#1 := 0; {617#true} is VALID [2022-02-20 17:58:53,050 INFO L290 TraceCheckUtils]: 46: Hoare triple {617#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {617#true} is VALID [2022-02-20 17:58:53,050 INFO L290 TraceCheckUtils]: 47: Hoare triple {617#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {617#true} is VALID [2022-02-20 17:58:53,050 INFO L290 TraceCheckUtils]: 48: Hoare triple {617#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {617#true} is VALID [2022-02-20 17:58:53,050 INFO L290 TraceCheckUtils]: 49: Hoare triple {617#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {617#true} is VALID [2022-02-20 17:58:53,051 INFO L272 TraceCheckUtils]: 50: Hoare triple {617#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:53,051 INFO L290 TraceCheckUtils]: 51: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {617#true} is VALID [2022-02-20 17:58:53,052 INFO L272 TraceCheckUtils]: 52: Hoare triple {617#true} call setClientId(~bob___0, ~bob___0); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:53,052 INFO L290 TraceCheckUtils]: 53: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,052 INFO L290 TraceCheckUtils]: 54: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,053 INFO L290 TraceCheckUtils]: 55: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,053 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {617#true} {617#true} #1752#return; {617#true} is VALID [2022-02-20 17:58:53,053 INFO L290 TraceCheckUtils]: 57: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,053 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {617#true} {617#true} #1774#return; {617#true} is VALID [2022-02-20 17:58:53,053 INFO L290 TraceCheckUtils]: 59: Hoare triple {617#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {617#true} is VALID [2022-02-20 17:58:53,054 INFO L290 TraceCheckUtils]: 60: Hoare triple {617#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {617#true} is VALID [2022-02-20 17:58:53,054 INFO L272 TraceCheckUtils]: 61: Hoare triple {617#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:53,054 INFO L290 TraceCheckUtils]: 62: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {617#true} is VALID [2022-02-20 17:58:53,055 INFO L272 TraceCheckUtils]: 63: Hoare triple {617#true} call setClientId(~rjh___0, ~rjh___0); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:53,055 INFO L290 TraceCheckUtils]: 64: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,056 INFO L290 TraceCheckUtils]: 65: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,056 INFO L290 TraceCheckUtils]: 66: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,056 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {617#true} {617#true} #1704#return; {617#true} is VALID [2022-02-20 17:58:53,056 INFO L290 TraceCheckUtils]: 68: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,056 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {617#true} {617#true} #1780#return; {617#true} is VALID [2022-02-20 17:58:53,056 INFO L290 TraceCheckUtils]: 70: Hoare triple {617#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {617#true} is VALID [2022-02-20 17:58:53,057 INFO L290 TraceCheckUtils]: 71: Hoare triple {617#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {617#true} is VALID [2022-02-20 17:58:53,057 INFO L272 TraceCheckUtils]: 72: Hoare triple {617#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:53,058 INFO L290 TraceCheckUtils]: 73: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {617#true} is VALID [2022-02-20 17:58:53,058 INFO L272 TraceCheckUtils]: 74: Hoare triple {617#true} call setClientId(~chuck___0, ~chuck___0); {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:53,058 INFO L290 TraceCheckUtils]: 75: Hoare triple {696#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,059 INFO L290 TraceCheckUtils]: 76: Hoare triple {617#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,059 INFO L290 TraceCheckUtils]: 77: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,059 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {617#true} {617#true} #1648#return; {617#true} is VALID [2022-02-20 17:58:53,059 INFO L290 TraceCheckUtils]: 79: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,059 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {617#true} {617#true} #1786#return; {617#true} is VALID [2022-02-20 17:58:53,059 INFO L290 TraceCheckUtils]: 81: Hoare triple {617#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {617#true} is VALID [2022-02-20 17:58:53,060 INFO L290 TraceCheckUtils]: 82: Hoare triple {617#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {617#true} is VALID [2022-02-20 17:58:53,060 INFO L290 TraceCheckUtils]: 83: Hoare triple {617#true} assume false; {618#false} is VALID [2022-02-20 17:58:53,060 INFO L290 TraceCheckUtils]: 84: Hoare triple {618#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {618#false} is VALID [2022-02-20 17:58:53,061 INFO L272 TraceCheckUtils]: 85: Hoare triple {618#false} call sendEmail(~bob~0, ~rjh~0); {618#false} is VALID [2022-02-20 17:58:53,061 INFO L290 TraceCheckUtils]: 86: Hoare triple {618#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {618#false} is VALID [2022-02-20 17:58:53,061 INFO L272 TraceCheckUtils]: 87: Hoare triple {618#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {709#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:53,061 INFO L290 TraceCheckUtils]: 88: Hoare triple {709#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,061 INFO L290 TraceCheckUtils]: 89: Hoare triple {617#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,062 INFO L290 TraceCheckUtils]: 90: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,062 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {617#true} {618#false} #1670#return; {618#false} is VALID [2022-02-20 17:58:53,062 INFO L272 TraceCheckUtils]: 92: Hoare triple {618#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {710#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:53,062 INFO L290 TraceCheckUtils]: 93: Hoare triple {710#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,062 INFO L290 TraceCheckUtils]: 94: Hoare triple {617#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,062 INFO L290 TraceCheckUtils]: 95: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,063 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {617#true} {618#false} #1672#return; {618#false} is VALID [2022-02-20 17:58:53,063 INFO L290 TraceCheckUtils]: 97: Hoare triple {618#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {618#false} is VALID [2022-02-20 17:58:53,063 INFO L290 TraceCheckUtils]: 98: Hoare triple {618#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {618#false} is VALID [2022-02-20 17:58:53,063 INFO L272 TraceCheckUtils]: 99: Hoare triple {618#false} call outgoing(~sender#1, ~email~0#1); {618#false} is VALID [2022-02-20 17:58:53,063 INFO L290 TraceCheckUtils]: 100: Hoare triple {618#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {618#false} is VALID [2022-02-20 17:58:53,064 INFO L290 TraceCheckUtils]: 101: Hoare triple {618#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {618#false} is VALID [2022-02-20 17:58:53,064 INFO L272 TraceCheckUtils]: 102: Hoare triple {618#false} call outgoing__before__Sign(~client#1, ~msg#1); {618#false} is VALID [2022-02-20 17:58:53,064 INFO L290 TraceCheckUtils]: 103: Hoare triple {618#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {618#false} is VALID [2022-02-20 17:58:53,064 INFO L290 TraceCheckUtils]: 104: Hoare triple {618#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {618#false} is VALID [2022-02-20 17:58:53,064 INFO L272 TraceCheckUtils]: 105: Hoare triple {618#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {618#false} is VALID [2022-02-20 17:58:53,064 INFO L290 TraceCheckUtils]: 106: Hoare triple {618#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {618#false} is VALID [2022-02-20 17:58:53,065 INFO L290 TraceCheckUtils]: 107: Hoare triple {618#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {618#false} is VALID [2022-02-20 17:58:53,065 INFO L272 TraceCheckUtils]: 108: Hoare triple {618#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {618#false} is VALID [2022-02-20 17:58:53,065 INFO L290 TraceCheckUtils]: 109: Hoare triple {618#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {618#false} is VALID [2022-02-20 17:58:53,065 INFO L290 TraceCheckUtils]: 110: Hoare triple {618#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {618#false} is VALID [2022-02-20 17:58:53,065 INFO L290 TraceCheckUtils]: 111: Hoare triple {618#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {618#false} is VALID [2022-02-20 17:58:53,065 INFO L272 TraceCheckUtils]: 112: Hoare triple {618#false} call setEmailFrom(~msg#1, ~tmp~10#1); {709#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:53,066 INFO L290 TraceCheckUtils]: 113: Hoare triple {709#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {617#true} is VALID [2022-02-20 17:58:53,066 INFO L290 TraceCheckUtils]: 114: Hoare triple {617#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {617#true} is VALID [2022-02-20 17:58:53,066 INFO L290 TraceCheckUtils]: 115: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,066 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {617#true} {618#false} #1682#return; {618#false} is VALID [2022-02-20 17:58:53,066 INFO L290 TraceCheckUtils]: 117: Hoare triple {618#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {618#false} is VALID [2022-02-20 17:58:53,067 INFO L272 TraceCheckUtils]: 118: Hoare triple {618#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {617#true} is VALID [2022-02-20 17:58:53,067 INFO L290 TraceCheckUtils]: 119: Hoare triple {617#true} ~handle := #in~handle;havoc ~retValue_acc~24; {617#true} is VALID [2022-02-20 17:58:53,067 INFO L290 TraceCheckUtils]: 120: Hoare triple {617#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {617#true} is VALID [2022-02-20 17:58:53,067 INFO L290 TraceCheckUtils]: 121: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,067 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {617#true} {618#false} #1684#return; {618#false} is VALID [2022-02-20 17:58:53,067 INFO L290 TraceCheckUtils]: 123: Hoare triple {618#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {618#false} is VALID [2022-02-20 17:58:53,068 INFO L290 TraceCheckUtils]: 124: Hoare triple {618#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {618#false} is VALID [2022-02-20 17:58:53,068 INFO L272 TraceCheckUtils]: 125: Hoare triple {618#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {617#true} is VALID [2022-02-20 17:58:53,068 INFO L290 TraceCheckUtils]: 126: Hoare triple {617#true} ~handle := #in~handle;havoc ~retValue_acc~19; {617#true} is VALID [2022-02-20 17:58:53,068 INFO L290 TraceCheckUtils]: 127: Hoare triple {617#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {617#true} is VALID [2022-02-20 17:58:53,068 INFO L290 TraceCheckUtils]: 128: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,068 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {617#true} {618#false} #1686#return; {618#false} is VALID [2022-02-20 17:58:53,069 INFO L290 TraceCheckUtils]: 130: Hoare triple {618#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {618#false} is VALID [2022-02-20 17:58:53,069 INFO L290 TraceCheckUtils]: 131: Hoare triple {618#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {618#false} is VALID [2022-02-20 17:58:53,069 INFO L272 TraceCheckUtils]: 132: Hoare triple {618#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {618#false} is VALID [2022-02-20 17:58:53,069 INFO L290 TraceCheckUtils]: 133: Hoare triple {618#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {618#false} is VALID [2022-02-20 17:58:53,069 INFO L290 TraceCheckUtils]: 134: Hoare triple {618#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {618#false} is VALID [2022-02-20 17:58:53,070 INFO L290 TraceCheckUtils]: 135: Hoare triple {618#false} assume 1 == ~sent_signed~0; {618#false} is VALID [2022-02-20 17:58:53,070 INFO L272 TraceCheckUtils]: 136: Hoare triple {618#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {617#true} is VALID [2022-02-20 17:58:53,070 INFO L290 TraceCheckUtils]: 137: Hoare triple {617#true} ~handle := #in~handle;havoc ~retValue_acc~18; {617#true} is VALID [2022-02-20 17:58:53,070 INFO L290 TraceCheckUtils]: 138: Hoare triple {617#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {617#true} is VALID [2022-02-20 17:58:53,070 INFO L290 TraceCheckUtils]: 139: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,070 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {617#true} {618#false} #1608#return; {618#false} is VALID [2022-02-20 17:58:53,071 INFO L290 TraceCheckUtils]: 141: Hoare triple {618#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {618#false} is VALID [2022-02-20 17:58:53,071 INFO L272 TraceCheckUtils]: 142: Hoare triple {618#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {617#true} is VALID [2022-02-20 17:58:53,076 INFO L290 TraceCheckUtils]: 143: Hoare triple {617#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {617#true} is VALID [2022-02-20 17:58:53,076 INFO L290 TraceCheckUtils]: 144: Hoare triple {617#true} assume 1 == ~handle; {617#true} is VALID [2022-02-20 17:58:53,076 INFO L290 TraceCheckUtils]: 145: Hoare triple {617#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {617#true} is VALID [2022-02-20 17:58:53,076 INFO L290 TraceCheckUtils]: 146: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 17:58:53,077 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {617#true} {618#false} #1610#return; {618#false} is VALID [2022-02-20 17:58:53,077 INFO L290 TraceCheckUtils]: 148: Hoare triple {618#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {618#false} is VALID [2022-02-20 17:58:53,077 INFO L290 TraceCheckUtils]: 149: Hoare triple {618#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {618#false} is VALID [2022-02-20 17:58:53,077 INFO L272 TraceCheckUtils]: 150: Hoare triple {618#false} call __automaton_fail(); {618#false} is VALID [2022-02-20 17:58:53,077 INFO L290 TraceCheckUtils]: 151: Hoare triple {618#false} assume !false; {618#false} is VALID [2022-02-20 17:58:53,078 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:58:53,079 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:53,079 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [501451299] [2022-02-20 17:58:53,080 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [501451299] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:53,080 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:53,080 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 17:58:53,081 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [484385866] [2022-02-20 17:58:53,083 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:53,087 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 152 [2022-02-20 17:58:53,090 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:53,094 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:53,209 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 129 edges. 129 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:53,209 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:53,209 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:53,225 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:53,225 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 17:58:53,230 INFO L87 Difference]: Start difference. First operand has 614 states, 453 states have (on average 1.5121412803532008) internal successors, (685), 475 states have internal predecessors, (685), 115 states have call successors, (115), 44 states have call predecessors, (115), 44 states have return successors, (115), 113 states have call predecessors, (115), 115 states have call successors, (115) Second operand has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:56,730 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:56,730 INFO L93 Difference]: Finished difference Result 1093 states and 1654 transitions. [2022-02-20 17:58:56,730 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:58:56,731 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 152 [2022-02-20 17:58:56,731 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:56,732 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:56,768 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1654 transitions. [2022-02-20 17:58:56,770 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:56,815 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1654 transitions. [2022-02-20 17:58:56,815 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1654 transitions. [2022-02-20 17:58:57,956 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1654 edges. 1654 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:58,047 INFO L225 Difference]: With dead ends: 1093 [2022-02-20 17:58:58,047 INFO L226 Difference]: Without dead ends: 741 [2022-02-20 17:58:58,052 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:58,055 INFO L933 BasicCegarLoop]: 925 mSDtfsCounter, 1374 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 513 mSolverCounterSat, 649 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1380 SdHoareTripleChecker+Valid, 1639 SdHoareTripleChecker+Invalid, 1162 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 649 IncrementalHoareTripleChecker+Valid, 513 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:58,056 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1380 Valid, 1639 Invalid, 1162 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [649 Valid, 513 Invalid, 0 Unknown, 0 Unchecked, 1.3s Time] [2022-02-20 17:58:58,068 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 741 states. [2022-02-20 17:58:58,122 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 741 to 606. [2022-02-20 17:58:58,122 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:58,125 INFO L82 GeneralOperation]: Start isEquivalent. First operand 741 states. Second operand has 606 states, 447 states have (on average 1.5078299776286352) internal successors, (674), 467 states have internal predecessors, (674), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:58:58,128 INFO L74 IsIncluded]: Start isIncluded. First operand 741 states. Second operand has 606 states, 447 states have (on average 1.5078299776286352) internal successors, (674), 467 states have internal predecessors, (674), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:58:58,130 INFO L87 Difference]: Start difference. First operand 741 states. Second operand has 606 states, 447 states have (on average 1.5078299776286352) internal successors, (674), 467 states have internal predecessors, (674), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:58:58,164 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:58,165 INFO L93 Difference]: Finished difference Result 741 states and 1132 transitions. [2022-02-20 17:58:58,165 INFO L276 IsEmpty]: Start isEmpty. Operand 741 states and 1132 transitions. [2022-02-20 17:58:58,169 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:58,169 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:58,172 INFO L74 IsIncluded]: Start isIncluded. First operand has 606 states, 447 states have (on average 1.5078299776286352) internal successors, (674), 467 states have internal predecessors, (674), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) Second operand 741 states. [2022-02-20 17:58:58,173 INFO L87 Difference]: Start difference. First operand has 606 states, 447 states have (on average 1.5078299776286352) internal successors, (674), 467 states have internal predecessors, (674), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) Second operand 741 states. [2022-02-20 17:58:58,207 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:58,208 INFO L93 Difference]: Finished difference Result 741 states and 1132 transitions. [2022-02-20 17:58:58,208 INFO L276 IsEmpty]: Start isEmpty. Operand 741 states and 1132 transitions. [2022-02-20 17:58:58,211 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:58,211 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:58,211 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:58,211 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:58,213 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 606 states, 447 states have (on average 1.5078299776286352) internal successors, (674), 467 states have internal predecessors, (674), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:58:58,239 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 606 states to 606 states and 901 transitions. [2022-02-20 17:58:58,241 INFO L78 Accepts]: Start accepts. Automaton has 606 states and 901 transitions. Word has length 152 [2022-02-20 17:58:58,241 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:58,242 INFO L470 AbstractCegarLoop]: Abstraction has 606 states and 901 transitions. [2022-02-20 17:58:58,242 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:58,242 INFO L276 IsEmpty]: Start isEmpty. Operand 606 states and 901 transitions. [2022-02-20 17:58:58,246 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 154 [2022-02-20 17:58:58,246 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:58,246 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:58,247 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 17:58:58,247 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:58,248 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:58,248 INFO L85 PathProgramCache]: Analyzing trace with hash -1753524556, now seen corresponding path program 1 times [2022-02-20 17:58:58,248 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:58,248 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1153859377] [2022-02-20 17:58:58,248 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:58,248 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:58,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,352 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:58:58,355 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,358 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,358 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4584#true} {4584#true} #1754#return; {4584#true} is VALID [2022-02-20 17:58:58,358 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:58:58,360 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,362 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,363 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4584#true} {4584#true} #1756#return; {4584#true} is VALID [2022-02-20 17:58:58,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:58:58,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,367 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,367 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,367 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4584#true} {4584#true} #1758#return; {4584#true} is VALID [2022-02-20 17:58:58,368 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:58,369 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,372 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,372 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,372 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4584#true} {4584#true} #1760#return; {4584#true} is VALID [2022-02-20 17:58:58,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:58:58,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,377 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4584#true} {4584#true} #1762#return; {4584#true} is VALID [2022-02-20 17:58:58,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:58:58,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,381 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,381 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,382 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4584#true} {4584#true} #1764#return; {4584#true} is VALID [2022-02-20 17:58:58,382 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:58:58,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,387 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,387 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4584#true} {4584#true} #1766#return; {4584#true} is VALID [2022-02-20 17:58:58,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:58,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,392 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,392 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4584#true} {4584#true} #1768#return; {4584#true} is VALID [2022-02-20 17:58:58,397 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 17:58:58,437 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,440 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:58,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,446 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,447 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,447 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,447 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4584#true} #1752#return; {4584#true} is VALID [2022-02-20 17:58:58,447 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4584#true} is VALID [2022-02-20 17:58:58,448 INFO L272 TraceCheckUtils]: 1: Hoare triple {4584#true} call setClientId(~bob___0, ~bob___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 2: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 3: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 4: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,448 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4584#true} {4584#true} #1752#return; {4584#true} is VALID [2022-02-20 17:58:58,449 INFO L290 TraceCheckUtils]: 6: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,449 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4584#true} {4585#false} #1774#return; {4585#false} is VALID [2022-02-20 17:58:58,449 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:58,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,457 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:58,458 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,460 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,460 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,460 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,460 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4584#true} #1704#return; {4584#true} is VALID [2022-02-20 17:58:58,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4584#true} is VALID [2022-02-20 17:58:58,461 INFO L272 TraceCheckUtils]: 1: Hoare triple {4584#true} call setClientId(~rjh___0, ~rjh___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,462 INFO L290 TraceCheckUtils]: 2: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,462 INFO L290 TraceCheckUtils]: 3: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,462 INFO L290 TraceCheckUtils]: 4: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,462 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4584#true} {4584#true} #1704#return; {4584#true} is VALID [2022-02-20 17:58:58,462 INFO L290 TraceCheckUtils]: 6: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,462 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4584#true} {4585#false} #1780#return; {4585#false} is VALID [2022-02-20 17:58:58,463 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:58:58,464 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:58:58,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,469 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,469 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,469 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,470 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4584#true} #1648#return; {4584#true} is VALID [2022-02-20 17:58:58,470 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4584#true} is VALID [2022-02-20 17:58:58,470 INFO L272 TraceCheckUtils]: 1: Hoare triple {4584#true} call setClientId(~chuck___0, ~chuck___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,471 INFO L290 TraceCheckUtils]: 2: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,471 INFO L290 TraceCheckUtils]: 3: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,471 INFO L290 TraceCheckUtils]: 4: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,471 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4584#true} {4584#true} #1648#return; {4584#true} is VALID [2022-02-20 17:58:58,471 INFO L290 TraceCheckUtils]: 6: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,471 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4584#true} {4585#false} #1786#return; {4585#false} is VALID [2022-02-20 17:58:58,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:58:58,477 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,479 INFO L290 TraceCheckUtils]: 0: Hoare triple {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,479 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,479 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,479 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4585#false} #1670#return; {4585#false} is VALID [2022-02-20 17:58:58,484 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:58:58,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {4680#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,487 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,487 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,487 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4585#false} #1672#return; {4585#false} is VALID [2022-02-20 17:58:58,488 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:58:58,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,491 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4585#false} #1682#return; {4585#false} is VALID [2022-02-20 17:58:58,491 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:58:58,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,494 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} ~handle := #in~handle;havoc ~retValue_acc~24; {4584#true} is VALID [2022-02-20 17:58:58,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {4584#true} is VALID [2022-02-20 17:58:58,494 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,494 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4585#false} #1684#return; {4585#false} is VALID [2022-02-20 17:58:58,494 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 17:58:58,495 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4584#true} is VALID [2022-02-20 17:58:58,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {4584#true} is VALID [2022-02-20 17:58:58,497 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,497 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4585#false} #1686#return; {4585#false} is VALID [2022-02-20 17:58:58,498 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 17:58:58,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} ~handle := #in~handle;havoc ~retValue_acc~18; {4584#true} is VALID [2022-02-20 17:58:58,501 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {4584#true} is VALID [2022-02-20 17:58:58,501 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,501 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4584#true} {4585#false} #1608#return; {4585#false} is VALID [2022-02-20 17:58:58,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 17:58:58,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {4584#true} is VALID [2022-02-20 17:58:58,504 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume 1 == ~handle; {4584#true} is VALID [2022-02-20 17:58:58,504 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {4584#true} is VALID [2022-02-20 17:58:58,504 INFO L290 TraceCheckUtils]: 3: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,504 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {4584#true} {4585#false} #1610#return; {4585#false} is VALID [2022-02-20 17:58:58,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {4584#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {4584#true} is VALID [2022-02-20 17:58:58,505 INFO L290 TraceCheckUtils]: 1: Hoare triple {4584#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4584#true} is VALID [2022-02-20 17:58:58,505 INFO L290 TraceCheckUtils]: 2: Hoare triple {4584#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {4584#true} is VALID [2022-02-20 17:58:58,505 INFO L272 TraceCheckUtils]: 3: Hoare triple {4584#true} call select_features_#t~ret27#1 := select_one(); {4584#true} is VALID [2022-02-20 17:58:58,505 INFO L290 TraceCheckUtils]: 4: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,505 INFO L290 TraceCheckUtils]: 5: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,506 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4584#true} {4584#true} #1754#return; {4584#true} is VALID [2022-02-20 17:58:58,506 INFO L290 TraceCheckUtils]: 7: Hoare triple {4584#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {4584#true} is VALID [2022-02-20 17:58:58,506 INFO L272 TraceCheckUtils]: 8: Hoare triple {4584#true} call select_features_#t~ret28#1 := select_one(); {4584#true} is VALID [2022-02-20 17:58:58,506 INFO L290 TraceCheckUtils]: 9: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,506 INFO L290 TraceCheckUtils]: 10: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,506 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4584#true} {4584#true} #1756#return; {4584#true} is VALID [2022-02-20 17:58:58,507 INFO L290 TraceCheckUtils]: 12: Hoare triple {4584#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {4584#true} is VALID [2022-02-20 17:58:58,507 INFO L272 TraceCheckUtils]: 13: Hoare triple {4584#true} call select_features_#t~ret29#1 := select_one(); {4584#true} is VALID [2022-02-20 17:58:58,507 INFO L290 TraceCheckUtils]: 14: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,507 INFO L290 TraceCheckUtils]: 15: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,507 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4584#true} {4584#true} #1758#return; {4584#true} is VALID [2022-02-20 17:58:58,507 INFO L290 TraceCheckUtils]: 17: Hoare triple {4584#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {4584#true} is VALID [2022-02-20 17:58:58,507 INFO L272 TraceCheckUtils]: 18: Hoare triple {4584#true} call select_features_#t~ret30#1 := select_one(); {4584#true} is VALID [2022-02-20 17:58:58,508 INFO L290 TraceCheckUtils]: 19: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,508 INFO L290 TraceCheckUtils]: 20: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,508 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4584#true} {4584#true} #1760#return; {4584#true} is VALID [2022-02-20 17:58:58,508 INFO L290 TraceCheckUtils]: 22: Hoare triple {4584#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {4584#true} is VALID [2022-02-20 17:58:58,508 INFO L272 TraceCheckUtils]: 23: Hoare triple {4584#true} call select_features_#t~ret31#1 := select_one(); {4584#true} is VALID [2022-02-20 17:58:58,508 INFO L290 TraceCheckUtils]: 24: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,508 INFO L290 TraceCheckUtils]: 25: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,509 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4584#true} {4584#true} #1762#return; {4584#true} is VALID [2022-02-20 17:58:58,509 INFO L290 TraceCheckUtils]: 27: Hoare triple {4584#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {4584#true} is VALID [2022-02-20 17:58:58,509 INFO L272 TraceCheckUtils]: 28: Hoare triple {4584#true} call select_features_#t~ret32#1 := select_one(); {4584#true} is VALID [2022-02-20 17:58:58,509 INFO L290 TraceCheckUtils]: 29: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,509 INFO L290 TraceCheckUtils]: 30: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,509 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4584#true} {4584#true} #1764#return; {4584#true} is VALID [2022-02-20 17:58:58,510 INFO L290 TraceCheckUtils]: 32: Hoare triple {4584#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {4584#true} is VALID [2022-02-20 17:58:58,510 INFO L272 TraceCheckUtils]: 33: Hoare triple {4584#true} call select_features_#t~ret33#1 := select_one(); {4584#true} is VALID [2022-02-20 17:58:58,510 INFO L290 TraceCheckUtils]: 34: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,510 INFO L290 TraceCheckUtils]: 35: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,510 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4584#true} {4584#true} #1766#return; {4584#true} is VALID [2022-02-20 17:58:58,510 INFO L290 TraceCheckUtils]: 37: Hoare triple {4584#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {4584#true} is VALID [2022-02-20 17:58:58,510 INFO L272 TraceCheckUtils]: 38: Hoare triple {4584#true} call select_features_#t~ret34#1 := select_one(); {4584#true} is VALID [2022-02-20 17:58:58,511 INFO L290 TraceCheckUtils]: 39: Hoare triple {4584#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {4584#true} is VALID [2022-02-20 17:58:58,511 INFO L290 TraceCheckUtils]: 40: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,511 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4584#true} {4584#true} #1768#return; {4584#true} is VALID [2022-02-20 17:58:58,511 INFO L290 TraceCheckUtils]: 42: Hoare triple {4584#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {4584#true} is VALID [2022-02-20 17:58:58,511 INFO L290 TraceCheckUtils]: 43: Hoare triple {4584#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {4584#true} is VALID [2022-02-20 17:58:58,511 INFO L290 TraceCheckUtils]: 44: Hoare triple {4584#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4584#true} is VALID [2022-02-20 17:58:58,512 INFO L290 TraceCheckUtils]: 45: Hoare triple {4584#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~5#1 := 0; {4610#(= |ULTIMATE.start_valid_product_~tmp~5#1| 0)} is VALID [2022-02-20 17:58:58,512 INFO L290 TraceCheckUtils]: 46: Hoare triple {4610#(= |ULTIMATE.start_valid_product_~tmp~5#1| 0)} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {4611#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 17:58:58,513 INFO L290 TraceCheckUtils]: 47: Hoare triple {4611#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {4612#(= |ULTIMATE.start_main_~tmp~25#1| 0)} is VALID [2022-02-20 17:58:58,513 INFO L290 TraceCheckUtils]: 48: Hoare triple {4612#(= |ULTIMATE.start_main_~tmp~25#1| 0)} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4585#false} is VALID [2022-02-20 17:58:58,513 INFO L290 TraceCheckUtils]: 49: Hoare triple {4585#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4585#false} is VALID [2022-02-20 17:58:58,513 INFO L272 TraceCheckUtils]: 50: Hoare triple {4585#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,513 INFO L290 TraceCheckUtils]: 51: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4584#true} is VALID [2022-02-20 17:58:58,514 INFO L272 TraceCheckUtils]: 52: Hoare triple {4584#true} call setClientId(~bob___0, ~bob___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,514 INFO L290 TraceCheckUtils]: 53: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,514 INFO L290 TraceCheckUtils]: 54: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,514 INFO L290 TraceCheckUtils]: 55: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,514 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4584#true} {4584#true} #1752#return; {4584#true} is VALID [2022-02-20 17:58:58,515 INFO L290 TraceCheckUtils]: 57: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,515 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4584#true} {4585#false} #1774#return; {4585#false} is VALID [2022-02-20 17:58:58,515 INFO L290 TraceCheckUtils]: 59: Hoare triple {4585#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4585#false} is VALID [2022-02-20 17:58:58,515 INFO L290 TraceCheckUtils]: 60: Hoare triple {4585#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4585#false} is VALID [2022-02-20 17:58:58,515 INFO L272 TraceCheckUtils]: 61: Hoare triple {4585#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,515 INFO L290 TraceCheckUtils]: 62: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4584#true} is VALID [2022-02-20 17:58:58,516 INFO L272 TraceCheckUtils]: 63: Hoare triple {4584#true} call setClientId(~rjh___0, ~rjh___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,516 INFO L290 TraceCheckUtils]: 64: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,516 INFO L290 TraceCheckUtils]: 65: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,516 INFO L290 TraceCheckUtils]: 66: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,516 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4584#true} {4584#true} #1704#return; {4584#true} is VALID [2022-02-20 17:58:58,517 INFO L290 TraceCheckUtils]: 68: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,517 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4584#true} {4585#false} #1780#return; {4585#false} is VALID [2022-02-20 17:58:58,517 INFO L290 TraceCheckUtils]: 70: Hoare triple {4585#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4585#false} is VALID [2022-02-20 17:58:58,517 INFO L290 TraceCheckUtils]: 71: Hoare triple {4585#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4585#false} is VALID [2022-02-20 17:58:58,517 INFO L272 TraceCheckUtils]: 72: Hoare triple {4585#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,517 INFO L290 TraceCheckUtils]: 73: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4584#true} is VALID [2022-02-20 17:58:58,518 INFO L272 TraceCheckUtils]: 74: Hoare triple {4584#true} call setClientId(~chuck___0, ~chuck___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,518 INFO L290 TraceCheckUtils]: 75: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,518 INFO L290 TraceCheckUtils]: 76: Hoare triple {4584#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,518 INFO L290 TraceCheckUtils]: 77: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,518 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4584#true} {4584#true} #1648#return; {4584#true} is VALID [2022-02-20 17:58:58,519 INFO L290 TraceCheckUtils]: 79: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,519 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4584#true} {4585#false} #1786#return; {4585#false} is VALID [2022-02-20 17:58:58,519 INFO L290 TraceCheckUtils]: 81: Hoare triple {4585#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {4585#false} is VALID [2022-02-20 17:58:58,519 INFO L290 TraceCheckUtils]: 82: Hoare triple {4585#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4585#false} is VALID [2022-02-20 17:58:58,519 INFO L290 TraceCheckUtils]: 83: Hoare triple {4585#false} assume !false; {4585#false} is VALID [2022-02-20 17:58:58,519 INFO L290 TraceCheckUtils]: 84: Hoare triple {4585#false} assume !(test_~splverifierCounter~0#1 < 4); {4585#false} is VALID [2022-02-20 17:58:58,520 INFO L290 TraceCheckUtils]: 85: Hoare triple {4585#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {4585#false} is VALID [2022-02-20 17:58:58,520 INFO L272 TraceCheckUtils]: 86: Hoare triple {4585#false} call sendEmail(~bob~0, ~rjh~0); {4585#false} is VALID [2022-02-20 17:58:58,520 INFO L290 TraceCheckUtils]: 87: Hoare triple {4585#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4585#false} is VALID [2022-02-20 17:58:58,520 INFO L272 TraceCheckUtils]: 88: Hoare triple {4585#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:58,520 INFO L290 TraceCheckUtils]: 89: Hoare triple {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,520 INFO L290 TraceCheckUtils]: 90: Hoare triple {4584#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,520 INFO L290 TraceCheckUtils]: 91: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,521 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4584#true} {4585#false} #1670#return; {4585#false} is VALID [2022-02-20 17:58:58,521 INFO L272 TraceCheckUtils]: 93: Hoare triple {4585#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4680#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:58,521 INFO L290 TraceCheckUtils]: 94: Hoare triple {4680#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,521 INFO L290 TraceCheckUtils]: 95: Hoare triple {4584#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,521 INFO L290 TraceCheckUtils]: 96: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,521 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4584#true} {4585#false} #1672#return; {4585#false} is VALID [2022-02-20 17:58:58,521 INFO L290 TraceCheckUtils]: 98: Hoare triple {4585#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {4585#false} is VALID [2022-02-20 17:58:58,522 INFO L290 TraceCheckUtils]: 99: Hoare triple {4585#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {4585#false} is VALID [2022-02-20 17:58:58,522 INFO L272 TraceCheckUtils]: 100: Hoare triple {4585#false} call outgoing(~sender#1, ~email~0#1); {4585#false} is VALID [2022-02-20 17:58:58,522 INFO L290 TraceCheckUtils]: 101: Hoare triple {4585#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4585#false} is VALID [2022-02-20 17:58:58,522 INFO L290 TraceCheckUtils]: 102: Hoare triple {4585#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4585#false} is VALID [2022-02-20 17:58:58,522 INFO L272 TraceCheckUtils]: 103: Hoare triple {4585#false} call outgoing__before__Sign(~client#1, ~msg#1); {4585#false} is VALID [2022-02-20 17:58:58,522 INFO L290 TraceCheckUtils]: 104: Hoare triple {4585#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4585#false} is VALID [2022-02-20 17:58:58,522 INFO L290 TraceCheckUtils]: 105: Hoare triple {4585#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4585#false} is VALID [2022-02-20 17:58:58,523 INFO L272 TraceCheckUtils]: 106: Hoare triple {4585#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4585#false} is VALID [2022-02-20 17:58:58,523 INFO L290 TraceCheckUtils]: 107: Hoare triple {4585#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4585#false} is VALID [2022-02-20 17:58:58,523 INFO L290 TraceCheckUtils]: 108: Hoare triple {4585#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4585#false} is VALID [2022-02-20 17:58:58,523 INFO L272 TraceCheckUtils]: 109: Hoare triple {4585#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4585#false} is VALID [2022-02-20 17:58:58,523 INFO L290 TraceCheckUtils]: 110: Hoare triple {4585#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {4585#false} is VALID [2022-02-20 17:58:58,523 INFO L290 TraceCheckUtils]: 111: Hoare triple {4585#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {4585#false} is VALID [2022-02-20 17:58:58,523 INFO L290 TraceCheckUtils]: 112: Hoare triple {4585#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {4585#false} is VALID [2022-02-20 17:58:58,524 INFO L272 TraceCheckUtils]: 113: Hoare triple {4585#false} call setEmailFrom(~msg#1, ~tmp~10#1); {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:58,524 INFO L290 TraceCheckUtils]: 114: Hoare triple {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4584#true} is VALID [2022-02-20 17:58:58,524 INFO L290 TraceCheckUtils]: 115: Hoare triple {4584#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4584#true} is VALID [2022-02-20 17:58:58,524 INFO L290 TraceCheckUtils]: 116: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,524 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4584#true} {4585#false} #1682#return; {4585#false} is VALID [2022-02-20 17:58:58,524 INFO L290 TraceCheckUtils]: 118: Hoare triple {4585#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {4585#false} is VALID [2022-02-20 17:58:58,524 INFO L272 TraceCheckUtils]: 119: Hoare triple {4585#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {4584#true} is VALID [2022-02-20 17:58:58,525 INFO L290 TraceCheckUtils]: 120: Hoare triple {4584#true} ~handle := #in~handle;havoc ~retValue_acc~24; {4584#true} is VALID [2022-02-20 17:58:58,525 INFO L290 TraceCheckUtils]: 121: Hoare triple {4584#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {4584#true} is VALID [2022-02-20 17:58:58,525 INFO L290 TraceCheckUtils]: 122: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,525 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {4584#true} {4585#false} #1684#return; {4585#false} is VALID [2022-02-20 17:58:58,525 INFO L290 TraceCheckUtils]: 124: Hoare triple {4585#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {4585#false} is VALID [2022-02-20 17:58:58,525 INFO L290 TraceCheckUtils]: 125: Hoare triple {4585#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {4585#false} is VALID [2022-02-20 17:58:58,525 INFO L272 TraceCheckUtils]: 126: Hoare triple {4585#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {4584#true} is VALID [2022-02-20 17:58:58,526 INFO L290 TraceCheckUtils]: 127: Hoare triple {4584#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4584#true} is VALID [2022-02-20 17:58:58,526 INFO L290 TraceCheckUtils]: 128: Hoare triple {4584#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {4584#true} is VALID [2022-02-20 17:58:58,526 INFO L290 TraceCheckUtils]: 129: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,526 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {4584#true} {4585#false} #1686#return; {4585#false} is VALID [2022-02-20 17:58:58,526 INFO L290 TraceCheckUtils]: 131: Hoare triple {4585#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {4585#false} is VALID [2022-02-20 17:58:58,526 INFO L290 TraceCheckUtils]: 132: Hoare triple {4585#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {4585#false} is VALID [2022-02-20 17:58:58,526 INFO L272 TraceCheckUtils]: 133: Hoare triple {4585#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {4585#false} is VALID [2022-02-20 17:58:58,527 INFO L290 TraceCheckUtils]: 134: Hoare triple {4585#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4585#false} is VALID [2022-02-20 17:58:58,527 INFO L290 TraceCheckUtils]: 135: Hoare triple {4585#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {4585#false} is VALID [2022-02-20 17:58:58,527 INFO L290 TraceCheckUtils]: 136: Hoare triple {4585#false} assume 1 == ~sent_signed~0; {4585#false} is VALID [2022-02-20 17:58:58,527 INFO L272 TraceCheckUtils]: 137: Hoare triple {4585#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {4584#true} is VALID [2022-02-20 17:58:58,527 INFO L290 TraceCheckUtils]: 138: Hoare triple {4584#true} ~handle := #in~handle;havoc ~retValue_acc~18; {4584#true} is VALID [2022-02-20 17:58:58,527 INFO L290 TraceCheckUtils]: 139: Hoare triple {4584#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {4584#true} is VALID [2022-02-20 17:58:58,527 INFO L290 TraceCheckUtils]: 140: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,528 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {4584#true} {4585#false} #1608#return; {4585#false} is VALID [2022-02-20 17:58:58,528 INFO L290 TraceCheckUtils]: 142: Hoare triple {4585#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {4585#false} is VALID [2022-02-20 17:58:58,528 INFO L272 TraceCheckUtils]: 143: Hoare triple {4585#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {4584#true} is VALID [2022-02-20 17:58:58,528 INFO L290 TraceCheckUtils]: 144: Hoare triple {4584#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {4584#true} is VALID [2022-02-20 17:58:58,528 INFO L290 TraceCheckUtils]: 145: Hoare triple {4584#true} assume 1 == ~handle; {4584#true} is VALID [2022-02-20 17:58:58,528 INFO L290 TraceCheckUtils]: 146: Hoare triple {4584#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {4584#true} is VALID [2022-02-20 17:58:58,528 INFO L290 TraceCheckUtils]: 147: Hoare triple {4584#true} assume true; {4584#true} is VALID [2022-02-20 17:58:58,529 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {4584#true} {4585#false} #1610#return; {4585#false} is VALID [2022-02-20 17:58:58,529 INFO L290 TraceCheckUtils]: 149: Hoare triple {4585#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {4585#false} is VALID [2022-02-20 17:58:58,529 INFO L290 TraceCheckUtils]: 150: Hoare triple {4585#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {4585#false} is VALID [2022-02-20 17:58:58,529 INFO L272 TraceCheckUtils]: 151: Hoare triple {4585#false} call __automaton_fail(); {4585#false} is VALID [2022-02-20 17:58:58,529 INFO L290 TraceCheckUtils]: 152: Hoare triple {4585#false} assume !false; {4585#false} is VALID [2022-02-20 17:58:58,530 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:58:58,530 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:58,530 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1153859377] [2022-02-20 17:58:58,530 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1153859377] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:58,530 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:58,530 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:58:58,531 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1115730866] [2022-02-20 17:58:58,531 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:58,532 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 153 [2022-02-20 17:58:58,532 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:58,533 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:58,610 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 130 edges. 130 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:58,611 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:58:58,611 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:58,611 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:58:58,611 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:58:58,612 INFO L87 Difference]: Start difference. First operand 606 states and 901 transitions. Second operand has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:59:06,968 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:06,968 INFO L93 Difference]: Finished difference Result 1311 states and 1977 transitions. [2022-02-20 17:59:06,968 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 17:59:06,969 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 153 [2022-02-20 17:59:06,969 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:06,969 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:59:07,020 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1977 transitions. [2022-02-20 17:59:07,020 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:59:07,042 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1977 transitions. [2022-02-20 17:59:07,042 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1977 transitions. [2022-02-20 17:59:08,529 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1977 edges. 1977 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:08,560 INFO L225 Difference]: With dead ends: 1311 [2022-02-20 17:59:08,560 INFO L226 Difference]: Without dead ends: 741 [2022-02-20 17:59:08,564 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:59:08,566 INFO L933 BasicCegarLoop]: 917 mSDtfsCounter, 1367 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2953 mSolverCounterSat, 665 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1374 SdHoareTripleChecker+Valid, 2391 SdHoareTripleChecker+Invalid, 3618 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 665 IncrementalHoareTripleChecker+Valid, 2953 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:08,567 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1374 Valid, 2391 Invalid, 3618 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [665 Valid, 2953 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 17:59:08,569 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 741 states. [2022-02-20 17:59:08,597 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 741 to 606. [2022-02-20 17:59:08,597 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:08,598 INFO L82 GeneralOperation]: Start isEquivalent. First operand 741 states. Second operand has 606 states, 447 states have (on average 1.4921700223713648) internal successors, (667), 467 states have internal predecessors, (667), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:59:08,600 INFO L74 IsIncluded]: Start isIncluded. First operand 741 states. Second operand has 606 states, 447 states have (on average 1.4921700223713648) internal successors, (667), 467 states have internal predecessors, (667), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:59:08,601 INFO L87 Difference]: Start difference. First operand 741 states. Second operand has 606 states, 447 states have (on average 1.4921700223713648) internal successors, (667), 467 states have internal predecessors, (667), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:59:08,625 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:08,625 INFO L93 Difference]: Finished difference Result 741 states and 1125 transitions. [2022-02-20 17:59:08,625 INFO L276 IsEmpty]: Start isEmpty. Operand 741 states and 1125 transitions. [2022-02-20 17:59:08,628 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:08,628 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:08,630 INFO L74 IsIncluded]: Start isIncluded. First operand has 606 states, 447 states have (on average 1.4921700223713648) internal successors, (667), 467 states have internal predecessors, (667), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) Second operand 741 states. [2022-02-20 17:59:08,631 INFO L87 Difference]: Start difference. First operand has 606 states, 447 states have (on average 1.4921700223713648) internal successors, (667), 467 states have internal predecessors, (667), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) Second operand 741 states. [2022-02-20 17:59:08,656 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:08,656 INFO L93 Difference]: Finished difference Result 741 states and 1125 transitions. [2022-02-20 17:59:08,656 INFO L276 IsEmpty]: Start isEmpty. Operand 741 states and 1125 transitions. [2022-02-20 17:59:08,658 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:08,658 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:08,659 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:08,659 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:08,660 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 606 states, 447 states have (on average 1.4921700223713648) internal successors, (667), 467 states have internal predecessors, (667), 115 states have call successors, (115), 44 states have call predecessors, (115), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 17:59:08,680 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 606 states to 606 states and 894 transitions. [2022-02-20 17:59:08,680 INFO L78 Accepts]: Start accepts. Automaton has 606 states and 894 transitions. Word has length 153 [2022-02-20 17:59:08,680 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:08,681 INFO L470 AbstractCegarLoop]: Abstraction has 606 states and 894 transitions. [2022-02-20 17:59:08,681 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:59:08,682 INFO L276 IsEmpty]: Start isEmpty. Operand 606 states and 894 transitions. [2022-02-20 17:59:08,684 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 159 [2022-02-20 17:59:08,684 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:08,684 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:08,684 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 17:59:08,684 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:08,685 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:08,685 INFO L85 PathProgramCache]: Analyzing trace with hash 669699045, now seen corresponding path program 1 times [2022-02-20 17:59:08,685 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:08,685 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1796523918] [2022-02-20 17:59:08,686 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:08,686 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:08,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:08,781 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,784 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8849#true} #1754#return; {8849#true} is VALID [2022-02-20 17:59:08,785 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:08,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,788 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,789 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,789 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8849#true} #1756#return; {8849#true} is VALID [2022-02-20 17:59:08,789 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:08,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,792 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,792 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8849#true} #1758#return; {8849#true} is VALID [2022-02-20 17:59:08,792 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:08,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,796 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,797 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8849#true} #1760#return; {8849#true} is VALID [2022-02-20 17:59:08,797 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:08,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,801 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,801 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,801 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8849#true} #1762#return; {8849#true} is VALID [2022-02-20 17:59:08,802 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:08,804 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,806 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,806 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,807 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} #1764#return; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,807 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:08,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,816 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,817 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,818 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} #1766#return; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,818 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:08,822 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,829 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,830 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,831 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} #1768#return; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,835 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:59:08,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,840 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:08,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,844 INFO L290 TraceCheckUtils]: 0: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,844 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,846 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,847 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8849#true} #1752#return; {8849#true} is VALID [2022-02-20 17:59:08,849 INFO L290 TraceCheckUtils]: 0: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8849#true} is VALID [2022-02-20 17:59:08,849 INFO L272 TraceCheckUtils]: 1: Hoare triple {8849#true} call setClientId(~bob___0, ~bob___0); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,850 INFO L290 TraceCheckUtils]: 3: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,850 INFO L290 TraceCheckUtils]: 4: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,850 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8849#true} {8849#true} #1752#return; {8849#true} is VALID [2022-02-20 17:59:08,850 INFO L290 TraceCheckUtils]: 6: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,851 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8849#true} {8850#false} #1774#return; {8850#false} is VALID [2022-02-20 17:59:08,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:59:08,854 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,857 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:08,857 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,862 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,862 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8849#true} #1704#return; {8849#true} is VALID [2022-02-20 17:59:08,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8849#true} is VALID [2022-02-20 17:59:08,863 INFO L272 TraceCheckUtils]: 1: Hoare triple {8849#true} call setClientId(~rjh___0, ~rjh___0); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,863 INFO L290 TraceCheckUtils]: 2: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,863 INFO L290 TraceCheckUtils]: 3: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,863 INFO L290 TraceCheckUtils]: 4: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,864 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8849#true} {8849#true} #1704#return; {8849#true} is VALID [2022-02-20 17:59:08,864 INFO L290 TraceCheckUtils]: 6: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,864 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8849#true} {8850#false} #1780#return; {8850#false} is VALID [2022-02-20 17:59:08,864 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:59:08,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,869 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:08,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,872 INFO L290 TraceCheckUtils]: 0: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,872 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,872 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,872 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8849#true} #1648#return; {8849#true} is VALID [2022-02-20 17:59:08,872 INFO L290 TraceCheckUtils]: 0: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8849#true} is VALID [2022-02-20 17:59:08,873 INFO L272 TraceCheckUtils]: 1: Hoare triple {8849#true} call setClientId(~chuck___0, ~chuck___0); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,873 INFO L290 TraceCheckUtils]: 2: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,873 INFO L290 TraceCheckUtils]: 3: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,873 INFO L290 TraceCheckUtils]: 4: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,873 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8849#true} {8849#true} #1648#return; {8849#true} is VALID [2022-02-20 17:59:08,873 INFO L290 TraceCheckUtils]: 6: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,874 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8849#true} {8850#false} #1786#return; {8850#false} is VALID [2022-02-20 17:59:08,877 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:59:08,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,881 INFO L290 TraceCheckUtils]: 0: Hoare triple {8942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,882 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,882 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,882 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1670#return; {8850#false} is VALID [2022-02-20 17:59:08,886 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:59:08,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,888 INFO L290 TraceCheckUtils]: 0: Hoare triple {8943#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,888 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,888 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,888 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1672#return; {8850#false} is VALID [2022-02-20 17:59:08,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:59:08,889 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,892 INFO L290 TraceCheckUtils]: 0: Hoare triple {8942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,892 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,892 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,892 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1682#return; {8850#false} is VALID [2022-02-20 17:59:08,892 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:59:08,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,905 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~24; {8849#true} is VALID [2022-02-20 17:59:08,905 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {8849#true} is VALID [2022-02-20 17:59:08,906 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,906 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1684#return; {8850#false} is VALID [2022-02-20 17:59:08,906 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:59:08,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,909 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~19; {8849#true} is VALID [2022-02-20 17:59:08,909 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {8849#true} is VALID [2022-02-20 17:59:08,909 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,910 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1686#return; {8850#false} is VALID [2022-02-20 17:59:08,910 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:59:08,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,912 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~18; {8849#true} is VALID [2022-02-20 17:59:08,912 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {8849#true} is VALID [2022-02-20 17:59:08,912 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,912 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1608#return; {8850#false} is VALID [2022-02-20 17:59:08,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 148 [2022-02-20 17:59:08,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:08,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {8849#true} is VALID [2022-02-20 17:59:08,915 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle; {8849#true} is VALID [2022-02-20 17:59:08,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {8849#true} is VALID [2022-02-20 17:59:08,915 INFO L290 TraceCheckUtils]: 3: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,915 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8849#true} {8850#false} #1610#return; {8850#false} is VALID [2022-02-20 17:59:08,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {8849#true} is VALID [2022-02-20 17:59:08,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8849#true} is VALID [2022-02-20 17:59:08,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {8849#true} is VALID [2022-02-20 17:59:08,916 INFO L272 TraceCheckUtils]: 3: Hoare triple {8849#true} call select_features_#t~ret27#1 := select_one(); {8849#true} is VALID [2022-02-20 17:59:08,916 INFO L290 TraceCheckUtils]: 4: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,916 INFO L290 TraceCheckUtils]: 5: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,916 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8849#true} {8849#true} #1754#return; {8849#true} is VALID [2022-02-20 17:59:08,916 INFO L290 TraceCheckUtils]: 7: Hoare triple {8849#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {8849#true} is VALID [2022-02-20 17:59:08,916 INFO L272 TraceCheckUtils]: 8: Hoare triple {8849#true} call select_features_#t~ret28#1 := select_one(); {8849#true} is VALID [2022-02-20 17:59:08,917 INFO L290 TraceCheckUtils]: 9: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,917 INFO L290 TraceCheckUtils]: 10: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,917 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8849#true} {8849#true} #1756#return; {8849#true} is VALID [2022-02-20 17:59:08,917 INFO L290 TraceCheckUtils]: 12: Hoare triple {8849#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {8849#true} is VALID [2022-02-20 17:59:08,917 INFO L272 TraceCheckUtils]: 13: Hoare triple {8849#true} call select_features_#t~ret29#1 := select_one(); {8849#true} is VALID [2022-02-20 17:59:08,917 INFO L290 TraceCheckUtils]: 14: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,917 INFO L290 TraceCheckUtils]: 15: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,917 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8849#true} {8849#true} #1758#return; {8849#true} is VALID [2022-02-20 17:59:08,918 INFO L290 TraceCheckUtils]: 17: Hoare triple {8849#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {8849#true} is VALID [2022-02-20 17:59:08,918 INFO L272 TraceCheckUtils]: 18: Hoare triple {8849#true} call select_features_#t~ret30#1 := select_one(); {8849#true} is VALID [2022-02-20 17:59:08,918 INFO L290 TraceCheckUtils]: 19: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,918 INFO L290 TraceCheckUtils]: 20: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,918 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8849#true} {8849#true} #1760#return; {8849#true} is VALID [2022-02-20 17:59:08,918 INFO L290 TraceCheckUtils]: 22: Hoare triple {8849#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {8849#true} is VALID [2022-02-20 17:59:08,918 INFO L272 TraceCheckUtils]: 23: Hoare triple {8849#true} call select_features_#t~ret31#1 := select_one(); {8849#true} is VALID [2022-02-20 17:59:08,918 INFO L290 TraceCheckUtils]: 24: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,919 INFO L290 TraceCheckUtils]: 25: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,919 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8849#true} {8849#true} #1762#return; {8849#true} is VALID [2022-02-20 17:59:08,919 INFO L290 TraceCheckUtils]: 27: Hoare triple {8849#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,919 INFO L272 TraceCheckUtils]: 28: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} call select_features_#t~ret32#1 := select_one(); {8849#true} is VALID [2022-02-20 17:59:08,919 INFO L290 TraceCheckUtils]: 29: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,919 INFO L290 TraceCheckUtils]: 30: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,920 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8849#true} {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} #1764#return; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,920 INFO L290 TraceCheckUtils]: 32: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,920 INFO L272 TraceCheckUtils]: 33: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} call select_features_#t~ret33#1 := select_one(); {8849#true} is VALID [2022-02-20 17:59:08,920 INFO L290 TraceCheckUtils]: 34: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,920 INFO L290 TraceCheckUtils]: 35: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,921 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8849#true} {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} #1766#return; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,921 INFO L290 TraceCheckUtils]: 37: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,921 INFO L272 TraceCheckUtils]: 38: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} call select_features_#t~ret34#1 := select_one(); {8849#true} is VALID [2022-02-20 17:59:08,921 INFO L290 TraceCheckUtils]: 39: Hoare triple {8849#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {8849#true} is VALID [2022-02-20 17:59:08,921 INFO L290 TraceCheckUtils]: 40: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,922 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8849#true} {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} #1768#return; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,922 INFO L290 TraceCheckUtils]: 42: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,922 INFO L290 TraceCheckUtils]: 43: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,923 INFO L290 TraceCheckUtils]: 44: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,923 INFO L290 TraceCheckUtils]: 45: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,924 INFO L290 TraceCheckUtils]: 46: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 17:59:08,924 INFO L290 TraceCheckUtils]: 47: Hoare triple {8866#(= ~__SELECTED_FEATURE_Sign~0 1)} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8850#false} is VALID [2022-02-20 17:59:08,924 INFO L290 TraceCheckUtils]: 48: Hoare triple {8850#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8850#false} is VALID [2022-02-20 17:59:08,924 INFO L290 TraceCheckUtils]: 49: Hoare triple {8850#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8850#false} is VALID [2022-02-20 17:59:08,924 INFO L290 TraceCheckUtils]: 50: Hoare triple {8850#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {8850#false} is VALID [2022-02-20 17:59:08,925 INFO L290 TraceCheckUtils]: 51: Hoare triple {8850#false} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {8850#false} is VALID [2022-02-20 17:59:08,925 INFO L290 TraceCheckUtils]: 52: Hoare triple {8850#false} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {8850#false} is VALID [2022-02-20 17:59:08,925 INFO L290 TraceCheckUtils]: 53: Hoare triple {8850#false} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8850#false} is VALID [2022-02-20 17:59:08,925 INFO L290 TraceCheckUtils]: 54: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8850#false} is VALID [2022-02-20 17:59:08,925 INFO L272 TraceCheckUtils]: 55: Hoare triple {8850#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,926 INFO L290 TraceCheckUtils]: 56: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8849#true} is VALID [2022-02-20 17:59:08,926 INFO L272 TraceCheckUtils]: 57: Hoare triple {8849#true} call setClientId(~bob___0, ~bob___0); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,927 INFO L290 TraceCheckUtils]: 58: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,928 INFO L290 TraceCheckUtils]: 59: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,928 INFO L290 TraceCheckUtils]: 60: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,928 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8849#true} {8849#true} #1752#return; {8849#true} is VALID [2022-02-20 17:59:08,928 INFO L290 TraceCheckUtils]: 62: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,928 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8849#true} {8850#false} #1774#return; {8850#false} is VALID [2022-02-20 17:59:08,928 INFO L290 TraceCheckUtils]: 64: Hoare triple {8850#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8850#false} is VALID [2022-02-20 17:59:08,929 INFO L290 TraceCheckUtils]: 65: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8850#false} is VALID [2022-02-20 17:59:08,929 INFO L272 TraceCheckUtils]: 66: Hoare triple {8850#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,929 INFO L290 TraceCheckUtils]: 67: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8849#true} is VALID [2022-02-20 17:59:08,929 INFO L272 TraceCheckUtils]: 68: Hoare triple {8849#true} call setClientId(~rjh___0, ~rjh___0); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,929 INFO L290 TraceCheckUtils]: 69: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,930 INFO L290 TraceCheckUtils]: 70: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,930 INFO L290 TraceCheckUtils]: 71: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,930 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8849#true} {8849#true} #1704#return; {8849#true} is VALID [2022-02-20 17:59:08,930 INFO L290 TraceCheckUtils]: 73: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,930 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8849#true} {8850#false} #1780#return; {8850#false} is VALID [2022-02-20 17:59:08,930 INFO L290 TraceCheckUtils]: 75: Hoare triple {8850#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8850#false} is VALID [2022-02-20 17:59:08,930 INFO L290 TraceCheckUtils]: 76: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8850#false} is VALID [2022-02-20 17:59:08,930 INFO L272 TraceCheckUtils]: 77: Hoare triple {8850#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,930 INFO L290 TraceCheckUtils]: 78: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8849#true} is VALID [2022-02-20 17:59:08,933 INFO L272 TraceCheckUtils]: 79: Hoare triple {8849#true} call setClientId(~chuck___0, ~chuck___0); {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:08,933 INFO L290 TraceCheckUtils]: 80: Hoare triple {8929#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,933 INFO L290 TraceCheckUtils]: 81: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,933 INFO L290 TraceCheckUtils]: 82: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,933 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8849#true} {8849#true} #1648#return; {8849#true} is VALID [2022-02-20 17:59:08,934 INFO L290 TraceCheckUtils]: 84: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,934 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8849#true} {8850#false} #1786#return; {8850#false} is VALID [2022-02-20 17:59:08,934 INFO L290 TraceCheckUtils]: 86: Hoare triple {8850#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {8850#false} is VALID [2022-02-20 17:59:08,934 INFO L290 TraceCheckUtils]: 87: Hoare triple {8850#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8850#false} is VALID [2022-02-20 17:59:08,934 INFO L290 TraceCheckUtils]: 88: Hoare triple {8850#false} assume !false; {8850#false} is VALID [2022-02-20 17:59:08,934 INFO L290 TraceCheckUtils]: 89: Hoare triple {8850#false} assume !(test_~splverifierCounter~0#1 < 4); {8850#false} is VALID [2022-02-20 17:59:08,934 INFO L290 TraceCheckUtils]: 90: Hoare triple {8850#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {8850#false} is VALID [2022-02-20 17:59:08,934 INFO L272 TraceCheckUtils]: 91: Hoare triple {8850#false} call sendEmail(~bob~0, ~rjh~0); {8850#false} is VALID [2022-02-20 17:59:08,935 INFO L290 TraceCheckUtils]: 92: Hoare triple {8850#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8850#false} is VALID [2022-02-20 17:59:08,935 INFO L272 TraceCheckUtils]: 93: Hoare triple {8850#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:08,935 INFO L290 TraceCheckUtils]: 94: Hoare triple {8942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,935 INFO L290 TraceCheckUtils]: 95: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,935 INFO L290 TraceCheckUtils]: 96: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,935 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8849#true} {8850#false} #1670#return; {8850#false} is VALID [2022-02-20 17:59:08,935 INFO L272 TraceCheckUtils]: 98: Hoare triple {8850#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8943#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:08,935 INFO L290 TraceCheckUtils]: 99: Hoare triple {8943#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,936 INFO L290 TraceCheckUtils]: 100: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,936 INFO L290 TraceCheckUtils]: 101: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,936 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8849#true} {8850#false} #1672#return; {8850#false} is VALID [2022-02-20 17:59:08,936 INFO L290 TraceCheckUtils]: 103: Hoare triple {8850#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {8850#false} is VALID [2022-02-20 17:59:08,936 INFO L290 TraceCheckUtils]: 104: Hoare triple {8850#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {8850#false} is VALID [2022-02-20 17:59:08,936 INFO L272 TraceCheckUtils]: 105: Hoare triple {8850#false} call outgoing(~sender#1, ~email~0#1); {8850#false} is VALID [2022-02-20 17:59:08,936 INFO L290 TraceCheckUtils]: 106: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8850#false} is VALID [2022-02-20 17:59:08,936 INFO L290 TraceCheckUtils]: 107: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8850#false} is VALID [2022-02-20 17:59:08,936 INFO L272 TraceCheckUtils]: 108: Hoare triple {8850#false} call outgoing__before__Sign(~client#1, ~msg#1); {8850#false} is VALID [2022-02-20 17:59:08,937 INFO L290 TraceCheckUtils]: 109: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8850#false} is VALID [2022-02-20 17:59:08,937 INFO L290 TraceCheckUtils]: 110: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8850#false} is VALID [2022-02-20 17:59:08,937 INFO L272 TraceCheckUtils]: 111: Hoare triple {8850#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8850#false} is VALID [2022-02-20 17:59:08,937 INFO L290 TraceCheckUtils]: 112: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8850#false} is VALID [2022-02-20 17:59:08,937 INFO L290 TraceCheckUtils]: 113: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8850#false} is VALID [2022-02-20 17:59:08,937 INFO L272 TraceCheckUtils]: 114: Hoare triple {8850#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8850#false} is VALID [2022-02-20 17:59:08,937 INFO L290 TraceCheckUtils]: 115: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {8850#false} is VALID [2022-02-20 17:59:08,937 INFO L290 TraceCheckUtils]: 116: Hoare triple {8850#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {8850#false} is VALID [2022-02-20 17:59:08,938 INFO L290 TraceCheckUtils]: 117: Hoare triple {8850#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {8850#false} is VALID [2022-02-20 17:59:08,938 INFO L272 TraceCheckUtils]: 118: Hoare triple {8850#false} call setEmailFrom(~msg#1, ~tmp~10#1); {8942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:08,938 INFO L290 TraceCheckUtils]: 119: Hoare triple {8942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 17:59:08,938 INFO L290 TraceCheckUtils]: 120: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8849#true} is VALID [2022-02-20 17:59:08,938 INFO L290 TraceCheckUtils]: 121: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,938 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8849#true} {8850#false} #1682#return; {8850#false} is VALID [2022-02-20 17:59:08,938 INFO L290 TraceCheckUtils]: 123: Hoare triple {8850#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {8850#false} is VALID [2022-02-20 17:59:08,938 INFO L272 TraceCheckUtils]: 124: Hoare triple {8850#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {8849#true} is VALID [2022-02-20 17:59:08,938 INFO L290 TraceCheckUtils]: 125: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~24; {8849#true} is VALID [2022-02-20 17:59:08,939 INFO L290 TraceCheckUtils]: 126: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {8849#true} is VALID [2022-02-20 17:59:08,939 INFO L290 TraceCheckUtils]: 127: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,939 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {8849#true} {8850#false} #1684#return; {8850#false} is VALID [2022-02-20 17:59:08,939 INFO L290 TraceCheckUtils]: 129: Hoare triple {8850#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {8850#false} is VALID [2022-02-20 17:59:08,939 INFO L290 TraceCheckUtils]: 130: Hoare triple {8850#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {8850#false} is VALID [2022-02-20 17:59:08,939 INFO L272 TraceCheckUtils]: 131: Hoare triple {8850#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {8849#true} is VALID [2022-02-20 17:59:08,939 INFO L290 TraceCheckUtils]: 132: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~19; {8849#true} is VALID [2022-02-20 17:59:08,939 INFO L290 TraceCheckUtils]: 133: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {8849#true} is VALID [2022-02-20 17:59:08,940 INFO L290 TraceCheckUtils]: 134: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,940 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {8849#true} {8850#false} #1686#return; {8850#false} is VALID [2022-02-20 17:59:08,940 INFO L290 TraceCheckUtils]: 136: Hoare triple {8850#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {8850#false} is VALID [2022-02-20 17:59:08,940 INFO L290 TraceCheckUtils]: 137: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {8850#false} is VALID [2022-02-20 17:59:08,940 INFO L272 TraceCheckUtils]: 138: Hoare triple {8850#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {8850#false} is VALID [2022-02-20 17:59:08,940 INFO L290 TraceCheckUtils]: 139: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8850#false} is VALID [2022-02-20 17:59:08,940 INFO L290 TraceCheckUtils]: 140: Hoare triple {8850#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {8850#false} is VALID [2022-02-20 17:59:08,940 INFO L290 TraceCheckUtils]: 141: Hoare triple {8850#false} assume 1 == ~sent_signed~0; {8850#false} is VALID [2022-02-20 17:59:08,941 INFO L272 TraceCheckUtils]: 142: Hoare triple {8850#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {8849#true} is VALID [2022-02-20 17:59:08,941 INFO L290 TraceCheckUtils]: 143: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~18; {8849#true} is VALID [2022-02-20 17:59:08,941 INFO L290 TraceCheckUtils]: 144: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {8849#true} is VALID [2022-02-20 17:59:08,941 INFO L290 TraceCheckUtils]: 145: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,941 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {8849#true} {8850#false} #1608#return; {8850#false} is VALID [2022-02-20 17:59:08,941 INFO L290 TraceCheckUtils]: 147: Hoare triple {8850#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {8850#false} is VALID [2022-02-20 17:59:08,941 INFO L272 TraceCheckUtils]: 148: Hoare triple {8850#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {8849#true} is VALID [2022-02-20 17:59:08,941 INFO L290 TraceCheckUtils]: 149: Hoare triple {8849#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {8849#true} is VALID [2022-02-20 17:59:08,941 INFO L290 TraceCheckUtils]: 150: Hoare triple {8849#true} assume 1 == ~handle; {8849#true} is VALID [2022-02-20 17:59:08,942 INFO L290 TraceCheckUtils]: 151: Hoare triple {8849#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {8849#true} is VALID [2022-02-20 17:59:08,942 INFO L290 TraceCheckUtils]: 152: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 17:59:08,942 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {8849#true} {8850#false} #1610#return; {8850#false} is VALID [2022-02-20 17:59:08,942 INFO L290 TraceCheckUtils]: 154: Hoare triple {8850#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {8850#false} is VALID [2022-02-20 17:59:08,942 INFO L290 TraceCheckUtils]: 155: Hoare triple {8850#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {8850#false} is VALID [2022-02-20 17:59:08,942 INFO L272 TraceCheckUtils]: 156: Hoare triple {8850#false} call __automaton_fail(); {8850#false} is VALID [2022-02-20 17:59:08,942 INFO L290 TraceCheckUtils]: 157: Hoare triple {8850#false} assume !false; {8850#false} is VALID [2022-02-20 17:59:08,943 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:59:08,943 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:08,943 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1796523918] [2022-02-20 17:59:08,943 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1796523918] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:08,944 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:08,944 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:59:08,944 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1718041117] [2022-02-20 17:59:08,944 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:08,946 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) Word has length 158 [2022-02-20 17:59:08,946 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:08,946 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:09,022 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 135 edges. 135 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:09,022 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:59:09,023 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:09,023 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:59:09,023 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:59:09,024 INFO L87 Difference]: Start difference. First operand 606 states and 894 transitions. Second operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:13,143 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:13,144 INFO L93 Difference]: Finished difference Result 1317 states and 1998 transitions. [2022-02-20 17:59:13,144 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:59:13,144 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) Word has length 158 [2022-02-20 17:59:13,144 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:13,144 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:13,167 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1998 transitions. [2022-02-20 17:59:13,167 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:13,190 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1998 transitions. [2022-02-20 17:59:13,191 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1998 transitions. [2022-02-20 17:59:14,275 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1998 edges. 1998 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:14,302 INFO L225 Difference]: With dead ends: 1317 [2022-02-20 17:59:14,302 INFO L226 Difference]: Without dead ends: 742 [2022-02-20 17:59:14,303 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:14,309 INFO L933 BasicCegarLoop]: 905 mSDtfsCounter, 2079 mSDsluCounter, 668 mSDsCounter, 0 mSdLazyCounter, 512 mSolverCounterSat, 870 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2106 SdHoareTripleChecker+Valid, 1573 SdHoareTripleChecker+Invalid, 1382 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 870 IncrementalHoareTripleChecker+Valid, 512 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:14,310 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2106 Valid, 1573 Invalid, 1382 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [870 Valid, 512 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-02-20 17:59:14,312 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 742 states. [2022-02-20 17:59:14,332 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 742 to 607. [2022-02-20 17:59:14,332 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:14,333 INFO L82 GeneralOperation]: Start isEquivalent. First operand 742 states. Second operand has 607 states, 449 states have (on average 1.4810690423162582) internal successors, (665), 467 states have internal predecessors, (665), 113 states have call successors, (113), 45 states have call predecessors, (113), 44 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) [2022-02-20 17:59:14,335 INFO L74 IsIncluded]: Start isIncluded. First operand 742 states. Second operand has 607 states, 449 states have (on average 1.4810690423162582) internal successors, (665), 467 states have internal predecessors, (665), 113 states have call successors, (113), 45 states have call predecessors, (113), 44 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) [2022-02-20 17:59:14,336 INFO L87 Difference]: Start difference. First operand 742 states. Second operand has 607 states, 449 states have (on average 1.4810690423162582) internal successors, (665), 467 states have internal predecessors, (665), 113 states have call successors, (113), 45 states have call predecessors, (113), 44 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) [2022-02-20 17:59:14,358 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,358 INFO L93 Difference]: Finished difference Result 742 states and 1116 transitions. [2022-02-20 17:59:14,358 INFO L276 IsEmpty]: Start isEmpty. Operand 742 states and 1116 transitions. [2022-02-20 17:59:14,360 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:14,360 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:14,362 INFO L74 IsIncluded]: Start isIncluded. First operand has 607 states, 449 states have (on average 1.4810690423162582) internal successors, (665), 467 states have internal predecessors, (665), 113 states have call successors, (113), 45 states have call predecessors, (113), 44 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) Second operand 742 states. [2022-02-20 17:59:14,363 INFO L87 Difference]: Start difference. First operand has 607 states, 449 states have (on average 1.4810690423162582) internal successors, (665), 467 states have internal predecessors, (665), 113 states have call successors, (113), 45 states have call predecessors, (113), 44 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) Second operand 742 states. [2022-02-20 17:59:14,386 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,387 INFO L93 Difference]: Finished difference Result 742 states and 1116 transitions. [2022-02-20 17:59:14,387 INFO L276 IsEmpty]: Start isEmpty. Operand 742 states and 1116 transitions. [2022-02-20 17:59:14,389 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:14,389 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:14,389 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:14,389 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:14,391 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 607 states, 449 states have (on average 1.4810690423162582) internal successors, (665), 467 states have internal predecessors, (665), 113 states have call successors, (113), 45 states have call predecessors, (113), 44 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) [2022-02-20 17:59:14,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 607 states to 607 states and 888 transitions. [2022-02-20 17:59:14,411 INFO L78 Accepts]: Start accepts. Automaton has 607 states and 888 transitions. Word has length 158 [2022-02-20 17:59:14,411 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:14,411 INFO L470 AbstractCegarLoop]: Abstraction has 607 states and 888 transitions. [2022-02-20 17:59:14,411 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:14,412 INFO L276 IsEmpty]: Start isEmpty. Operand 607 states and 888 transitions. [2022-02-20 17:59:14,414 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 190 [2022-02-20 17:59:14,414 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:14,414 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:14,414 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 17:59:14,414 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:14,414 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:14,415 INFO L85 PathProgramCache]: Analyzing trace with hash -2023754000, now seen corresponding path program 1 times [2022-02-20 17:59:14,415 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:14,415 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1460010168] [2022-02-20 17:59:14,415 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:14,415 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:14,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:14,489 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,491 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13122#true} {13122#true} #1754#return; {13122#true} is VALID [2022-02-20 17:59:14,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:14,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,494 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,495 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,495 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13122#true} {13122#true} #1756#return; {13122#true} is VALID [2022-02-20 17:59:14,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:14,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,511 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13122#true} {13122#true} #1758#return; {13122#true} is VALID [2022-02-20 17:59:14,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:14,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,522 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,522 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,522 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13122#true} {13122#true} #1760#return; {13122#true} is VALID [2022-02-20 17:59:14,522 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:14,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,525 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,525 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,525 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13122#true} {13122#true} #1762#return; {13122#true} is VALID [2022-02-20 17:59:14,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:14,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,529 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,529 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13122#true} {13122#true} #1764#return; {13122#true} is VALID [2022-02-20 17:59:14,529 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:14,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,532 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,532 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13122#true} {13122#true} #1766#return; {13122#true} is VALID [2022-02-20 17:59:14,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:14,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,536 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13122#true} {13122#true} #1768#return; {13122#true} is VALID [2022-02-20 17:59:14,539 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:59:14,541 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,543 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:14,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,547 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,547 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,547 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,547 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13122#true} #1752#return; {13122#true} is VALID [2022-02-20 17:59:14,547 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {13122#true} is VALID [2022-02-20 17:59:14,548 INFO L272 TraceCheckUtils]: 1: Hoare triple {13122#true} call setClientId(~bob___0, ~bob___0); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,548 INFO L290 TraceCheckUtils]: 3: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,548 INFO L290 TraceCheckUtils]: 4: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,548 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13122#true} {13122#true} #1752#return; {13122#true} is VALID [2022-02-20 17:59:14,548 INFO L290 TraceCheckUtils]: 6: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,548 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13122#true} {13123#false} #1774#return; {13123#false} is VALID [2022-02-20 17:59:14,549 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:59:14,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:14,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,554 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,554 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,555 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13122#true} #1704#return; {13122#true} is VALID [2022-02-20 17:59:14,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {13122#true} is VALID [2022-02-20 17:59:14,555 INFO L272 TraceCheckUtils]: 1: Hoare triple {13122#true} call setClientId(~rjh___0, ~rjh___0); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,556 INFO L290 TraceCheckUtils]: 3: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,556 INFO L290 TraceCheckUtils]: 4: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,556 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13122#true} {13122#true} #1704#return; {13122#true} is VALID [2022-02-20 17:59:14,556 INFO L290 TraceCheckUtils]: 6: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,556 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13122#true} {13123#false} #1780#return; {13123#false} is VALID [2022-02-20 17:59:14,556 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:59:14,558 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:14,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,563 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,563 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,563 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,563 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13122#true} #1648#return; {13122#true} is VALID [2022-02-20 17:59:14,564 INFO L290 TraceCheckUtils]: 0: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {13122#true} is VALID [2022-02-20 17:59:14,564 INFO L272 TraceCheckUtils]: 1: Hoare triple {13122#true} call setClientId(~chuck___0, ~chuck___0); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,564 INFO L290 TraceCheckUtils]: 2: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,564 INFO L290 TraceCheckUtils]: 3: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,564 INFO L290 TraceCheckUtils]: 4: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,565 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13122#true} {13122#true} #1648#return; {13122#true} is VALID [2022-02-20 17:59:14,565 INFO L290 TraceCheckUtils]: 6: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,565 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13122#true} {13123#false} #1786#return; {13123#false} is VALID [2022-02-20 17:59:14,568 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:59:14,569 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,572 INFO L290 TraceCheckUtils]: 0: Hoare triple {13232#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,572 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,572 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,572 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1670#return; {13123#false} is VALID [2022-02-20 17:59:14,576 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:59:14,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,580 INFO L290 TraceCheckUtils]: 0: Hoare triple {13233#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,586 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,587 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,587 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1672#return; {13123#false} is VALID [2022-02-20 17:59:14,587 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 17:59:14,588 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,592 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13122#true} is VALID [2022-02-20 17:59:14,592 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {13122#true} is VALID [2022-02-20 17:59:14,593 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,593 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1602#return; {13123#false} is VALID [2022-02-20 17:59:14,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:59:14,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,595 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13122#true} is VALID [2022-02-20 17:59:14,595 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {13122#true} is VALID [2022-02-20 17:59:14,595 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,595 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1636#return; {13123#false} is VALID [2022-02-20 17:59:14,596 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 17:59:14,596 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,598 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {13122#true} is VALID [2022-02-20 17:59:14,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle; {13122#true} is VALID [2022-02-20 17:59:14,598 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {13122#true} is VALID [2022-02-20 17:59:14,598 INFO L290 TraceCheckUtils]: 3: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,598 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13122#true} {13123#false} #1638#return; {13123#false} is VALID [2022-02-20 17:59:14,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:59:14,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {13232#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,603 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,603 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1682#return; {13123#false} is VALID [2022-02-20 17:59:14,604 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 148 [2022-02-20 17:59:14,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~24; {13122#true} is VALID [2022-02-20 17:59:14,606 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {13122#true} is VALID [2022-02-20 17:59:14,606 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,607 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1684#return; {13123#false} is VALID [2022-02-20 17:59:14,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 155 [2022-02-20 17:59:14,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,610 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13122#true} is VALID [2022-02-20 17:59:14,610 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {13122#true} is VALID [2022-02-20 17:59:14,610 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,610 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1686#return; {13123#false} is VALID [2022-02-20 17:59:14,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-02-20 17:59:14,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13122#true} is VALID [2022-02-20 17:59:14,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {13122#true} is VALID [2022-02-20 17:59:14,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,612 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1688#return; {13123#false} is VALID [2022-02-20 17:59:14,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 173 [2022-02-20 17:59:14,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~18; {13122#true} is VALID [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {13122#true} is VALID [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,615 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13122#true} {13123#false} #1608#return; {13123#false} is VALID [2022-02-20 17:59:14,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 179 [2022-02-20 17:59:14,616 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {13122#true} is VALID [2022-02-20 17:59:14,618 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume 1 == ~handle; {13122#true} is VALID [2022-02-20 17:59:14,618 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {13122#true} is VALID [2022-02-20 17:59:14,618 INFO L290 TraceCheckUtils]: 3: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,618 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13122#true} {13123#false} #1610#return; {13123#false} is VALID [2022-02-20 17:59:14,619 INFO L290 TraceCheckUtils]: 0: Hoare triple {13122#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {13122#true} is VALID [2022-02-20 17:59:14,619 INFO L290 TraceCheckUtils]: 1: Hoare triple {13122#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {13122#true} is VALID [2022-02-20 17:59:14,619 INFO L290 TraceCheckUtils]: 2: Hoare triple {13122#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {13122#true} is VALID [2022-02-20 17:59:14,619 INFO L272 TraceCheckUtils]: 3: Hoare triple {13122#true} call select_features_#t~ret27#1 := select_one(); {13122#true} is VALID [2022-02-20 17:59:14,619 INFO L290 TraceCheckUtils]: 4: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,620 INFO L290 TraceCheckUtils]: 5: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,620 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {13122#true} {13122#true} #1754#return; {13122#true} is VALID [2022-02-20 17:59:14,620 INFO L290 TraceCheckUtils]: 7: Hoare triple {13122#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {13122#true} is VALID [2022-02-20 17:59:14,620 INFO L272 TraceCheckUtils]: 8: Hoare triple {13122#true} call select_features_#t~ret28#1 := select_one(); {13122#true} is VALID [2022-02-20 17:59:14,621 INFO L290 TraceCheckUtils]: 9: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,621 INFO L290 TraceCheckUtils]: 10: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,621 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {13122#true} {13122#true} #1756#return; {13122#true} is VALID [2022-02-20 17:59:14,621 INFO L290 TraceCheckUtils]: 12: Hoare triple {13122#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {13122#true} is VALID [2022-02-20 17:59:14,621 INFO L272 TraceCheckUtils]: 13: Hoare triple {13122#true} call select_features_#t~ret29#1 := select_one(); {13122#true} is VALID [2022-02-20 17:59:14,621 INFO L290 TraceCheckUtils]: 14: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,621 INFO L290 TraceCheckUtils]: 15: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,621 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13122#true} {13122#true} #1758#return; {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 17: Hoare triple {13122#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L272 TraceCheckUtils]: 18: Hoare triple {13122#true} call select_features_#t~ret30#1 := select_one(); {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 19: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 20: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {13122#true} {13122#true} #1760#return; {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 22: Hoare triple {13122#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L272 TraceCheckUtils]: 23: Hoare triple {13122#true} call select_features_#t~ret31#1 := select_one(); {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 24: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 25: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,623 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {13122#true} {13122#true} #1762#return; {13122#true} is VALID [2022-02-20 17:59:14,623 INFO L290 TraceCheckUtils]: 27: Hoare triple {13122#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {13122#true} is VALID [2022-02-20 17:59:14,623 INFO L272 TraceCheckUtils]: 28: Hoare triple {13122#true} call select_features_#t~ret32#1 := select_one(); {13122#true} is VALID [2022-02-20 17:59:14,623 INFO L290 TraceCheckUtils]: 29: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,623 INFO L290 TraceCheckUtils]: 30: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,623 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {13122#true} {13122#true} #1764#return; {13122#true} is VALID [2022-02-20 17:59:14,623 INFO L290 TraceCheckUtils]: 32: Hoare triple {13122#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {13122#true} is VALID [2022-02-20 17:59:14,623 INFO L272 TraceCheckUtils]: 33: Hoare triple {13122#true} call select_features_#t~ret33#1 := select_one(); {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 34: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 35: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13122#true} {13122#true} #1766#return; {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 37: Hoare triple {13122#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L272 TraceCheckUtils]: 38: Hoare triple {13122#true} call select_features_#t~ret34#1 := select_one(); {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 39: Hoare triple {13122#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 40: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {13122#true} {13122#true} #1768#return; {13122#true} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 42: Hoare triple {13122#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {13122#true} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 43: Hoare triple {13122#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {13122#true} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 44: Hoare triple {13122#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {13122#true} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 45: Hoare triple {13122#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {13122#true} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 46: Hoare triple {13122#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {13122#true} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 47: Hoare triple {13122#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {13122#true} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 48: Hoare triple {13122#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {13148#(not (= ~__SELECTED_FEATURE_Verify~0 0))} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 49: Hoare triple {13148#(not (= ~__SELECTED_FEATURE_Verify~0 0))} assume 0 == ~__SELECTED_FEATURE_Verify~0; {13123#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 50: Hoare triple {13123#false} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {13123#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 51: Hoare triple {13123#false} assume 0 != ~__SELECTED_FEATURE_Keys~0; {13123#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 52: Hoare triple {13123#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {13123#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 53: Hoare triple {13123#false} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {13123#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 54: Hoare triple {13123#false} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {13123#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 55: Hoare triple {13123#false} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {13123#false} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 56: Hoare triple {13123#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13123#false} is VALID [2022-02-20 17:59:14,627 INFO L272 TraceCheckUtils]: 57: Hoare triple {13123#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 58: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {13122#true} is VALID [2022-02-20 17:59:14,627 INFO L272 TraceCheckUtils]: 59: Hoare triple {13122#true} call setClientId(~bob___0, ~bob___0); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 60: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 61: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 62: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,628 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {13122#true} {13122#true} #1752#return; {13122#true} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 64: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,628 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {13122#true} {13123#false} #1774#return; {13123#false} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 66: Hoare triple {13123#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {13123#false} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 67: Hoare triple {13123#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13123#false} is VALID [2022-02-20 17:59:14,628 INFO L272 TraceCheckUtils]: 68: Hoare triple {13123#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 69: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {13122#true} is VALID [2022-02-20 17:59:14,629 INFO L272 TraceCheckUtils]: 70: Hoare triple {13122#true} call setClientId(~rjh___0, ~rjh___0); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 71: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 72: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 73: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,630 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {13122#true} {13122#true} #1704#return; {13122#true} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 75: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,630 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {13122#true} {13123#false} #1780#return; {13123#false} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 77: Hoare triple {13123#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {13123#false} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 78: Hoare triple {13123#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13123#false} is VALID [2022-02-20 17:59:14,630 INFO L272 TraceCheckUtils]: 79: Hoare triple {13123#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 80: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {13122#true} is VALID [2022-02-20 17:59:14,631 INFO L272 TraceCheckUtils]: 81: Hoare triple {13122#true} call setClientId(~chuck___0, ~chuck___0); {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 82: Hoare triple {13219#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 83: Hoare triple {13122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 84: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,631 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {13122#true} {13122#true} #1648#return; {13122#true} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 86: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,632 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {13122#true} {13123#false} #1786#return; {13123#false} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 88: Hoare triple {13123#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {13123#false} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 89: Hoare triple {13123#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13123#false} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 90: Hoare triple {13123#false} assume !false; {13123#false} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 91: Hoare triple {13123#false} assume !(test_~splverifierCounter~0#1 < 4); {13123#false} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 92: Hoare triple {13123#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {13123#false} is VALID [2022-02-20 17:59:14,632 INFO L272 TraceCheckUtils]: 93: Hoare triple {13123#false} call sendEmail(~bob~0, ~rjh~0); {13123#false} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 94: Hoare triple {13123#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13123#false} is VALID [2022-02-20 17:59:14,632 INFO L272 TraceCheckUtils]: 95: Hoare triple {13123#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13232#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 96: Hoare triple {13232#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 97: Hoare triple {13122#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 98: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,633 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {13122#true} {13123#false} #1670#return; {13123#false} is VALID [2022-02-20 17:59:14,633 INFO L272 TraceCheckUtils]: 100: Hoare triple {13123#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13233#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 101: Hoare triple {13233#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 102: Hoare triple {13122#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 103: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,634 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {13122#true} {13123#false} #1672#return; {13123#false} is VALID [2022-02-20 17:59:14,634 INFO L290 TraceCheckUtils]: 105: Hoare triple {13123#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {13123#false} is VALID [2022-02-20 17:59:14,634 INFO L290 TraceCheckUtils]: 106: Hoare triple {13123#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {13123#false} is VALID [2022-02-20 17:59:14,634 INFO L272 TraceCheckUtils]: 107: Hoare triple {13123#false} call outgoing(~sender#1, ~email~0#1); {13123#false} is VALID [2022-02-20 17:59:14,634 INFO L290 TraceCheckUtils]: 108: Hoare triple {13123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13123#false} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 109: Hoare triple {13123#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {13123#false} is VALID [2022-02-20 17:59:14,635 INFO L272 TraceCheckUtils]: 110: Hoare triple {13123#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {13122#true} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 111: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13122#true} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 112: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {13122#true} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 113: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,635 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {13122#true} {13123#false} #1602#return; {13123#false} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 115: Hoare triple {13123#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {13123#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 116: Hoare triple {13123#false} assume 0 == sign_~privkey~1#1; {13123#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 117: Hoare triple {13123#false} assume { :end_inline_sign } true; {13123#false} is VALID [2022-02-20 17:59:14,636 INFO L272 TraceCheckUtils]: 118: Hoare triple {13123#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {13123#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 119: Hoare triple {13123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13123#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 120: Hoare triple {13123#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {13123#false} is VALID [2022-02-20 17:59:14,636 INFO L272 TraceCheckUtils]: 121: Hoare triple {13123#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {13123#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 122: Hoare triple {13123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13123#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 123: Hoare triple {13123#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret62#1, outgoing__role__Encrypt_#t~ret63#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~11#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~3#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~11#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~3#1; {13123#false} is VALID [2022-02-20 17:59:14,637 INFO L272 TraceCheckUtils]: 124: Hoare triple {13123#false} call outgoing__role__Encrypt_#t~ret62#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {13122#true} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 125: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13122#true} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 126: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {13122#true} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 127: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,637 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {13122#true} {13123#false} #1636#return; {13123#false} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 129: Hoare triple {13123#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret62#1 && outgoing__role__Encrypt_#t~ret62#1 <= 2147483647;outgoing__role__Encrypt_~tmp~11#1 := outgoing__role__Encrypt_#t~ret62#1;havoc outgoing__role__Encrypt_#t~ret62#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~11#1; {13123#false} is VALID [2022-02-20 17:59:14,637 INFO L272 TraceCheckUtils]: 130: Hoare triple {13123#false} call outgoing__role__Encrypt_#t~ret63#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {13122#true} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 131: Hoare triple {13122#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {13122#true} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 132: Hoare triple {13122#true} assume 1 == ~handle; {13122#true} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 133: Hoare triple {13122#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {13122#true} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 134: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,638 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {13122#true} {13123#false} #1638#return; {13123#false} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 136: Hoare triple {13123#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret63#1 && outgoing__role__Encrypt_#t~ret63#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~3#1 := outgoing__role__Encrypt_#t~ret63#1;havoc outgoing__role__Encrypt_#t~ret63#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~3#1; {13123#false} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 137: Hoare triple {13123#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {13123#false} is VALID [2022-02-20 17:59:14,638 INFO L272 TraceCheckUtils]: 138: Hoare triple {13123#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {13123#false} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 139: Hoare triple {13123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {13123#false} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 140: Hoare triple {13123#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {13123#false} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 141: Hoare triple {13123#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {13123#false} is VALID [2022-02-20 17:59:14,639 INFO L272 TraceCheckUtils]: 142: Hoare triple {13123#false} call setEmailFrom(~msg#1, ~tmp~10#1); {13232#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 143: Hoare triple {13232#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13122#true} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 144: Hoare triple {13122#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13122#true} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 145: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,639 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {13122#true} {13123#false} #1682#return; {13123#false} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 147: Hoare triple {13123#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {13123#false} is VALID [2022-02-20 17:59:14,639 INFO L272 TraceCheckUtils]: 148: Hoare triple {13123#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {13122#true} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 149: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~24; {13122#true} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 150: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {13122#true} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 151: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,640 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {13122#true} {13123#false} #1684#return; {13123#false} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 153: Hoare triple {13123#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {13123#false} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 154: Hoare triple {13123#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {13123#false} is VALID [2022-02-20 17:59:14,640 INFO L272 TraceCheckUtils]: 155: Hoare triple {13123#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {13122#true} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 156: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13122#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 157: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {13122#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 158: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,641 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {13122#true} {13123#false} #1686#return; {13123#false} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 160: Hoare triple {13123#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {13123#false} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 161: Hoare triple {13123#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret73#1, incoming__role__Decrypt_#t~ret74#1, incoming__role__Decrypt_#t~ret75#1, incoming__role__Decrypt_#t~ret76#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~15#1, incoming__role__Decrypt_~tmp___0~5#1, incoming__role__Decrypt_~tmp___1~2#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~15#1;havoc incoming__role__Decrypt_~tmp___0~5#1;havoc incoming__role__Decrypt_~tmp___1~2#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {13123#false} is VALID [2022-02-20 17:59:14,641 INFO L272 TraceCheckUtils]: 162: Hoare triple {13123#false} call incoming__role__Decrypt_#t~ret73#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {13122#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 163: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13122#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 164: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {13122#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 165: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,642 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {13122#true} {13123#false} #1688#return; {13123#false} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 167: Hoare triple {13123#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret73#1 && incoming__role__Decrypt_#t~ret73#1 <= 2147483647;incoming__role__Decrypt_~tmp~15#1 := incoming__role__Decrypt_#t~ret73#1;havoc incoming__role__Decrypt_#t~ret73#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~15#1; {13123#false} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 168: Hoare triple {13123#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {13123#false} is VALID [2022-02-20 17:59:14,642 INFO L272 TraceCheckUtils]: 169: Hoare triple {13123#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {13123#false} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 170: Hoare triple {13123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13123#false} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 171: Hoare triple {13123#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {13123#false} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 172: Hoare triple {13123#false} assume 1 == ~sent_signed~0; {13123#false} is VALID [2022-02-20 17:59:14,642 INFO L272 TraceCheckUtils]: 173: Hoare triple {13123#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {13122#true} is VALID [2022-02-20 17:59:14,643 INFO L290 TraceCheckUtils]: 174: Hoare triple {13122#true} ~handle := #in~handle;havoc ~retValue_acc~18; {13122#true} is VALID [2022-02-20 17:59:14,643 INFO L290 TraceCheckUtils]: 175: Hoare triple {13122#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {13122#true} is VALID [2022-02-20 17:59:14,643 INFO L290 TraceCheckUtils]: 176: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,643 INFO L284 TraceCheckUtils]: 177: Hoare quadruple {13122#true} {13123#false} #1608#return; {13123#false} is VALID [2022-02-20 17:59:14,643 INFO L290 TraceCheckUtils]: 178: Hoare triple {13123#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {13123#false} is VALID [2022-02-20 17:59:14,643 INFO L272 TraceCheckUtils]: 179: Hoare triple {13123#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {13122#true} is VALID [2022-02-20 17:59:14,643 INFO L290 TraceCheckUtils]: 180: Hoare triple {13122#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {13122#true} is VALID [2022-02-20 17:59:14,643 INFO L290 TraceCheckUtils]: 181: Hoare triple {13122#true} assume 1 == ~handle; {13122#true} is VALID [2022-02-20 17:59:14,644 INFO L290 TraceCheckUtils]: 182: Hoare triple {13122#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {13122#true} is VALID [2022-02-20 17:59:14,644 INFO L290 TraceCheckUtils]: 183: Hoare triple {13122#true} assume true; {13122#true} is VALID [2022-02-20 17:59:14,644 INFO L284 TraceCheckUtils]: 184: Hoare quadruple {13122#true} {13123#false} #1610#return; {13123#false} is VALID [2022-02-20 17:59:14,644 INFO L290 TraceCheckUtils]: 185: Hoare triple {13123#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {13123#false} is VALID [2022-02-20 17:59:14,644 INFO L290 TraceCheckUtils]: 186: Hoare triple {13123#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {13123#false} is VALID [2022-02-20 17:59:14,644 INFO L272 TraceCheckUtils]: 187: Hoare triple {13123#false} call __automaton_fail(); {13123#false} is VALID [2022-02-20 17:59:14,644 INFO L290 TraceCheckUtils]: 188: Hoare triple {13123#false} assume !false; {13123#false} is VALID [2022-02-20 17:59:14,645 INFO L134 CoverageAnalysis]: Checked inductivity of 113 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 113 trivial. 0 not checked. [2022-02-20 17:59:14,645 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:14,645 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1460010168] [2022-02-20 17:59:14,645 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1460010168] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:14,645 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:14,645 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:59:14,645 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [906962819] [2022-02-20 17:59:14,646 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:14,646 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 16.5) internal successors, (99), 3 states have internal predecessors, (99), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 189 [2022-02-20 17:59:14,646 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:14,647 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 16.5) internal successors, (99), 3 states have internal predecessors, (99), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:14,741 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 156 edges. 156 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:14,741 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:59:14,741 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:14,742 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:59:14,742 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:59:14,743 INFO L87 Difference]: Start difference. First operand 607 states and 888 transitions. Second operand has 6 states, 6 states have (on average 16.5) internal successors, (99), 3 states have internal predecessors, (99), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:18,591 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:18,592 INFO L93 Difference]: Finished difference Result 1310 states and 1972 transitions. [2022-02-20 17:59:18,592 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:59:18,592 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 16.5) internal successors, (99), 3 states have internal predecessors, (99), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 189 [2022-02-20 17:59:18,592 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:18,593 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 16.5) internal successors, (99), 3 states have internal predecessors, (99), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:18,614 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1970 transitions. [2022-02-20 17:59:18,615 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 16.5) internal successors, (99), 3 states have internal predecessors, (99), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:18,637 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1970 transitions. [2022-02-20 17:59:18,637 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1970 transitions. [2022-02-20 17:59:19,843 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1970 edges. 1970 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:19,870 INFO L225 Difference]: With dead ends: 1310 [2022-02-20 17:59:19,870 INFO L226 Difference]: Without dead ends: 739 [2022-02-20 17:59:19,871 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 53 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:19,872 INFO L933 BasicCegarLoop]: 895 mSDtfsCounter, 2042 mSDsluCounter, 688 mSDsCounter, 0 mSdLazyCounter, 514 mSolverCounterSat, 830 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2069 SdHoareTripleChecker+Valid, 1583 SdHoareTripleChecker+Invalid, 1344 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 830 IncrementalHoareTripleChecker+Valid, 514 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.5s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:19,872 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2069 Valid, 1583 Invalid, 1344 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [830 Valid, 514 Invalid, 0 Unknown, 0 Unchecked, 1.5s Time] [2022-02-20 17:59:19,873 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 739 states. [2022-02-20 17:59:19,888 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 739 to 605. [2022-02-20 17:59:19,889 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:19,890 INFO L82 GeneralOperation]: Start isEquivalent. First operand 739 states. Second operand has 605 states, 449 states have (on average 1.4743875278396437) internal successors, (662), 465 states have internal predecessors, (662), 111 states have call successors, (111), 45 states have call predecessors, (111), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:59:19,891 INFO L74 IsIncluded]: Start isIncluded. First operand 739 states. Second operand has 605 states, 449 states have (on average 1.4743875278396437) internal successors, (662), 465 states have internal predecessors, (662), 111 states have call successors, (111), 45 states have call predecessors, (111), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:59:19,892 INFO L87 Difference]: Start difference. First operand 739 states. Second operand has 605 states, 449 states have (on average 1.4743875278396437) internal successors, (662), 465 states have internal predecessors, (662), 111 states have call successors, (111), 45 states have call predecessors, (111), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:59:19,913 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:19,913 INFO L93 Difference]: Finished difference Result 739 states and 1105 transitions. [2022-02-20 17:59:19,913 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1105 transitions. [2022-02-20 17:59:19,916 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:19,916 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:19,917 INFO L74 IsIncluded]: Start isIncluded. First operand has 605 states, 449 states have (on average 1.4743875278396437) internal successors, (662), 465 states have internal predecessors, (662), 111 states have call successors, (111), 45 states have call predecessors, (111), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 739 states. [2022-02-20 17:59:19,918 INFO L87 Difference]: Start difference. First operand has 605 states, 449 states have (on average 1.4743875278396437) internal successors, (662), 465 states have internal predecessors, (662), 111 states have call successors, (111), 45 states have call predecessors, (111), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 739 states. [2022-02-20 17:59:19,939 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:19,940 INFO L93 Difference]: Finished difference Result 739 states and 1105 transitions. [2022-02-20 17:59:19,940 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1105 transitions. [2022-02-20 17:59:19,942 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:19,942 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:19,942 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:19,942 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:19,943 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 605 states, 449 states have (on average 1.4743875278396437) internal successors, (662), 465 states have internal predecessors, (662), 111 states have call successors, (111), 45 states have call predecessors, (111), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 17:59:19,962 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 605 states to 605 states and 881 transitions. [2022-02-20 17:59:19,962 INFO L78 Accepts]: Start accepts. Automaton has 605 states and 881 transitions. Word has length 189 [2022-02-20 17:59:19,962 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:19,962 INFO L470 AbstractCegarLoop]: Abstraction has 605 states and 881 transitions. [2022-02-20 17:59:19,963 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 16.5) internal successors, (99), 3 states have internal predecessors, (99), 2 states have call successors, (32), 5 states have call predecessors, (32), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:19,963 INFO L276 IsEmpty]: Start isEmpty. Operand 605 states and 881 transitions. [2022-02-20 17:59:19,965 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 170 [2022-02-20 17:59:19,965 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:19,965 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:19,965 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 17:59:19,965 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:19,965 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:19,966 INFO L85 PathProgramCache]: Analyzing trace with hash -41686357, now seen corresponding path program 1 times [2022-02-20 17:59:19,966 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:19,966 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1072221987] [2022-02-20 17:59:19,966 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:19,966 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:20,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,021 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:20,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,025 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17389#true} {17389#true} #1754#return; {17389#true} is VALID [2022-02-20 17:59:20,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:20,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,028 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,028 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,028 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17389#true} {17389#true} #1756#return; {17389#true} is VALID [2022-02-20 17:59:20,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:20,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,031 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17389#true} {17389#true} #1758#return; {17389#true} is VALID [2022-02-20 17:59:20,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:20,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,034 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17389#true} {17389#true} #1760#return; {17389#true} is VALID [2022-02-20 17:59:20,034 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:20,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,037 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,037 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17389#true} {17389#true} #1762#return; {17389#true} is VALID [2022-02-20 17:59:20,037 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:20,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,040 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17389#true} {17389#true} #1764#return; {17389#true} is VALID [2022-02-20 17:59:20,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:20,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,044 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17389#true} {17389#true} #1766#return; {17389#true} is VALID [2022-02-20 17:59:20,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:20,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,048 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,048 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17389#true} {17389#true} #1768#return; {17389#true} is VALID [2022-02-20 17:59:20,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:20,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,055 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:20,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,057 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,057 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17389#true} #1752#return; {17389#true} is VALID [2022-02-20 17:59:20,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17389#true} is VALID [2022-02-20 17:59:20,058 INFO L272 TraceCheckUtils]: 1: Hoare triple {17389#true} call setClientId(~bob___0, ~bob___0); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,058 INFO L290 TraceCheckUtils]: 3: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,058 INFO L290 TraceCheckUtils]: 4: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,059 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17389#true} {17389#true} #1752#return; {17389#true} is VALID [2022-02-20 17:59:20,059 INFO L290 TraceCheckUtils]: 6: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,059 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17389#true} {17390#false} #1774#return; {17390#false} is VALID [2022-02-20 17:59:20,059 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:59:20,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:20,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,066 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,066 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,066 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17389#true} #1704#return; {17389#true} is VALID [2022-02-20 17:59:20,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17389#true} is VALID [2022-02-20 17:59:20,067 INFO L272 TraceCheckUtils]: 1: Hoare triple {17389#true} call setClientId(~rjh___0, ~rjh___0); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,067 INFO L290 TraceCheckUtils]: 2: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,067 INFO L290 TraceCheckUtils]: 3: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,067 INFO L290 TraceCheckUtils]: 4: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,067 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17389#true} {17389#true} #1704#return; {17389#true} is VALID [2022-02-20 17:59:20,067 INFO L290 TraceCheckUtils]: 6: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,067 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17389#true} {17390#false} #1780#return; {17390#false} is VALID [2022-02-20 17:59:20,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:59:20,070 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:20,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,076 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,076 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17389#true} #1648#return; {17389#true} is VALID [2022-02-20 17:59:20,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17389#true} is VALID [2022-02-20 17:59:20,077 INFO L272 TraceCheckUtils]: 1: Hoare triple {17389#true} call setClientId(~chuck___0, ~chuck___0); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,077 INFO L290 TraceCheckUtils]: 2: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,077 INFO L290 TraceCheckUtils]: 3: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,077 INFO L290 TraceCheckUtils]: 4: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,077 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17389#true} {17389#true} #1648#return; {17389#true} is VALID [2022-02-20 17:59:20,077 INFO L290 TraceCheckUtils]: 6: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,078 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17389#true} {17390#false} #1786#return; {17390#false} is VALID [2022-02-20 17:59:20,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:20,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,083 INFO L290 TraceCheckUtils]: 0: Hoare triple {17486#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,084 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,084 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,084 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17390#false} #1670#return; {17390#false} is VALID [2022-02-20 17:59:20,088 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:20,092 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,094 INFO L290 TraceCheckUtils]: 0: Hoare triple {17487#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,094 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,094 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,094 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17390#false} #1672#return; {17390#false} is VALID [2022-02-20 17:59:20,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:59:20,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,096 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17389#true} is VALID [2022-02-20 17:59:20,096 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {17389#true} is VALID [2022-02-20 17:59:20,096 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,096 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17390#false} #1602#return; {17390#false} is VALID [2022-02-20 17:59:20,097 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:59:20,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,098 INFO L290 TraceCheckUtils]: 0: Hoare triple {17486#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,098 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,099 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,099 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17390#false} #1682#return; {17390#false} is VALID [2022-02-20 17:59:20,099 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 17:59:20,099 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,100 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} ~handle := #in~handle;havoc ~retValue_acc~24; {17389#true} is VALID [2022-02-20 17:59:20,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {17389#true} is VALID [2022-02-20 17:59:20,101 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,101 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17390#false} #1684#return; {17390#false} is VALID [2022-02-20 17:59:20,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:59:20,101 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,103 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} ~handle := #in~handle;havoc ~retValue_acc~19; {17389#true} is VALID [2022-02-20 17:59:20,103 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {17389#true} is VALID [2022-02-20 17:59:20,103 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,103 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17390#false} #1686#return; {17390#false} is VALID [2022-02-20 17:59:20,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 17:59:20,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} ~handle := #in~handle;havoc ~retValue_acc~18; {17389#true} is VALID [2022-02-20 17:59:20,106 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {17389#true} is VALID [2022-02-20 17:59:20,106 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,106 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17389#true} {17390#false} #1608#return; {17390#false} is VALID [2022-02-20 17:59:20,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 159 [2022-02-20 17:59:20,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:20,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {17389#true} is VALID [2022-02-20 17:59:20,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume 1 == ~handle; {17389#true} is VALID [2022-02-20 17:59:20,109 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {17389#true} is VALID [2022-02-20 17:59:20,109 INFO L290 TraceCheckUtils]: 3: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,109 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17389#true} {17390#false} #1610#return; {17390#false} is VALID [2022-02-20 17:59:20,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {17389#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {17389#true} is VALID [2022-02-20 17:59:20,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {17389#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {17389#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L272 TraceCheckUtils]: 3: Hoare triple {17389#true} call select_features_#t~ret27#1 := select_one(); {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L290 TraceCheckUtils]: 4: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L290 TraceCheckUtils]: 5: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {17389#true} {17389#true} #1754#return; {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L290 TraceCheckUtils]: 7: Hoare triple {17389#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L272 TraceCheckUtils]: 8: Hoare triple {17389#true} call select_features_#t~ret28#1 := select_one(); {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L290 TraceCheckUtils]: 9: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,110 INFO L290 TraceCheckUtils]: 10: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,111 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {17389#true} {17389#true} #1756#return; {17389#true} is VALID [2022-02-20 17:59:20,111 INFO L290 TraceCheckUtils]: 12: Hoare triple {17389#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {17389#true} is VALID [2022-02-20 17:59:20,111 INFO L272 TraceCheckUtils]: 13: Hoare triple {17389#true} call select_features_#t~ret29#1 := select_one(); {17389#true} is VALID [2022-02-20 17:59:20,111 INFO L290 TraceCheckUtils]: 14: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,111 INFO L290 TraceCheckUtils]: 15: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,111 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17389#true} {17389#true} #1758#return; {17389#true} is VALID [2022-02-20 17:59:20,111 INFO L290 TraceCheckUtils]: 17: Hoare triple {17389#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {17389#true} is VALID [2022-02-20 17:59:20,111 INFO L272 TraceCheckUtils]: 18: Hoare triple {17389#true} call select_features_#t~ret30#1 := select_one(); {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L290 TraceCheckUtils]: 19: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L290 TraceCheckUtils]: 20: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {17389#true} {17389#true} #1760#return; {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L290 TraceCheckUtils]: 22: Hoare triple {17389#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L272 TraceCheckUtils]: 23: Hoare triple {17389#true} call select_features_#t~ret31#1 := select_one(); {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L290 TraceCheckUtils]: 24: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L290 TraceCheckUtils]: 25: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {17389#true} {17389#true} #1762#return; {17389#true} is VALID [2022-02-20 17:59:20,112 INFO L290 TraceCheckUtils]: 27: Hoare triple {17389#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L272 TraceCheckUtils]: 28: Hoare triple {17389#true} call select_features_#t~ret32#1 := select_one(); {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L290 TraceCheckUtils]: 29: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L290 TraceCheckUtils]: 30: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {17389#true} {17389#true} #1764#return; {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L290 TraceCheckUtils]: 32: Hoare triple {17389#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L272 TraceCheckUtils]: 33: Hoare triple {17389#true} call select_features_#t~ret33#1 := select_one(); {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L290 TraceCheckUtils]: 34: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L290 TraceCheckUtils]: 35: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,113 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17389#true} {17389#true} #1766#return; {17389#true} is VALID [2022-02-20 17:59:20,114 INFO L290 TraceCheckUtils]: 37: Hoare triple {17389#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {17389#true} is VALID [2022-02-20 17:59:20,114 INFO L272 TraceCheckUtils]: 38: Hoare triple {17389#true} call select_features_#t~ret34#1 := select_one(); {17389#true} is VALID [2022-02-20 17:59:20,114 INFO L290 TraceCheckUtils]: 39: Hoare triple {17389#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {17389#true} is VALID [2022-02-20 17:59:20,114 INFO L290 TraceCheckUtils]: 40: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,114 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {17389#true} {17389#true} #1768#return; {17389#true} is VALID [2022-02-20 17:59:20,114 INFO L290 TraceCheckUtils]: 42: Hoare triple {17389#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {17389#true} is VALID [2022-02-20 17:59:20,114 INFO L290 TraceCheckUtils]: 43: Hoare triple {17389#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {17389#true} is VALID [2022-02-20 17:59:20,114 INFO L290 TraceCheckUtils]: 44: Hoare triple {17389#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {17389#true} is VALID [2022-02-20 17:59:20,115 INFO L290 TraceCheckUtils]: 45: Hoare triple {17389#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {17389#true} is VALID [2022-02-20 17:59:20,115 INFO L290 TraceCheckUtils]: 46: Hoare triple {17389#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {17389#true} is VALID [2022-02-20 17:59:20,115 INFO L290 TraceCheckUtils]: 47: Hoare triple {17389#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {17389#true} is VALID [2022-02-20 17:59:20,115 INFO L290 TraceCheckUtils]: 48: Hoare triple {17389#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {17389#true} is VALID [2022-02-20 17:59:20,115 INFO L290 TraceCheckUtils]: 49: Hoare triple {17389#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {17389#true} is VALID [2022-02-20 17:59:20,115 INFO L290 TraceCheckUtils]: 50: Hoare triple {17389#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {17389#true} is VALID [2022-02-20 17:59:20,115 INFO L290 TraceCheckUtils]: 51: Hoare triple {17389#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {17389#true} is VALID [2022-02-20 17:59:20,116 INFO L290 TraceCheckUtils]: 52: Hoare triple {17389#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:59:20,116 INFO L290 TraceCheckUtils]: 53: Hoare triple {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:59:20,116 INFO L290 TraceCheckUtils]: 54: Hoare triple {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:59:20,116 INFO L290 TraceCheckUtils]: 55: Hoare triple {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:59:20,117 INFO L290 TraceCheckUtils]: 56: Hoare triple {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 17:59:20,117 INFO L290 TraceCheckUtils]: 57: Hoare triple {17415#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17390#false} is VALID [2022-02-20 17:59:20,117 INFO L272 TraceCheckUtils]: 58: Hoare triple {17390#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,117 INFO L290 TraceCheckUtils]: 59: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17389#true} is VALID [2022-02-20 17:59:20,118 INFO L272 TraceCheckUtils]: 60: Hoare triple {17389#true} call setClientId(~bob___0, ~bob___0); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,118 INFO L290 TraceCheckUtils]: 61: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,118 INFO L290 TraceCheckUtils]: 62: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,118 INFO L290 TraceCheckUtils]: 63: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,118 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {17389#true} {17389#true} #1752#return; {17389#true} is VALID [2022-02-20 17:59:20,118 INFO L290 TraceCheckUtils]: 65: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,118 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {17389#true} {17390#false} #1774#return; {17390#false} is VALID [2022-02-20 17:59:20,118 INFO L290 TraceCheckUtils]: 67: Hoare triple {17390#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {17390#false} is VALID [2022-02-20 17:59:20,119 INFO L290 TraceCheckUtils]: 68: Hoare triple {17390#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17390#false} is VALID [2022-02-20 17:59:20,119 INFO L272 TraceCheckUtils]: 69: Hoare triple {17390#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,119 INFO L290 TraceCheckUtils]: 70: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17389#true} is VALID [2022-02-20 17:59:20,119 INFO L272 TraceCheckUtils]: 71: Hoare triple {17389#true} call setClientId(~rjh___0, ~rjh___0); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,119 INFO L290 TraceCheckUtils]: 72: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,120 INFO L290 TraceCheckUtils]: 73: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,120 INFO L290 TraceCheckUtils]: 74: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,120 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {17389#true} {17389#true} #1704#return; {17389#true} is VALID [2022-02-20 17:59:20,120 INFO L290 TraceCheckUtils]: 76: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,120 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {17389#true} {17390#false} #1780#return; {17390#false} is VALID [2022-02-20 17:59:20,120 INFO L290 TraceCheckUtils]: 78: Hoare triple {17390#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {17390#false} is VALID [2022-02-20 17:59:20,120 INFO L290 TraceCheckUtils]: 79: Hoare triple {17390#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17390#false} is VALID [2022-02-20 17:59:20,120 INFO L272 TraceCheckUtils]: 80: Hoare triple {17390#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,121 INFO L290 TraceCheckUtils]: 81: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17389#true} is VALID [2022-02-20 17:59:20,121 INFO L272 TraceCheckUtils]: 82: Hoare triple {17389#true} call setClientId(~chuck___0, ~chuck___0); {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:20,121 INFO L290 TraceCheckUtils]: 83: Hoare triple {17473#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,121 INFO L290 TraceCheckUtils]: 84: Hoare triple {17389#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,121 INFO L290 TraceCheckUtils]: 85: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,121 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {17389#true} {17389#true} #1648#return; {17389#true} is VALID [2022-02-20 17:59:20,122 INFO L290 TraceCheckUtils]: 87: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,122 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {17389#true} {17390#false} #1786#return; {17390#false} is VALID [2022-02-20 17:59:20,122 INFO L290 TraceCheckUtils]: 89: Hoare triple {17390#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {17390#false} is VALID [2022-02-20 17:59:20,122 INFO L290 TraceCheckUtils]: 90: Hoare triple {17390#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17390#false} is VALID [2022-02-20 17:59:20,122 INFO L290 TraceCheckUtils]: 91: Hoare triple {17390#false} assume !false; {17390#false} is VALID [2022-02-20 17:59:20,122 INFO L290 TraceCheckUtils]: 92: Hoare triple {17390#false} assume !(test_~splverifierCounter~0#1 < 4); {17390#false} is VALID [2022-02-20 17:59:20,122 INFO L290 TraceCheckUtils]: 93: Hoare triple {17390#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {17390#false} is VALID [2022-02-20 17:59:20,122 INFO L272 TraceCheckUtils]: 94: Hoare triple {17390#false} call sendEmail(~bob~0, ~rjh~0); {17390#false} is VALID [2022-02-20 17:59:20,123 INFO L290 TraceCheckUtils]: 95: Hoare triple {17390#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17390#false} is VALID [2022-02-20 17:59:20,123 INFO L272 TraceCheckUtils]: 96: Hoare triple {17390#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17486#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:20,123 INFO L290 TraceCheckUtils]: 97: Hoare triple {17486#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,123 INFO L290 TraceCheckUtils]: 98: Hoare triple {17389#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,123 INFO L290 TraceCheckUtils]: 99: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,123 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {17389#true} {17390#false} #1670#return; {17390#false} is VALID [2022-02-20 17:59:20,123 INFO L272 TraceCheckUtils]: 101: Hoare triple {17390#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17487#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:20,123 INFO L290 TraceCheckUtils]: 102: Hoare triple {17487#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,124 INFO L290 TraceCheckUtils]: 103: Hoare triple {17389#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,124 INFO L290 TraceCheckUtils]: 104: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,145 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {17389#true} {17390#false} #1672#return; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 106: Hoare triple {17390#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 107: Hoare triple {17390#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L272 TraceCheckUtils]: 108: Hoare triple {17390#false} call outgoing(~sender#1, ~email~0#1); {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 109: Hoare triple {17390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 110: Hoare triple {17390#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L272 TraceCheckUtils]: 111: Hoare triple {17390#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {17389#true} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 112: Hoare triple {17389#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17389#true} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 113: Hoare triple {17389#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {17389#true} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 114: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,146 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {17389#true} {17390#false} #1602#return; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 116: Hoare triple {17390#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 117: Hoare triple {17390#false} assume 0 == sign_~privkey~1#1; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L290 TraceCheckUtils]: 118: Hoare triple {17390#false} assume { :end_inline_sign } true; {17390#false} is VALID [2022-02-20 17:59:20,146 INFO L272 TraceCheckUtils]: 119: Hoare triple {17390#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 120: Hoare triple {17390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 121: Hoare triple {17390#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L272 TraceCheckUtils]: 122: Hoare triple {17390#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 123: Hoare triple {17390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 124: Hoare triple {17390#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L272 TraceCheckUtils]: 125: Hoare triple {17390#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 126: Hoare triple {17390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 127: Hoare triple {17390#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 128: Hoare triple {17390#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L272 TraceCheckUtils]: 129: Hoare triple {17390#false} call setEmailFrom(~msg#1, ~tmp~10#1); {17486#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 130: Hoare triple {17486#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17389#true} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 131: Hoare triple {17389#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17389#true} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 132: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,147 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {17389#true} {17390#false} #1682#return; {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L290 TraceCheckUtils]: 134: Hoare triple {17390#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {17390#false} is VALID [2022-02-20 17:59:20,147 INFO L272 TraceCheckUtils]: 135: Hoare triple {17390#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {17389#true} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 136: Hoare triple {17389#true} ~handle := #in~handle;havoc ~retValue_acc~24; {17389#true} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 137: Hoare triple {17389#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {17389#true} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 138: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,148 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {17389#true} {17390#false} #1684#return; {17390#false} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 140: Hoare triple {17390#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {17390#false} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 141: Hoare triple {17390#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {17390#false} is VALID [2022-02-20 17:59:20,148 INFO L272 TraceCheckUtils]: 142: Hoare triple {17390#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {17389#true} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 143: Hoare triple {17389#true} ~handle := #in~handle;havoc ~retValue_acc~19; {17389#true} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 144: Hoare triple {17389#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {17389#true} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 145: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,148 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {17389#true} {17390#false} #1686#return; {17390#false} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 147: Hoare triple {17390#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {17390#false} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 148: Hoare triple {17390#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {17390#false} is VALID [2022-02-20 17:59:20,148 INFO L272 TraceCheckUtils]: 149: Hoare triple {17390#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {17390#false} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 150: Hoare triple {17390#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17390#false} is VALID [2022-02-20 17:59:20,148 INFO L290 TraceCheckUtils]: 151: Hoare triple {17390#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {17390#false} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 152: Hoare triple {17390#false} assume 1 == ~sent_signed~0; {17390#false} is VALID [2022-02-20 17:59:20,149 INFO L272 TraceCheckUtils]: 153: Hoare triple {17390#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 154: Hoare triple {17389#true} ~handle := #in~handle;havoc ~retValue_acc~18; {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 155: Hoare triple {17389#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 156: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {17389#true} {17390#false} #1608#return; {17390#false} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 158: Hoare triple {17390#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {17390#false} is VALID [2022-02-20 17:59:20,149 INFO L272 TraceCheckUtils]: 159: Hoare triple {17390#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 160: Hoare triple {17389#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 161: Hoare triple {17389#true} assume 1 == ~handle; {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 162: Hoare triple {17389#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 163: Hoare triple {17389#true} assume true; {17389#true} is VALID [2022-02-20 17:59:20,149 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {17389#true} {17390#false} #1610#return; {17390#false} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 165: Hoare triple {17390#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {17390#false} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 166: Hoare triple {17390#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {17390#false} is VALID [2022-02-20 17:59:20,149 INFO L272 TraceCheckUtils]: 167: Hoare triple {17390#false} call __automaton_fail(); {17390#false} is VALID [2022-02-20 17:59:20,149 INFO L290 TraceCheckUtils]: 168: Hoare triple {17390#false} assume !false; {17390#false} is VALID [2022-02-20 17:59:20,150 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 17:59:20,150 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:20,150 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1072221987] [2022-02-20 17:59:20,150 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1072221987] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:20,150 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:20,150 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:59:20,150 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [938429850] [2022-02-20 17:59:20,150 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:20,151 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 15.833333333333334) internal successors, (95), 3 states have internal predecessors, (95), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 169 [2022-02-20 17:59:20,151 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:20,151 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 15.833333333333334) internal successors, (95), 3 states have internal predecessors, (95), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 17:59:20,265 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 146 edges. 146 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:20,265 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:59:20,265 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:20,266 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:59:20,266 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:59:20,266 INFO L87 Difference]: Start difference. First operand 605 states and 881 transitions. Second operand has 6 states, 6 states have (on average 15.833333333333334) internal successors, (95), 3 states have internal predecessors, (95), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 17:59:23,921 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:23,921 INFO L93 Difference]: Finished difference Result 1301 states and 1925 transitions. [2022-02-20 17:59:23,922 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:59:23,922 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 15.833333333333334) internal successors, (95), 3 states have internal predecessors, (95), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 169 [2022-02-20 17:59:23,923 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:23,923 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 15.833333333333334) internal successors, (95), 3 states have internal predecessors, (95), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 17:59:23,970 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1923 transitions. [2022-02-20 17:59:23,971 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 15.833333333333334) internal successors, (95), 3 states have internal predecessors, (95), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 17:59:23,994 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1923 transitions. [2022-02-20 17:59:23,995 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1923 transitions. [2022-02-20 17:59:25,496 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1923 edges. 1923 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:25,522 INFO L225 Difference]: With dead ends: 1301 [2022-02-20 17:59:25,522 INFO L226 Difference]: Without dead ends: 742 [2022-02-20 17:59:25,523 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 47 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:25,524 INFO L933 BasicCegarLoop]: 871 mSDtfsCounter, 2026 mSDsluCounter, 643 mSDsCounter, 0 mSdLazyCounter, 534 mSolverCounterSat, 834 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2050 SdHoareTripleChecker+Valid, 1514 SdHoareTripleChecker+Invalid, 1368 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 834 IncrementalHoareTripleChecker+Valid, 534 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:25,525 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2050 Valid, 1514 Invalid, 1368 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [834 Valid, 534 Invalid, 0 Unknown, 0 Unchecked, 1.4s Time] [2022-02-20 17:59:25,526 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 742 states. [2022-02-20 17:59:25,542 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 742 to 602. [2022-02-20 17:59:25,542 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:25,543 INFO L82 GeneralOperation]: Start isEquivalent. First operand 742 states. Second operand has 602 states, 449 states have (on average 1.4498886414253898) internal successors, (651), 460 states have internal predecessors, (651), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:59:25,556 INFO L74 IsIncluded]: Start isIncluded. First operand 742 states. Second operand has 602 states, 449 states have (on average 1.4498886414253898) internal successors, (651), 460 states have internal predecessors, (651), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:59:25,558 INFO L87 Difference]: Start difference. First operand 742 states. Second operand has 602 states, 449 states have (on average 1.4498886414253898) internal successors, (651), 460 states have internal predecessors, (651), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:59:25,579 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:25,579 INFO L93 Difference]: Finished difference Result 742 states and 1091 transitions. [2022-02-20 17:59:25,579 INFO L276 IsEmpty]: Start isEmpty. Operand 742 states and 1091 transitions. [2022-02-20 17:59:25,581 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:25,581 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:25,583 INFO L74 IsIncluded]: Start isIncluded. First operand has 602 states, 449 states have (on average 1.4498886414253898) internal successors, (651), 460 states have internal predecessors, (651), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 742 states. [2022-02-20 17:59:25,584 INFO L87 Difference]: Start difference. First operand has 602 states, 449 states have (on average 1.4498886414253898) internal successors, (651), 460 states have internal predecessors, (651), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 742 states. [2022-02-20 17:59:25,605 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:25,606 INFO L93 Difference]: Finished difference Result 742 states and 1091 transitions. [2022-02-20 17:59:25,606 INFO L276 IsEmpty]: Start isEmpty. Operand 742 states and 1091 transitions. [2022-02-20 17:59:25,608 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:25,608 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:25,608 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:25,608 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:25,609 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 602 states, 449 states have (on average 1.4498886414253898) internal successors, (651), 460 states have internal predecessors, (651), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:59:25,627 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 602 states to 602 states and 864 transitions. [2022-02-20 17:59:25,627 INFO L78 Accepts]: Start accepts. Automaton has 602 states and 864 transitions. Word has length 169 [2022-02-20 17:59:25,628 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:25,628 INFO L470 AbstractCegarLoop]: Abstraction has 602 states and 864 transitions. [2022-02-20 17:59:25,628 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 15.833333333333334) internal successors, (95), 3 states have internal predecessors, (95), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 17:59:25,628 INFO L276 IsEmpty]: Start isEmpty. Operand 602 states and 864 transitions. [2022-02-20 17:59:25,631 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 188 [2022-02-20 17:59:25,631 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:25,631 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:25,631 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 17:59:25,631 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:25,632 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:25,632 INFO L85 PathProgramCache]: Analyzing trace with hash 985670391, now seen corresponding path program 1 times [2022-02-20 17:59:25,632 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:25,632 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [302516436] [2022-02-20 17:59:25,632 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:25,632 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:25,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,720 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:25,721 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,723 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,723 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,723 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21626#true} {21626#true} #1754#return; {21626#true} is VALID [2022-02-20 17:59:25,723 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:25,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,726 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,726 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,726 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21626#true} {21626#true} #1756#return; {21626#true} is VALID [2022-02-20 17:59:25,726 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:25,729 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,731 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21626#true} {21626#true} #1758#return; {21626#true} is VALID [2022-02-20 17:59:25,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:25,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,734 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,734 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21626#true} {21626#true} #1760#return; {21626#true} is VALID [2022-02-20 17:59:25,734 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:25,735 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,740 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21626#true} {21626#true} #1762#return; {21626#true} is VALID [2022-02-20 17:59:25,741 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:25,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,744 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,744 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21626#true} {21626#true} #1764#return; {21626#true} is VALID [2022-02-20 17:59:25,744 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:25,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,747 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,747 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,747 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21626#true} {21626#true} #1766#return; {21626#true} is VALID [2022-02-20 17:59:25,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:25,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,750 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,751 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,751 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21626#true} {21626#true} #1768#return; {21626#true} is VALID [2022-02-20 17:59:25,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:25,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,759 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:25,760 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,761 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,762 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,762 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21626#true} #1752#return; {21626#true} is VALID [2022-02-20 17:59:25,762 INFO L290 TraceCheckUtils]: 0: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21626#true} is VALID [2022-02-20 17:59:25,762 INFO L272 TraceCheckUtils]: 1: Hoare triple {21626#true} call setClientId(~bob___0, ~bob___0); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,763 INFO L290 TraceCheckUtils]: 2: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,763 INFO L290 TraceCheckUtils]: 3: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,763 INFO L290 TraceCheckUtils]: 4: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,763 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21626#true} {21626#true} #1752#return; {21626#true} is VALID [2022-02-20 17:59:25,763 INFO L290 TraceCheckUtils]: 6: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,763 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21626#true} {21626#true} #1770#return; {21626#true} is VALID [2022-02-20 17:59:25,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:25,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,771 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,771 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21626#true} #1772#return; {21626#true} is VALID [2022-02-20 17:59:25,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:25,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,790 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:25,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,803 INFO L290 TraceCheckUtils]: 1: Hoare triple {21735#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21736#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:25,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {21736#(= |setClientId_#in~handle| 1)} assume true; {21736#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:25,804 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21736#(= |setClientId_#in~handle| 1)} {21729#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:25,804 INFO L290 TraceCheckUtils]: 0: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21729#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:25,805 INFO L272 TraceCheckUtils]: 1: Hoare triple {21729#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,805 INFO L290 TraceCheckUtils]: 2: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,805 INFO L290 TraceCheckUtils]: 3: Hoare triple {21735#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21736#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:25,806 INFO L290 TraceCheckUtils]: 4: Hoare triple {21736#(= |setClientId_#in~handle| 1)} assume true; {21736#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:25,806 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21736#(= |setClientId_#in~handle| 1)} {21729#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:25,806 INFO L290 TraceCheckUtils]: 6: Hoare triple {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:25,807 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21665#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {21627#false} is VALID [2022-02-20 17:59:25,807 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:25,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,810 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,810 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1778#return; {21627#false} is VALID [2022-02-20 17:59:25,810 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:59:25,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,813 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:25,813 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,814 INFO L290 TraceCheckUtils]: 0: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,815 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,815 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,815 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21626#true} #1648#return; {21626#true} is VALID [2022-02-20 17:59:25,815 INFO L290 TraceCheckUtils]: 0: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21626#true} is VALID [2022-02-20 17:59:25,815 INFO L272 TraceCheckUtils]: 1: Hoare triple {21626#true} call setClientId(~chuck___0, ~chuck___0); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,816 INFO L290 TraceCheckUtils]: 2: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,816 INFO L290 TraceCheckUtils]: 3: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,816 INFO L290 TraceCheckUtils]: 4: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,816 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21626#true} {21626#true} #1648#return; {21626#true} is VALID [2022-02-20 17:59:25,816 INFO L290 TraceCheckUtils]: 6: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,816 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21626#true} {21627#false} #1782#return; {21627#false} is VALID [2022-02-20 17:59:25,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:25,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,822 INFO L290 TraceCheckUtils]: 0: Hoare triple {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,822 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,822 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,822 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1784#return; {21627#false} is VALID [2022-02-20 17:59:25,829 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:59:25,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {21741#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,832 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,832 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,832 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1670#return; {21627#false} is VALID [2022-02-20 17:59:25,839 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:59:25,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {21742#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,841 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,841 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,841 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1672#return; {21627#false} is VALID [2022-02-20 17:59:25,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:59:25,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21626#true} is VALID [2022-02-20 17:59:25,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {21626#true} is VALID [2022-02-20 17:59:25,843 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,843 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1602#return; {21627#false} is VALID [2022-02-20 17:59:25,843 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-02-20 17:59:25,844 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,845 INFO L290 TraceCheckUtils]: 0: Hoare triple {21741#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,845 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,845 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,845 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1682#return; {21627#false} is VALID [2022-02-20 17:59:25,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 17:59:25,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} ~handle := #in~handle;havoc ~retValue_acc~24; {21626#true} is VALID [2022-02-20 17:59:25,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {21626#true} is VALID [2022-02-20 17:59:25,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,847 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1684#return; {21627#false} is VALID [2022-02-20 17:59:25,847 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-02-20 17:59:25,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,849 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} ~handle := #in~handle;havoc ~retValue_acc~19; {21626#true} is VALID [2022-02-20 17:59:25,849 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {21626#true} is VALID [2022-02-20 17:59:25,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,849 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1686#return; {21627#false} is VALID [2022-02-20 17:59:25,850 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 171 [2022-02-20 17:59:25,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} ~handle := #in~handle;havoc ~retValue_acc~18; {21626#true} is VALID [2022-02-20 17:59:25,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {21626#true} is VALID [2022-02-20 17:59:25,851 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,852 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21626#true} {21627#false} #1608#return; {21627#false} is VALID [2022-02-20 17:59:25,852 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 177 [2022-02-20 17:59:25,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,853 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {21626#true} is VALID [2022-02-20 17:59:25,853 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume 1 == ~handle; {21626#true} is VALID [2022-02-20 17:59:25,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {21626#true} is VALID [2022-02-20 17:59:25,854 INFO L290 TraceCheckUtils]: 3: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,854 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21626#true} {21627#false} #1610#return; {21627#false} is VALID [2022-02-20 17:59:25,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {21626#true} is VALID [2022-02-20 17:59:25,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21626#true} is VALID [2022-02-20 17:59:25,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {21626#true} is VALID [2022-02-20 17:59:25,854 INFO L272 TraceCheckUtils]: 3: Hoare triple {21626#true} call select_features_#t~ret27#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:25,854 INFO L290 TraceCheckUtils]: 4: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,855 INFO L290 TraceCheckUtils]: 5: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,855 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21626#true} {21626#true} #1754#return; {21626#true} is VALID [2022-02-20 17:59:25,855 INFO L290 TraceCheckUtils]: 7: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {21626#true} is VALID [2022-02-20 17:59:25,855 INFO L272 TraceCheckUtils]: 8: Hoare triple {21626#true} call select_features_#t~ret28#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:25,855 INFO L290 TraceCheckUtils]: 9: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,855 INFO L290 TraceCheckUtils]: 10: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,855 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21626#true} {21626#true} #1756#return; {21626#true} is VALID [2022-02-20 17:59:25,855 INFO L290 TraceCheckUtils]: 12: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {21626#true} is VALID [2022-02-20 17:59:25,856 INFO L272 TraceCheckUtils]: 13: Hoare triple {21626#true} call select_features_#t~ret29#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:25,856 INFO L290 TraceCheckUtils]: 14: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,856 INFO L290 TraceCheckUtils]: 15: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,856 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21626#true} {21626#true} #1758#return; {21626#true} is VALID [2022-02-20 17:59:25,856 INFO L290 TraceCheckUtils]: 17: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {21626#true} is VALID [2022-02-20 17:59:25,856 INFO L272 TraceCheckUtils]: 18: Hoare triple {21626#true} call select_features_#t~ret30#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:25,856 INFO L290 TraceCheckUtils]: 19: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,856 INFO L290 TraceCheckUtils]: 20: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21626#true} {21626#true} #1760#return; {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L290 TraceCheckUtils]: 22: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L272 TraceCheckUtils]: 23: Hoare triple {21626#true} call select_features_#t~ret31#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L290 TraceCheckUtils]: 24: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L290 TraceCheckUtils]: 25: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21626#true} {21626#true} #1762#return; {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L290 TraceCheckUtils]: 27: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L272 TraceCheckUtils]: 28: Hoare triple {21626#true} call select_features_#t~ret32#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:25,857 INFO L290 TraceCheckUtils]: 29: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,858 INFO L290 TraceCheckUtils]: 30: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,858 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21626#true} {21626#true} #1764#return; {21626#true} is VALID [2022-02-20 17:59:25,858 INFO L290 TraceCheckUtils]: 32: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {21626#true} is VALID [2022-02-20 17:59:25,858 INFO L272 TraceCheckUtils]: 33: Hoare triple {21626#true} call select_features_#t~ret33#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:25,858 INFO L290 TraceCheckUtils]: 34: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,858 INFO L290 TraceCheckUtils]: 35: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,858 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21626#true} {21626#true} #1766#return; {21626#true} is VALID [2022-02-20 17:59:25,858 INFO L290 TraceCheckUtils]: 37: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L272 TraceCheckUtils]: 38: Hoare triple {21626#true} call select_features_#t~ret34#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L290 TraceCheckUtils]: 39: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L290 TraceCheckUtils]: 40: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21626#true} {21626#true} #1768#return; {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L290 TraceCheckUtils]: 42: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L290 TraceCheckUtils]: 43: Hoare triple {21626#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L290 TraceCheckUtils]: 44: Hoare triple {21626#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L290 TraceCheckUtils]: 45: Hoare triple {21626#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {21626#true} is VALID [2022-02-20 17:59:25,859 INFO L290 TraceCheckUtils]: 46: Hoare triple {21626#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 47: Hoare triple {21626#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 48: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 49: Hoare triple {21626#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 50: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 51: Hoare triple {21626#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 52: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 53: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 54: Hoare triple {21626#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {21626#true} is VALID [2022-02-20 17:59:25,860 INFO L290 TraceCheckUtils]: 55: Hoare triple {21626#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {21626#true} is VALID [2022-02-20 17:59:25,861 INFO L290 TraceCheckUtils]: 56: Hoare triple {21626#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21626#true} is VALID [2022-02-20 17:59:25,861 INFO L290 TraceCheckUtils]: 57: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21626#true} is VALID [2022-02-20 17:59:25,861 INFO L272 TraceCheckUtils]: 58: Hoare triple {21626#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,861 INFO L290 TraceCheckUtils]: 59: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21626#true} is VALID [2022-02-20 17:59:25,862 INFO L272 TraceCheckUtils]: 60: Hoare triple {21626#true} call setClientId(~bob___0, ~bob___0); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,862 INFO L290 TraceCheckUtils]: 61: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,862 INFO L290 TraceCheckUtils]: 62: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,862 INFO L290 TraceCheckUtils]: 63: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,862 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21626#true} {21626#true} #1752#return; {21626#true} is VALID [2022-02-20 17:59:25,862 INFO L290 TraceCheckUtils]: 65: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,863 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21626#true} {21626#true} #1770#return; {21626#true} is VALID [2022-02-20 17:59:25,863 INFO L272 TraceCheckUtils]: 67: Hoare triple {21626#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:25,863 INFO L290 TraceCheckUtils]: 68: Hoare triple {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,863 INFO L290 TraceCheckUtils]: 69: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,863 INFO L290 TraceCheckUtils]: 70: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,864 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21626#true} {21626#true} #1772#return; {21626#true} is VALID [2022-02-20 17:59:25,864 INFO L290 TraceCheckUtils]: 72: Hoare triple {21626#true} assume { :end_inline_setup_bob__role__Keys } true; {21626#true} is VALID [2022-02-20 17:59:25,864 INFO L290 TraceCheckUtils]: 73: Hoare triple {21626#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21664#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:25,864 INFO L290 TraceCheckUtils]: 74: Hoare triple {21664#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21665#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:25,865 INFO L272 TraceCheckUtils]: 75: Hoare triple {21665#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,865 INFO L290 TraceCheckUtils]: 76: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21729#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:25,866 INFO L272 TraceCheckUtils]: 77: Hoare triple {21729#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,866 INFO L290 TraceCheckUtils]: 78: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,866 INFO L290 TraceCheckUtils]: 79: Hoare triple {21735#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21736#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:25,867 INFO L290 TraceCheckUtils]: 80: Hoare triple {21736#(= |setClientId_#in~handle| 1)} assume true; {21736#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:25,867 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21736#(= |setClientId_#in~handle| 1)} {21729#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:25,867 INFO L290 TraceCheckUtils]: 82: Hoare triple {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:25,868 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21734#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21665#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {21627#false} is VALID [2022-02-20 17:59:25,868 INFO L272 TraceCheckUtils]: 84: Hoare triple {21627#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:25,868 INFO L290 TraceCheckUtils]: 85: Hoare triple {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,868 INFO L290 TraceCheckUtils]: 86: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,868 INFO L290 TraceCheckUtils]: 87: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,868 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21626#true} {21627#false} #1778#return; {21627#false} is VALID [2022-02-20 17:59:25,868 INFO L290 TraceCheckUtils]: 89: Hoare triple {21627#false} assume { :end_inline_setup_rjh__role__Keys } true; {21627#false} is VALID [2022-02-20 17:59:25,869 INFO L290 TraceCheckUtils]: 90: Hoare triple {21627#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21627#false} is VALID [2022-02-20 17:59:25,869 INFO L290 TraceCheckUtils]: 91: Hoare triple {21627#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21627#false} is VALID [2022-02-20 17:59:25,869 INFO L272 TraceCheckUtils]: 92: Hoare triple {21627#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,869 INFO L290 TraceCheckUtils]: 93: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21626#true} is VALID [2022-02-20 17:59:25,869 INFO L272 TraceCheckUtils]: 94: Hoare triple {21626#true} call setClientId(~chuck___0, ~chuck___0); {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,870 INFO L290 TraceCheckUtils]: 95: Hoare triple {21723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,870 INFO L290 TraceCheckUtils]: 96: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,870 INFO L290 TraceCheckUtils]: 97: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,870 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21626#true} {21626#true} #1648#return; {21626#true} is VALID [2022-02-20 17:59:25,870 INFO L290 TraceCheckUtils]: 99: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,870 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21626#true} {21627#false} #1782#return; {21627#false} is VALID [2022-02-20 17:59:25,870 INFO L272 TraceCheckUtils]: 101: Hoare triple {21627#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:25,870 INFO L290 TraceCheckUtils]: 102: Hoare triple {21728#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,871 INFO L290 TraceCheckUtils]: 103: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,871 INFO L290 TraceCheckUtils]: 104: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,871 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21626#true} {21627#false} #1784#return; {21627#false} is VALID [2022-02-20 17:59:25,871 INFO L290 TraceCheckUtils]: 106: Hoare triple {21627#false} assume { :end_inline_setup_chuck__role__Keys } true; {21627#false} is VALID [2022-02-20 17:59:25,871 INFO L290 TraceCheckUtils]: 107: Hoare triple {21627#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {21627#false} is VALID [2022-02-20 17:59:25,871 INFO L290 TraceCheckUtils]: 108: Hoare triple {21627#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21627#false} is VALID [2022-02-20 17:59:25,871 INFO L290 TraceCheckUtils]: 109: Hoare triple {21627#false} assume !false; {21627#false} is VALID [2022-02-20 17:59:25,871 INFO L290 TraceCheckUtils]: 110: Hoare triple {21627#false} assume !(test_~splverifierCounter~0#1 < 4); {21627#false} is VALID [2022-02-20 17:59:25,871 INFO L290 TraceCheckUtils]: 111: Hoare triple {21627#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {21627#false} is VALID [2022-02-20 17:59:25,872 INFO L272 TraceCheckUtils]: 112: Hoare triple {21627#false} call sendEmail(~bob~0, ~rjh~0); {21627#false} is VALID [2022-02-20 17:59:25,872 INFO L290 TraceCheckUtils]: 113: Hoare triple {21627#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21627#false} is VALID [2022-02-20 17:59:25,872 INFO L272 TraceCheckUtils]: 114: Hoare triple {21627#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21741#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:25,872 INFO L290 TraceCheckUtils]: 115: Hoare triple {21741#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,872 INFO L290 TraceCheckUtils]: 116: Hoare triple {21626#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,872 INFO L290 TraceCheckUtils]: 117: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,872 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21626#true} {21627#false} #1670#return; {21627#false} is VALID [2022-02-20 17:59:25,872 INFO L272 TraceCheckUtils]: 119: Hoare triple {21627#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21742#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:25,873 INFO L290 TraceCheckUtils]: 120: Hoare triple {21742#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,873 INFO L290 TraceCheckUtils]: 121: Hoare triple {21626#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,873 INFO L290 TraceCheckUtils]: 122: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,873 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21626#true} {21627#false} #1672#return; {21627#false} is VALID [2022-02-20 17:59:25,873 INFO L290 TraceCheckUtils]: 124: Hoare triple {21627#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {21627#false} is VALID [2022-02-20 17:59:25,873 INFO L290 TraceCheckUtils]: 125: Hoare triple {21627#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {21627#false} is VALID [2022-02-20 17:59:25,873 INFO L272 TraceCheckUtils]: 126: Hoare triple {21627#false} call outgoing(~sender#1, ~email~0#1); {21627#false} is VALID [2022-02-20 17:59:25,873 INFO L290 TraceCheckUtils]: 127: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21627#false} is VALID [2022-02-20 17:59:25,874 INFO L290 TraceCheckUtils]: 128: Hoare triple {21627#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {21627#false} is VALID [2022-02-20 17:59:25,874 INFO L272 TraceCheckUtils]: 129: Hoare triple {21627#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {21626#true} is VALID [2022-02-20 17:59:25,874 INFO L290 TraceCheckUtils]: 130: Hoare triple {21626#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21626#true} is VALID [2022-02-20 17:59:25,874 INFO L290 TraceCheckUtils]: 131: Hoare triple {21626#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {21626#true} is VALID [2022-02-20 17:59:25,874 INFO L290 TraceCheckUtils]: 132: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,874 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {21626#true} {21627#false} #1602#return; {21627#false} is VALID [2022-02-20 17:59:25,874 INFO L290 TraceCheckUtils]: 134: Hoare triple {21627#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {21627#false} is VALID [2022-02-20 17:59:25,874 INFO L290 TraceCheckUtils]: 135: Hoare triple {21627#false} assume 0 == sign_~privkey~1#1; {21627#false} is VALID [2022-02-20 17:59:25,874 INFO L290 TraceCheckUtils]: 136: Hoare triple {21627#false} assume { :end_inline_sign } true; {21627#false} is VALID [2022-02-20 17:59:25,875 INFO L272 TraceCheckUtils]: 137: Hoare triple {21627#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {21627#false} is VALID [2022-02-20 17:59:25,875 INFO L290 TraceCheckUtils]: 138: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21627#false} is VALID [2022-02-20 17:59:25,875 INFO L290 TraceCheckUtils]: 139: Hoare triple {21627#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21627#false} is VALID [2022-02-20 17:59:25,875 INFO L272 TraceCheckUtils]: 140: Hoare triple {21627#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21627#false} is VALID [2022-02-20 17:59:25,875 INFO L290 TraceCheckUtils]: 141: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21627#false} is VALID [2022-02-20 17:59:25,875 INFO L290 TraceCheckUtils]: 142: Hoare triple {21627#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {21627#false} is VALID [2022-02-20 17:59:25,875 INFO L272 TraceCheckUtils]: 143: Hoare triple {21627#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {21627#false} is VALID [2022-02-20 17:59:25,875 INFO L290 TraceCheckUtils]: 144: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {21627#false} is VALID [2022-02-20 17:59:25,876 INFO L290 TraceCheckUtils]: 145: Hoare triple {21627#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {21627#false} is VALID [2022-02-20 17:59:25,876 INFO L290 TraceCheckUtils]: 146: Hoare triple {21627#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {21627#false} is VALID [2022-02-20 17:59:25,876 INFO L272 TraceCheckUtils]: 147: Hoare triple {21627#false} call setEmailFrom(~msg#1, ~tmp~10#1); {21741#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:25,876 INFO L290 TraceCheckUtils]: 148: Hoare triple {21741#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:25,876 INFO L290 TraceCheckUtils]: 149: Hoare triple {21626#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:25,876 INFO L290 TraceCheckUtils]: 150: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,876 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {21626#true} {21627#false} #1682#return; {21627#false} is VALID [2022-02-20 17:59:25,876 INFO L290 TraceCheckUtils]: 152: Hoare triple {21627#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {21627#false} is VALID [2022-02-20 17:59:25,877 INFO L272 TraceCheckUtils]: 153: Hoare triple {21627#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {21626#true} is VALID [2022-02-20 17:59:25,877 INFO L290 TraceCheckUtils]: 154: Hoare triple {21626#true} ~handle := #in~handle;havoc ~retValue_acc~24; {21626#true} is VALID [2022-02-20 17:59:25,877 INFO L290 TraceCheckUtils]: 155: Hoare triple {21626#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {21626#true} is VALID [2022-02-20 17:59:25,877 INFO L290 TraceCheckUtils]: 156: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,877 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21626#true} {21627#false} #1684#return; {21627#false} is VALID [2022-02-20 17:59:25,877 INFO L290 TraceCheckUtils]: 158: Hoare triple {21627#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {21627#false} is VALID [2022-02-20 17:59:25,877 INFO L290 TraceCheckUtils]: 159: Hoare triple {21627#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {21627#false} is VALID [2022-02-20 17:59:25,877 INFO L272 TraceCheckUtils]: 160: Hoare triple {21627#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {21626#true} is VALID [2022-02-20 17:59:25,877 INFO L290 TraceCheckUtils]: 161: Hoare triple {21626#true} ~handle := #in~handle;havoc ~retValue_acc~19; {21626#true} is VALID [2022-02-20 17:59:25,878 INFO L290 TraceCheckUtils]: 162: Hoare triple {21626#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {21626#true} is VALID [2022-02-20 17:59:25,878 INFO L290 TraceCheckUtils]: 163: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,878 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21626#true} {21627#false} #1686#return; {21627#false} is VALID [2022-02-20 17:59:25,878 INFO L290 TraceCheckUtils]: 165: Hoare triple {21627#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {21627#false} is VALID [2022-02-20 17:59:25,878 INFO L290 TraceCheckUtils]: 166: Hoare triple {21627#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {21627#false} is VALID [2022-02-20 17:59:25,878 INFO L272 TraceCheckUtils]: 167: Hoare triple {21627#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {21627#false} is VALID [2022-02-20 17:59:25,878 INFO L290 TraceCheckUtils]: 168: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21627#false} is VALID [2022-02-20 17:59:25,878 INFO L290 TraceCheckUtils]: 169: Hoare triple {21627#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {21627#false} is VALID [2022-02-20 17:59:25,879 INFO L290 TraceCheckUtils]: 170: Hoare triple {21627#false} assume 1 == ~sent_signed~0; {21627#false} is VALID [2022-02-20 17:59:25,879 INFO L272 TraceCheckUtils]: 171: Hoare triple {21627#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {21626#true} is VALID [2022-02-20 17:59:25,879 INFO L290 TraceCheckUtils]: 172: Hoare triple {21626#true} ~handle := #in~handle;havoc ~retValue_acc~18; {21626#true} is VALID [2022-02-20 17:59:25,879 INFO L290 TraceCheckUtils]: 173: Hoare triple {21626#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {21626#true} is VALID [2022-02-20 17:59:25,879 INFO L290 TraceCheckUtils]: 174: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,879 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {21626#true} {21627#false} #1608#return; {21627#false} is VALID [2022-02-20 17:59:25,879 INFO L290 TraceCheckUtils]: 176: Hoare triple {21627#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {21627#false} is VALID [2022-02-20 17:59:25,879 INFO L272 TraceCheckUtils]: 177: Hoare triple {21627#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {21626#true} is VALID [2022-02-20 17:59:25,879 INFO L290 TraceCheckUtils]: 178: Hoare triple {21626#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {21626#true} is VALID [2022-02-20 17:59:25,880 INFO L290 TraceCheckUtils]: 179: Hoare triple {21626#true} assume 1 == ~handle; {21626#true} is VALID [2022-02-20 17:59:25,880 INFO L290 TraceCheckUtils]: 180: Hoare triple {21626#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {21626#true} is VALID [2022-02-20 17:59:25,880 INFO L290 TraceCheckUtils]: 181: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:25,880 INFO L284 TraceCheckUtils]: 182: Hoare quadruple {21626#true} {21627#false} #1610#return; {21627#false} is VALID [2022-02-20 17:59:25,880 INFO L290 TraceCheckUtils]: 183: Hoare triple {21627#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {21627#false} is VALID [2022-02-20 17:59:25,880 INFO L290 TraceCheckUtils]: 184: Hoare triple {21627#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {21627#false} is VALID [2022-02-20 17:59:25,880 INFO L272 TraceCheckUtils]: 185: Hoare triple {21627#false} call __automaton_fail(); {21627#false} is VALID [2022-02-20 17:59:25,880 INFO L290 TraceCheckUtils]: 186: Hoare triple {21627#false} assume !false; {21627#false} is VALID [2022-02-20 17:59:25,881 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2022-02-20 17:59:25,881 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:25,881 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [302516436] [2022-02-20 17:59:25,881 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [302516436] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:25,881 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [351976920] [2022-02-20 17:59:25,882 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:25,882 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:25,882 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:25,883 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:25,886 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:59:26,168 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,175 INFO L263 TraceCheckSpWp]: Trace formula consists of 1585 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:59:26,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:26,233 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:26,632 INFO L290 TraceCheckUtils]: 0: Hoare triple {21626#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {21626#true} is VALID [2022-02-20 17:59:26,632 INFO L290 TraceCheckUtils]: 1: Hoare triple {21626#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21626#true} is VALID [2022-02-20 17:59:26,633 INFO L290 TraceCheckUtils]: 2: Hoare triple {21626#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {21626#true} is VALID [2022-02-20 17:59:26,633 INFO L272 TraceCheckUtils]: 3: Hoare triple {21626#true} call select_features_#t~ret27#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:26,633 INFO L290 TraceCheckUtils]: 4: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:26,633 INFO L290 TraceCheckUtils]: 5: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,633 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21626#true} {21626#true} #1754#return; {21626#true} is VALID [2022-02-20 17:59:26,633 INFO L290 TraceCheckUtils]: 7: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {21626#true} is VALID [2022-02-20 17:59:26,633 INFO L272 TraceCheckUtils]: 8: Hoare triple {21626#true} call select_features_#t~ret28#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:26,634 INFO L290 TraceCheckUtils]: 9: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:26,634 INFO L290 TraceCheckUtils]: 10: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,634 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21626#true} {21626#true} #1756#return; {21626#true} is VALID [2022-02-20 17:59:26,634 INFO L290 TraceCheckUtils]: 12: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {21626#true} is VALID [2022-02-20 17:59:26,634 INFO L272 TraceCheckUtils]: 13: Hoare triple {21626#true} call select_features_#t~ret29#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:26,634 INFO L290 TraceCheckUtils]: 14: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:26,634 INFO L290 TraceCheckUtils]: 15: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,634 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21626#true} {21626#true} #1758#return; {21626#true} is VALID [2022-02-20 17:59:26,635 INFO L290 TraceCheckUtils]: 17: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {21626#true} is VALID [2022-02-20 17:59:26,635 INFO L272 TraceCheckUtils]: 18: Hoare triple {21626#true} call select_features_#t~ret30#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:26,635 INFO L290 TraceCheckUtils]: 19: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:26,635 INFO L290 TraceCheckUtils]: 20: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,635 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21626#true} {21626#true} #1760#return; {21626#true} is VALID [2022-02-20 17:59:26,635 INFO L290 TraceCheckUtils]: 22: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {21626#true} is VALID [2022-02-20 17:59:26,635 INFO L272 TraceCheckUtils]: 23: Hoare triple {21626#true} call select_features_#t~ret31#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:26,635 INFO L290 TraceCheckUtils]: 24: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:26,636 INFO L290 TraceCheckUtils]: 25: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,636 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21626#true} {21626#true} #1762#return; {21626#true} is VALID [2022-02-20 17:59:26,636 INFO L290 TraceCheckUtils]: 27: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {21626#true} is VALID [2022-02-20 17:59:26,636 INFO L272 TraceCheckUtils]: 28: Hoare triple {21626#true} call select_features_#t~ret32#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:26,636 INFO L290 TraceCheckUtils]: 29: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:26,636 INFO L290 TraceCheckUtils]: 30: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,636 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21626#true} {21626#true} #1764#return; {21626#true} is VALID [2022-02-20 17:59:26,636 INFO L290 TraceCheckUtils]: 32: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {21626#true} is VALID [2022-02-20 17:59:26,637 INFO L272 TraceCheckUtils]: 33: Hoare triple {21626#true} call select_features_#t~ret33#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:26,637 INFO L290 TraceCheckUtils]: 34: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:26,637 INFO L290 TraceCheckUtils]: 35: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,637 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21626#true} {21626#true} #1766#return; {21626#true} is VALID [2022-02-20 17:59:26,637 INFO L290 TraceCheckUtils]: 37: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {21626#true} is VALID [2022-02-20 17:59:26,637 INFO L272 TraceCheckUtils]: 38: Hoare triple {21626#true} call select_features_#t~ret34#1 := select_one(); {21626#true} is VALID [2022-02-20 17:59:26,637 INFO L290 TraceCheckUtils]: 39: Hoare triple {21626#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {21626#true} is VALID [2022-02-20 17:59:26,638 INFO L290 TraceCheckUtils]: 40: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,638 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21626#true} {21626#true} #1768#return; {21626#true} is VALID [2022-02-20 17:59:26,638 INFO L290 TraceCheckUtils]: 42: Hoare triple {21626#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {21626#true} is VALID [2022-02-20 17:59:26,638 INFO L290 TraceCheckUtils]: 43: Hoare triple {21626#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {21626#true} is VALID [2022-02-20 17:59:26,638 INFO L290 TraceCheckUtils]: 44: Hoare triple {21626#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {21626#true} is VALID [2022-02-20 17:59:26,638 INFO L290 TraceCheckUtils]: 45: Hoare triple {21626#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {21626#true} is VALID [2022-02-20 17:59:26,638 INFO L290 TraceCheckUtils]: 46: Hoare triple {21626#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {21626#true} is VALID [2022-02-20 17:59:26,638 INFO L290 TraceCheckUtils]: 47: Hoare triple {21626#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {21626#true} is VALID [2022-02-20 17:59:26,639 INFO L290 TraceCheckUtils]: 48: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {21626#true} is VALID [2022-02-20 17:59:26,639 INFO L290 TraceCheckUtils]: 49: Hoare triple {21626#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {21626#true} is VALID [2022-02-20 17:59:26,639 INFO L290 TraceCheckUtils]: 50: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {21626#true} is VALID [2022-02-20 17:59:26,639 INFO L290 TraceCheckUtils]: 51: Hoare triple {21626#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {21626#true} is VALID [2022-02-20 17:59:26,639 INFO L290 TraceCheckUtils]: 52: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21626#true} is VALID [2022-02-20 17:59:26,639 INFO L290 TraceCheckUtils]: 53: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {21626#true} is VALID [2022-02-20 17:59:26,639 INFO L290 TraceCheckUtils]: 54: Hoare triple {21626#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {21626#true} is VALID [2022-02-20 17:59:26,639 INFO L290 TraceCheckUtils]: 55: Hoare triple {21626#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {21626#true} is VALID [2022-02-20 17:59:26,640 INFO L290 TraceCheckUtils]: 56: Hoare triple {21626#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21626#true} is VALID [2022-02-20 17:59:26,640 INFO L290 TraceCheckUtils]: 57: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21626#true} is VALID [2022-02-20 17:59:26,640 INFO L272 TraceCheckUtils]: 58: Hoare triple {21626#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21626#true} is VALID [2022-02-20 17:59:26,640 INFO L290 TraceCheckUtils]: 59: Hoare triple {21626#true} ~bob___0 := #in~bob___0; {21626#true} is VALID [2022-02-20 17:59:26,640 INFO L272 TraceCheckUtils]: 60: Hoare triple {21626#true} call setClientId(~bob___0, ~bob___0); {21626#true} is VALID [2022-02-20 17:59:26,640 INFO L290 TraceCheckUtils]: 61: Hoare triple {21626#true} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:26,640 INFO L290 TraceCheckUtils]: 62: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:26,640 INFO L290 TraceCheckUtils]: 63: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,641 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21626#true} {21626#true} #1752#return; {21626#true} is VALID [2022-02-20 17:59:26,641 INFO L290 TraceCheckUtils]: 65: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,641 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21626#true} {21626#true} #1770#return; {21626#true} is VALID [2022-02-20 17:59:26,641 INFO L272 TraceCheckUtils]: 67: Hoare triple {21626#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21626#true} is VALID [2022-02-20 17:59:26,641 INFO L290 TraceCheckUtils]: 68: Hoare triple {21626#true} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:26,641 INFO L290 TraceCheckUtils]: 69: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:26,641 INFO L290 TraceCheckUtils]: 70: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,641 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21626#true} {21626#true} #1772#return; {21626#true} is VALID [2022-02-20 17:59:26,642 INFO L290 TraceCheckUtils]: 72: Hoare triple {21626#true} assume { :end_inline_setup_bob__role__Keys } true; {21626#true} is VALID [2022-02-20 17:59:26,642 INFO L290 TraceCheckUtils]: 73: Hoare triple {21626#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21626#true} is VALID [2022-02-20 17:59:26,642 INFO L290 TraceCheckUtils]: 74: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21626#true} is VALID [2022-02-20 17:59:26,642 INFO L272 TraceCheckUtils]: 75: Hoare triple {21626#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21626#true} is VALID [2022-02-20 17:59:26,642 INFO L290 TraceCheckUtils]: 76: Hoare triple {21626#true} ~rjh___0 := #in~rjh___0; {21626#true} is VALID [2022-02-20 17:59:26,642 INFO L272 TraceCheckUtils]: 77: Hoare triple {21626#true} call setClientId(~rjh___0, ~rjh___0); {21626#true} is VALID [2022-02-20 17:59:26,642 INFO L290 TraceCheckUtils]: 78: Hoare triple {21626#true} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:26,642 INFO L290 TraceCheckUtils]: 79: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:26,643 INFO L290 TraceCheckUtils]: 80: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,643 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21626#true} {21626#true} #1704#return; {21626#true} is VALID [2022-02-20 17:59:26,643 INFO L290 TraceCheckUtils]: 82: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,643 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21626#true} {21626#true} #1776#return; {21626#true} is VALID [2022-02-20 17:59:26,643 INFO L272 TraceCheckUtils]: 84: Hoare triple {21626#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21626#true} is VALID [2022-02-20 17:59:26,643 INFO L290 TraceCheckUtils]: 85: Hoare triple {21626#true} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:26,643 INFO L290 TraceCheckUtils]: 86: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:26,643 INFO L290 TraceCheckUtils]: 87: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,644 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21626#true} {21626#true} #1778#return; {21626#true} is VALID [2022-02-20 17:59:26,644 INFO L290 TraceCheckUtils]: 89: Hoare triple {21626#true} assume { :end_inline_setup_rjh__role__Keys } true; {21626#true} is VALID [2022-02-20 17:59:26,644 INFO L290 TraceCheckUtils]: 90: Hoare triple {21626#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21626#true} is VALID [2022-02-20 17:59:26,644 INFO L290 TraceCheckUtils]: 91: Hoare triple {21626#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21626#true} is VALID [2022-02-20 17:59:26,644 INFO L272 TraceCheckUtils]: 92: Hoare triple {21626#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21626#true} is VALID [2022-02-20 17:59:26,644 INFO L290 TraceCheckUtils]: 93: Hoare triple {21626#true} ~chuck___0 := #in~chuck___0; {21626#true} is VALID [2022-02-20 17:59:26,644 INFO L272 TraceCheckUtils]: 94: Hoare triple {21626#true} call setClientId(~chuck___0, ~chuck___0); {21626#true} is VALID [2022-02-20 17:59:26,644 INFO L290 TraceCheckUtils]: 95: Hoare triple {21626#true} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:26,645 INFO L290 TraceCheckUtils]: 96: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:26,645 INFO L290 TraceCheckUtils]: 97: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,645 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21626#true} {21626#true} #1648#return; {21626#true} is VALID [2022-02-20 17:59:26,645 INFO L290 TraceCheckUtils]: 99: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,645 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21626#true} {21626#true} #1782#return; {21626#true} is VALID [2022-02-20 17:59:26,645 INFO L272 TraceCheckUtils]: 101: Hoare triple {21626#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21626#true} is VALID [2022-02-20 17:59:26,645 INFO L290 TraceCheckUtils]: 102: Hoare triple {21626#true} ~handle := #in~handle;~value := #in~value; {21626#true} is VALID [2022-02-20 17:59:26,645 INFO L290 TraceCheckUtils]: 103: Hoare triple {21626#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21626#true} is VALID [2022-02-20 17:59:26,646 INFO L290 TraceCheckUtils]: 104: Hoare triple {21626#true} assume true; {21626#true} is VALID [2022-02-20 17:59:26,646 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21626#true} {21626#true} #1784#return; {21626#true} is VALID [2022-02-20 17:59:26,646 INFO L290 TraceCheckUtils]: 106: Hoare triple {21626#true} assume { :end_inline_setup_chuck__role__Keys } true; {21626#true} is VALID [2022-02-20 17:59:26,646 INFO L290 TraceCheckUtils]: 107: Hoare triple {21626#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {21626#true} is VALID [2022-02-20 17:59:26,646 INFO L290 TraceCheckUtils]: 108: Hoare triple {21626#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22070#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:26,647 INFO L290 TraceCheckUtils]: 109: Hoare triple {22070#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {22070#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:26,647 INFO L290 TraceCheckUtils]: 110: Hoare triple {22070#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {21627#false} is VALID [2022-02-20 17:59:26,647 INFO L290 TraceCheckUtils]: 111: Hoare triple {21627#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {21627#false} is VALID [2022-02-20 17:59:26,647 INFO L272 TraceCheckUtils]: 112: Hoare triple {21627#false} call sendEmail(~bob~0, ~rjh~0); {21627#false} is VALID [2022-02-20 17:59:26,648 INFO L290 TraceCheckUtils]: 113: Hoare triple {21627#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21627#false} is VALID [2022-02-20 17:59:26,648 INFO L272 TraceCheckUtils]: 114: Hoare triple {21627#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21627#false} is VALID [2022-02-20 17:59:26,648 INFO L290 TraceCheckUtils]: 115: Hoare triple {21627#false} ~handle := #in~handle;~value := #in~value; {21627#false} is VALID [2022-02-20 17:59:26,648 INFO L290 TraceCheckUtils]: 116: Hoare triple {21627#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21627#false} is VALID [2022-02-20 17:59:26,648 INFO L290 TraceCheckUtils]: 117: Hoare triple {21627#false} assume true; {21627#false} is VALID [2022-02-20 17:59:26,648 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21627#false} {21627#false} #1670#return; {21627#false} is VALID [2022-02-20 17:59:26,648 INFO L272 TraceCheckUtils]: 119: Hoare triple {21627#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21627#false} is VALID [2022-02-20 17:59:26,648 INFO L290 TraceCheckUtils]: 120: Hoare triple {21627#false} ~handle := #in~handle;~value := #in~value; {21627#false} is VALID [2022-02-20 17:59:26,649 INFO L290 TraceCheckUtils]: 121: Hoare triple {21627#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21627#false} is VALID [2022-02-20 17:59:26,649 INFO L290 TraceCheckUtils]: 122: Hoare triple {21627#false} assume true; {21627#false} is VALID [2022-02-20 17:59:26,649 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21627#false} {21627#false} #1672#return; {21627#false} is VALID [2022-02-20 17:59:26,649 INFO L290 TraceCheckUtils]: 124: Hoare triple {21627#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {21627#false} is VALID [2022-02-20 17:59:26,649 INFO L290 TraceCheckUtils]: 125: Hoare triple {21627#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {21627#false} is VALID [2022-02-20 17:59:26,649 INFO L272 TraceCheckUtils]: 126: Hoare triple {21627#false} call outgoing(~sender#1, ~email~0#1); {21627#false} is VALID [2022-02-20 17:59:26,649 INFO L290 TraceCheckUtils]: 127: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21627#false} is VALID [2022-02-20 17:59:26,649 INFO L290 TraceCheckUtils]: 128: Hoare triple {21627#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {21627#false} is VALID [2022-02-20 17:59:26,650 INFO L272 TraceCheckUtils]: 129: Hoare triple {21627#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {21627#false} is VALID [2022-02-20 17:59:26,650 INFO L290 TraceCheckUtils]: 130: Hoare triple {21627#false} ~handle := #in~handle;havoc ~retValue_acc~36; {21627#false} is VALID [2022-02-20 17:59:26,650 INFO L290 TraceCheckUtils]: 131: Hoare triple {21627#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {21627#false} is VALID [2022-02-20 17:59:26,650 INFO L290 TraceCheckUtils]: 132: Hoare triple {21627#false} assume true; {21627#false} is VALID [2022-02-20 17:59:26,650 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {21627#false} {21627#false} #1602#return; {21627#false} is VALID [2022-02-20 17:59:26,650 INFO L290 TraceCheckUtils]: 134: Hoare triple {21627#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {21627#false} is VALID [2022-02-20 17:59:26,650 INFO L290 TraceCheckUtils]: 135: Hoare triple {21627#false} assume 0 == sign_~privkey~1#1; {21627#false} is VALID [2022-02-20 17:59:26,650 INFO L290 TraceCheckUtils]: 136: Hoare triple {21627#false} assume { :end_inline_sign } true; {21627#false} is VALID [2022-02-20 17:59:26,651 INFO L272 TraceCheckUtils]: 137: Hoare triple {21627#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {21627#false} is VALID [2022-02-20 17:59:26,651 INFO L290 TraceCheckUtils]: 138: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21627#false} is VALID [2022-02-20 17:59:26,651 INFO L290 TraceCheckUtils]: 139: Hoare triple {21627#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21627#false} is VALID [2022-02-20 17:59:26,651 INFO L272 TraceCheckUtils]: 140: Hoare triple {21627#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21627#false} is VALID [2022-02-20 17:59:26,651 INFO L290 TraceCheckUtils]: 141: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21627#false} is VALID [2022-02-20 17:59:26,651 INFO L290 TraceCheckUtils]: 142: Hoare triple {21627#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {21627#false} is VALID [2022-02-20 17:59:26,651 INFO L272 TraceCheckUtils]: 143: Hoare triple {21627#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {21627#false} is VALID [2022-02-20 17:59:26,651 INFO L290 TraceCheckUtils]: 144: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {21627#false} is VALID [2022-02-20 17:59:26,652 INFO L290 TraceCheckUtils]: 145: Hoare triple {21627#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {21627#false} is VALID [2022-02-20 17:59:26,652 INFO L290 TraceCheckUtils]: 146: Hoare triple {21627#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {21627#false} is VALID [2022-02-20 17:59:26,652 INFO L272 TraceCheckUtils]: 147: Hoare triple {21627#false} call setEmailFrom(~msg#1, ~tmp~10#1); {21627#false} is VALID [2022-02-20 17:59:26,652 INFO L290 TraceCheckUtils]: 148: Hoare triple {21627#false} ~handle := #in~handle;~value := #in~value; {21627#false} is VALID [2022-02-20 17:59:26,652 INFO L290 TraceCheckUtils]: 149: Hoare triple {21627#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21627#false} is VALID [2022-02-20 17:59:26,652 INFO L290 TraceCheckUtils]: 150: Hoare triple {21627#false} assume true; {21627#false} is VALID [2022-02-20 17:59:26,652 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {21627#false} {21627#false} #1682#return; {21627#false} is VALID [2022-02-20 17:59:26,652 INFO L290 TraceCheckUtils]: 152: Hoare triple {21627#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {21627#false} is VALID [2022-02-20 17:59:26,653 INFO L272 TraceCheckUtils]: 153: Hoare triple {21627#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {21627#false} is VALID [2022-02-20 17:59:26,653 INFO L290 TraceCheckUtils]: 154: Hoare triple {21627#false} ~handle := #in~handle;havoc ~retValue_acc~24; {21627#false} is VALID [2022-02-20 17:59:26,653 INFO L290 TraceCheckUtils]: 155: Hoare triple {21627#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {21627#false} is VALID [2022-02-20 17:59:26,653 INFO L290 TraceCheckUtils]: 156: Hoare triple {21627#false} assume true; {21627#false} is VALID [2022-02-20 17:59:26,653 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21627#false} {21627#false} #1684#return; {21627#false} is VALID [2022-02-20 17:59:26,653 INFO L290 TraceCheckUtils]: 158: Hoare triple {21627#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {21627#false} is VALID [2022-02-20 17:59:26,653 INFO L290 TraceCheckUtils]: 159: Hoare triple {21627#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {21627#false} is VALID [2022-02-20 17:59:26,653 INFO L272 TraceCheckUtils]: 160: Hoare triple {21627#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {21627#false} is VALID [2022-02-20 17:59:26,654 INFO L290 TraceCheckUtils]: 161: Hoare triple {21627#false} ~handle := #in~handle;havoc ~retValue_acc~19; {21627#false} is VALID [2022-02-20 17:59:26,654 INFO L290 TraceCheckUtils]: 162: Hoare triple {21627#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {21627#false} is VALID [2022-02-20 17:59:26,654 INFO L290 TraceCheckUtils]: 163: Hoare triple {21627#false} assume true; {21627#false} is VALID [2022-02-20 17:59:26,654 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21627#false} {21627#false} #1686#return; {21627#false} is VALID [2022-02-20 17:59:26,654 INFO L290 TraceCheckUtils]: 165: Hoare triple {21627#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {21627#false} is VALID [2022-02-20 17:59:26,654 INFO L290 TraceCheckUtils]: 166: Hoare triple {21627#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {21627#false} is VALID [2022-02-20 17:59:26,654 INFO L272 TraceCheckUtils]: 167: Hoare triple {21627#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {21627#false} is VALID [2022-02-20 17:59:26,654 INFO L290 TraceCheckUtils]: 168: Hoare triple {21627#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21627#false} is VALID [2022-02-20 17:59:26,655 INFO L290 TraceCheckUtils]: 169: Hoare triple {21627#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {21627#false} is VALID [2022-02-20 17:59:26,655 INFO L290 TraceCheckUtils]: 170: Hoare triple {21627#false} assume 1 == ~sent_signed~0; {21627#false} is VALID [2022-02-20 17:59:26,655 INFO L272 TraceCheckUtils]: 171: Hoare triple {21627#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {21627#false} is VALID [2022-02-20 17:59:26,655 INFO L290 TraceCheckUtils]: 172: Hoare triple {21627#false} ~handle := #in~handle;havoc ~retValue_acc~18; {21627#false} is VALID [2022-02-20 17:59:26,655 INFO L290 TraceCheckUtils]: 173: Hoare triple {21627#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {21627#false} is VALID [2022-02-20 17:59:26,655 INFO L290 TraceCheckUtils]: 174: Hoare triple {21627#false} assume true; {21627#false} is VALID [2022-02-20 17:59:26,655 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {21627#false} {21627#false} #1608#return; {21627#false} is VALID [2022-02-20 17:59:26,656 INFO L290 TraceCheckUtils]: 176: Hoare triple {21627#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {21627#false} is VALID [2022-02-20 17:59:26,656 INFO L272 TraceCheckUtils]: 177: Hoare triple {21627#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {21627#false} is VALID [2022-02-20 17:59:26,656 INFO L290 TraceCheckUtils]: 178: Hoare triple {21627#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {21627#false} is VALID [2022-02-20 17:59:26,656 INFO L290 TraceCheckUtils]: 179: Hoare triple {21627#false} assume 1 == ~handle; {21627#false} is VALID [2022-02-20 17:59:26,656 INFO L290 TraceCheckUtils]: 180: Hoare triple {21627#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {21627#false} is VALID [2022-02-20 17:59:26,656 INFO L290 TraceCheckUtils]: 181: Hoare triple {21627#false} assume true; {21627#false} is VALID [2022-02-20 17:59:26,656 INFO L284 TraceCheckUtils]: 182: Hoare quadruple {21627#false} {21627#false} #1610#return; {21627#false} is VALID [2022-02-20 17:59:26,656 INFO L290 TraceCheckUtils]: 183: Hoare triple {21627#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {21627#false} is VALID [2022-02-20 17:59:26,657 INFO L290 TraceCheckUtils]: 184: Hoare triple {21627#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {21627#false} is VALID [2022-02-20 17:59:26,657 INFO L272 TraceCheckUtils]: 185: Hoare triple {21627#false} call __automaton_fail(); {21627#false} is VALID [2022-02-20 17:59:26,657 INFO L290 TraceCheckUtils]: 186: Hoare triple {21627#false} assume !false; {21627#false} is VALID [2022-02-20 17:59:26,657 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 17:59:26,657 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:26,658 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [351976920] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:26,658 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:26,658 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 17:59:26,658 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [278242028] [2022-02-20 17:59:26,658 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:26,659 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 187 [2022-02-20 17:59:26,659 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:26,659 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:26,749 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 158 edges. 158 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:26,750 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:26,750 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:26,750 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:26,750 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:26,751 INFO L87 Difference]: Start difference. First operand 602 states and 864 transitions. Second operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:27,363 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:27,364 INFO L93 Difference]: Finished difference Result 939 states and 1329 transitions. [2022-02-20 17:59:27,364 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:27,364 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 187 [2022-02-20 17:59:27,365 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:27,365 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:27,375 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1327 transitions. [2022-02-20 17:59:27,375 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:27,386 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1327 transitions. [2022-02-20 17:59:27,386 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1327 transitions. [2022-02-20 17:59:28,171 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1327 edges. 1327 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:28,190 INFO L225 Difference]: With dead ends: 939 [2022-02-20 17:59:28,190 INFO L226 Difference]: Without dead ends: 605 [2022-02-20 17:59:28,191 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 242 GetRequests, 231 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:28,191 INFO L933 BasicCegarLoop]: 860 mSDtfsCounter, 1 mSDsluCounter, 858 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1718 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:28,192 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1718 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:28,192 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 605 states. [2022-02-20 17:59:28,208 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 605 to 604. [2022-02-20 17:59:28,209 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:28,210 INFO L82 GeneralOperation]: Start isEquivalent. First operand 605 states. Second operand has 604 states, 451 states have (on average 1.4478935698447895) internal successors, (653), 462 states have internal predecessors, (653), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:59:28,210 INFO L74 IsIncluded]: Start isIncluded. First operand 605 states. Second operand has 604 states, 451 states have (on average 1.4478935698447895) internal successors, (653), 462 states have internal predecessors, (653), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:59:28,211 INFO L87 Difference]: Start difference. First operand 605 states. Second operand has 604 states, 451 states have (on average 1.4478935698447895) internal successors, (653), 462 states have internal predecessors, (653), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:59:28,225 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:28,225 INFO L93 Difference]: Finished difference Result 605 states and 867 transitions. [2022-02-20 17:59:28,225 INFO L276 IsEmpty]: Start isEmpty. Operand 605 states and 867 transitions. [2022-02-20 17:59:28,227 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:28,227 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:28,228 INFO L74 IsIncluded]: Start isIncluded. First operand has 604 states, 451 states have (on average 1.4478935698447895) internal successors, (653), 462 states have internal predecessors, (653), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 605 states. [2022-02-20 17:59:28,229 INFO L87 Difference]: Start difference. First operand has 604 states, 451 states have (on average 1.4478935698447895) internal successors, (653), 462 states have internal predecessors, (653), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 605 states. [2022-02-20 17:59:28,245 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:28,245 INFO L93 Difference]: Finished difference Result 605 states and 867 transitions. [2022-02-20 17:59:28,245 INFO L276 IsEmpty]: Start isEmpty. Operand 605 states and 867 transitions. [2022-02-20 17:59:28,247 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:28,247 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:28,247 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:28,247 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:28,248 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 604 states, 451 states have (on average 1.4478935698447895) internal successors, (653), 462 states have internal predecessors, (653), 108 states have call successors, (108), 45 states have call predecessors, (108), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 17:59:28,267 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 604 states to 604 states and 866 transitions. [2022-02-20 17:59:28,267 INFO L78 Accepts]: Start accepts. Automaton has 604 states and 866 transitions. Word has length 187 [2022-02-20 17:59:28,267 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:28,267 INFO L470 AbstractCegarLoop]: Abstraction has 604 states and 866 transitions. [2022-02-20 17:59:28,268 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:28,268 INFO L276 IsEmpty]: Start isEmpty. Operand 604 states and 866 transitions. [2022-02-20 17:59:28,270 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 196 [2022-02-20 17:59:28,270 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:28,271 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:28,293 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:28,487 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2022-02-20 17:59:28,487 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:28,487 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:28,488 INFO L85 PathProgramCache]: Analyzing trace with hash -1164905097, now seen corresponding path program 1 times [2022-02-20 17:59:28,488 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:28,488 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [881511622] [2022-02-20 17:59:28,488 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:28,488 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:28,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,567 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:28,569 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,571 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,571 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,571 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25655#true} {25655#true} #1754#return; {25655#true} is VALID [2022-02-20 17:59:28,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:28,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,574 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25655#true} {25655#true} #1756#return; {25655#true} is VALID [2022-02-20 17:59:28,574 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:28,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,577 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,577 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25655#true} {25655#true} #1758#return; {25655#true} is VALID [2022-02-20 17:59:28,577 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:28,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,580 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,580 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,580 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25655#true} {25655#true} #1760#return; {25655#true} is VALID [2022-02-20 17:59:28,580 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:28,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,583 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,583 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,583 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25655#true} {25655#true} #1762#return; {25655#true} is VALID [2022-02-20 17:59:28,584 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:28,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,586 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,587 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,587 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25655#true} {25655#true} #1764#return; {25655#true} is VALID [2022-02-20 17:59:28,587 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:28,588 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,590 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,590 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,590 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25655#true} {25655#true} #1766#return; {25655#true} is VALID [2022-02-20 17:59:28,590 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:28,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,593 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25655#true} {25655#true} #1768#return; {25655#true} is VALID [2022-02-20 17:59:28,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:28,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:28,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,603 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,603 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25655#true} #1752#return; {25655#true} is VALID [2022-02-20 17:59:28,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25655#true} is VALID [2022-02-20 17:59:28,604 INFO L272 TraceCheckUtils]: 1: Hoare triple {25655#true} call setClientId(~bob___0, ~bob___0); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,604 INFO L290 TraceCheckUtils]: 3: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,604 INFO L290 TraceCheckUtils]: 4: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,605 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25655#true} {25655#true} #1752#return; {25655#true} is VALID [2022-02-20 17:59:28,605 INFO L290 TraceCheckUtils]: 6: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,605 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25655#true} {25655#true} #1770#return; {25655#true} is VALID [2022-02-20 17:59:28,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:28,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,613 INFO L290 TraceCheckUtils]: 0: Hoare triple {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,613 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,613 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,614 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25655#true} #1772#return; {25655#true} is VALID [2022-02-20 17:59:28,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:28,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:28,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,642 INFO L290 TraceCheckUtils]: 0: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:28,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {25764#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25765#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:28,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {25765#(= |setClientId_#in~handle| 1)} assume true; {25765#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:28,644 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25765#(= |setClientId_#in~handle| 1)} {25758#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:28,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25758#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:28,645 INFO L272 TraceCheckUtils]: 1: Hoare triple {25758#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,645 INFO L290 TraceCheckUtils]: 2: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:28,645 INFO L290 TraceCheckUtils]: 3: Hoare triple {25764#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25765#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:28,646 INFO L290 TraceCheckUtils]: 4: Hoare triple {25765#(= |setClientId_#in~handle| 1)} assume true; {25765#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:28,646 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25765#(= |setClientId_#in~handle| 1)} {25758#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:28,647 INFO L290 TraceCheckUtils]: 6: Hoare triple {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:28,647 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25694#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {25656#false} is VALID [2022-02-20 17:59:28,647 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:28,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,651 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1778#return; {25656#false} is VALID [2022-02-20 17:59:28,651 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:59:28,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:28,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,656 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25655#true} #1648#return; {25655#true} is VALID [2022-02-20 17:59:28,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25655#true} is VALID [2022-02-20 17:59:28,657 INFO L272 TraceCheckUtils]: 1: Hoare triple {25655#true} call setClientId(~chuck___0, ~chuck___0); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,657 INFO L290 TraceCheckUtils]: 3: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,657 INFO L290 TraceCheckUtils]: 4: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,657 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25655#true} {25655#true} #1648#return; {25655#true} is VALID [2022-02-20 17:59:28,657 INFO L290 TraceCheckUtils]: 6: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,657 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25655#true} {25656#false} #1782#return; {25656#false} is VALID [2022-02-20 17:59:28,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:28,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,662 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,662 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,662 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1784#return; {25656#false} is VALID [2022-02-20 17:59:28,670 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:59:28,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {25770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,673 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,673 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1670#return; {25656#false} is VALID [2022-02-20 17:59:28,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:59:28,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {25771#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,683 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,683 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1672#return; {25656#false} is VALID [2022-02-20 17:59:28,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 17:59:28,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,685 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25655#true} is VALID [2022-02-20 17:59:28,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {25655#true} is VALID [2022-02-20 17:59:28,686 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,686 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1602#return; {25656#false} is VALID [2022-02-20 17:59:28,686 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 155 [2022-02-20 17:59:28,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {25770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,688 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1682#return; {25656#false} is VALID [2022-02-20 17:59:28,688 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 161 [2022-02-20 17:59:28,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} ~handle := #in~handle;havoc ~retValue_acc~24; {25655#true} is VALID [2022-02-20 17:59:28,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {25655#true} is VALID [2022-02-20 17:59:28,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,691 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1684#return; {25656#false} is VALID [2022-02-20 17:59:28,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 168 [2022-02-20 17:59:28,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,693 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25655#true} is VALID [2022-02-20 17:59:28,693 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {25655#true} is VALID [2022-02-20 17:59:28,693 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,693 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1686#return; {25656#false} is VALID [2022-02-20 17:59:28,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 179 [2022-02-20 17:59:28,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} ~handle := #in~handle;havoc ~retValue_acc~18; {25655#true} is VALID [2022-02-20 17:59:28,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {25655#true} is VALID [2022-02-20 17:59:28,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,695 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25655#true} {25656#false} #1608#return; {25656#false} is VALID [2022-02-20 17:59:28,696 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 185 [2022-02-20 17:59:28,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:28,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {25655#true} is VALID [2022-02-20 17:59:28,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume 1 == ~handle; {25655#true} is VALID [2022-02-20 17:59:28,698 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {25655#true} is VALID [2022-02-20 17:59:28,698 INFO L290 TraceCheckUtils]: 3: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,698 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25655#true} {25656#false} #1610#return; {25656#false} is VALID [2022-02-20 17:59:28,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {25655#true} is VALID [2022-02-20 17:59:28,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25655#true} is VALID [2022-02-20 17:59:28,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {25655#true} is VALID [2022-02-20 17:59:28,699 INFO L272 TraceCheckUtils]: 3: Hoare triple {25655#true} call select_features_#t~ret27#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:28,699 INFO L290 TraceCheckUtils]: 4: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,699 INFO L290 TraceCheckUtils]: 5: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,699 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25655#true} {25655#true} #1754#return; {25655#true} is VALID [2022-02-20 17:59:28,699 INFO L290 TraceCheckUtils]: 7: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {25655#true} is VALID [2022-02-20 17:59:28,699 INFO L272 TraceCheckUtils]: 8: Hoare triple {25655#true} call select_features_#t~ret28#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:28,699 INFO L290 TraceCheckUtils]: 9: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L290 TraceCheckUtils]: 10: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25655#true} {25655#true} #1756#return; {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L290 TraceCheckUtils]: 12: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L272 TraceCheckUtils]: 13: Hoare triple {25655#true} call select_features_#t~ret29#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L290 TraceCheckUtils]: 14: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L290 TraceCheckUtils]: 15: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25655#true} {25655#true} #1758#return; {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L290 TraceCheckUtils]: 17: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {25655#true} is VALID [2022-02-20 17:59:28,700 INFO L272 TraceCheckUtils]: 18: Hoare triple {25655#true} call select_features_#t~ret30#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:28,701 INFO L290 TraceCheckUtils]: 19: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,701 INFO L290 TraceCheckUtils]: 20: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,701 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25655#true} {25655#true} #1760#return; {25655#true} is VALID [2022-02-20 17:59:28,701 INFO L290 TraceCheckUtils]: 22: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {25655#true} is VALID [2022-02-20 17:59:28,701 INFO L272 TraceCheckUtils]: 23: Hoare triple {25655#true} call select_features_#t~ret31#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:28,701 INFO L290 TraceCheckUtils]: 24: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,701 INFO L290 TraceCheckUtils]: 25: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,701 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25655#true} {25655#true} #1762#return; {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L290 TraceCheckUtils]: 27: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L272 TraceCheckUtils]: 28: Hoare triple {25655#true} call select_features_#t~ret32#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L290 TraceCheckUtils]: 29: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L290 TraceCheckUtils]: 30: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25655#true} {25655#true} #1764#return; {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L290 TraceCheckUtils]: 32: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L272 TraceCheckUtils]: 33: Hoare triple {25655#true} call select_features_#t~ret33#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L290 TraceCheckUtils]: 34: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,702 INFO L290 TraceCheckUtils]: 35: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25655#true} {25655#true} #1766#return; {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L290 TraceCheckUtils]: 37: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L272 TraceCheckUtils]: 38: Hoare triple {25655#true} call select_features_#t~ret34#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L290 TraceCheckUtils]: 39: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L290 TraceCheckUtils]: 40: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25655#true} {25655#true} #1768#return; {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L290 TraceCheckUtils]: 42: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L290 TraceCheckUtils]: 43: Hoare triple {25655#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {25655#true} is VALID [2022-02-20 17:59:28,703 INFO L290 TraceCheckUtils]: 44: Hoare triple {25655#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25655#true} is VALID [2022-02-20 17:59:28,704 INFO L290 TraceCheckUtils]: 45: Hoare triple {25655#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {25655#true} is VALID [2022-02-20 17:59:28,704 INFO L290 TraceCheckUtils]: 46: Hoare triple {25655#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25655#true} is VALID [2022-02-20 17:59:28,704 INFO L290 TraceCheckUtils]: 47: Hoare triple {25655#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {25655#true} is VALID [2022-02-20 17:59:28,704 INFO L290 TraceCheckUtils]: 48: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {25655#true} is VALID [2022-02-20 17:59:28,704 INFO L290 TraceCheckUtils]: 49: Hoare triple {25655#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {25655#true} is VALID [2022-02-20 17:59:28,704 INFO L290 TraceCheckUtils]: 50: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {25655#true} is VALID [2022-02-20 17:59:28,704 INFO L290 TraceCheckUtils]: 51: Hoare triple {25655#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {25655#true} is VALID [2022-02-20 17:59:28,704 INFO L290 TraceCheckUtils]: 52: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25655#true} is VALID [2022-02-20 17:59:28,705 INFO L290 TraceCheckUtils]: 53: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {25655#true} is VALID [2022-02-20 17:59:28,705 INFO L290 TraceCheckUtils]: 54: Hoare triple {25655#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {25655#true} is VALID [2022-02-20 17:59:28,705 INFO L290 TraceCheckUtils]: 55: Hoare triple {25655#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {25655#true} is VALID [2022-02-20 17:59:28,705 INFO L290 TraceCheckUtils]: 56: Hoare triple {25655#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25655#true} is VALID [2022-02-20 17:59:28,705 INFO L290 TraceCheckUtils]: 57: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25655#true} is VALID [2022-02-20 17:59:28,706 INFO L272 TraceCheckUtils]: 58: Hoare triple {25655#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,706 INFO L290 TraceCheckUtils]: 59: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25655#true} is VALID [2022-02-20 17:59:28,706 INFO L272 TraceCheckUtils]: 60: Hoare triple {25655#true} call setClientId(~bob___0, ~bob___0); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,706 INFO L290 TraceCheckUtils]: 61: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,707 INFO L290 TraceCheckUtils]: 62: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,707 INFO L290 TraceCheckUtils]: 63: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,707 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25655#true} {25655#true} #1752#return; {25655#true} is VALID [2022-02-20 17:59:28,707 INFO L290 TraceCheckUtils]: 65: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,707 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25655#true} {25655#true} #1770#return; {25655#true} is VALID [2022-02-20 17:59:28,708 INFO L272 TraceCheckUtils]: 67: Hoare triple {25655#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:28,708 INFO L290 TraceCheckUtils]: 68: Hoare triple {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,708 INFO L290 TraceCheckUtils]: 69: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,708 INFO L290 TraceCheckUtils]: 70: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,708 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25655#true} {25655#true} #1772#return; {25655#true} is VALID [2022-02-20 17:59:28,708 INFO L290 TraceCheckUtils]: 72: Hoare triple {25655#true} assume { :end_inline_setup_bob__role__Keys } true; {25655#true} is VALID [2022-02-20 17:59:28,709 INFO L290 TraceCheckUtils]: 73: Hoare triple {25655#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25693#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:28,709 INFO L290 TraceCheckUtils]: 74: Hoare triple {25693#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25694#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:28,710 INFO L272 TraceCheckUtils]: 75: Hoare triple {25694#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,710 INFO L290 TraceCheckUtils]: 76: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25758#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:28,711 INFO L272 TraceCheckUtils]: 77: Hoare triple {25758#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,711 INFO L290 TraceCheckUtils]: 78: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:28,711 INFO L290 TraceCheckUtils]: 79: Hoare triple {25764#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25765#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:28,712 INFO L290 TraceCheckUtils]: 80: Hoare triple {25765#(= |setClientId_#in~handle| 1)} assume true; {25765#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:28,712 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25765#(= |setClientId_#in~handle| 1)} {25758#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:28,712 INFO L290 TraceCheckUtils]: 82: Hoare triple {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:28,713 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25763#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25694#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {25656#false} is VALID [2022-02-20 17:59:28,713 INFO L272 TraceCheckUtils]: 84: Hoare triple {25656#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:28,713 INFO L290 TraceCheckUtils]: 85: Hoare triple {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,713 INFO L290 TraceCheckUtils]: 86: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,713 INFO L290 TraceCheckUtils]: 87: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,713 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25655#true} {25656#false} #1778#return; {25656#false} is VALID [2022-02-20 17:59:28,714 INFO L290 TraceCheckUtils]: 89: Hoare triple {25656#false} assume { :end_inline_setup_rjh__role__Keys } true; {25656#false} is VALID [2022-02-20 17:59:28,714 INFO L290 TraceCheckUtils]: 90: Hoare triple {25656#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25656#false} is VALID [2022-02-20 17:59:28,714 INFO L290 TraceCheckUtils]: 91: Hoare triple {25656#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25656#false} is VALID [2022-02-20 17:59:28,714 INFO L272 TraceCheckUtils]: 92: Hoare triple {25656#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,714 INFO L290 TraceCheckUtils]: 93: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25655#true} is VALID [2022-02-20 17:59:28,715 INFO L272 TraceCheckUtils]: 94: Hoare triple {25655#true} call setClientId(~chuck___0, ~chuck___0); {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:28,715 INFO L290 TraceCheckUtils]: 95: Hoare triple {25752#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,715 INFO L290 TraceCheckUtils]: 96: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,715 INFO L290 TraceCheckUtils]: 97: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,715 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25655#true} {25655#true} #1648#return; {25655#true} is VALID [2022-02-20 17:59:28,715 INFO L290 TraceCheckUtils]: 99: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,715 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25655#true} {25656#false} #1782#return; {25656#false} is VALID [2022-02-20 17:59:28,715 INFO L272 TraceCheckUtils]: 101: Hoare triple {25656#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:28,716 INFO L290 TraceCheckUtils]: 102: Hoare triple {25757#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,716 INFO L290 TraceCheckUtils]: 103: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,716 INFO L290 TraceCheckUtils]: 104: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,716 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25655#true} {25656#false} #1784#return; {25656#false} is VALID [2022-02-20 17:59:28,716 INFO L290 TraceCheckUtils]: 106: Hoare triple {25656#false} assume { :end_inline_setup_chuck__role__Keys } true; {25656#false} is VALID [2022-02-20 17:59:28,716 INFO L290 TraceCheckUtils]: 107: Hoare triple {25656#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {25656#false} is VALID [2022-02-20 17:59:28,716 INFO L290 TraceCheckUtils]: 108: Hoare triple {25656#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25656#false} is VALID [2022-02-20 17:59:28,716 INFO L290 TraceCheckUtils]: 109: Hoare triple {25656#false} assume !false; {25656#false} is VALID [2022-02-20 17:59:28,717 INFO L290 TraceCheckUtils]: 110: Hoare triple {25656#false} assume test_~splverifierCounter~0#1 < 4; {25656#false} is VALID [2022-02-20 17:59:28,717 INFO L290 TraceCheckUtils]: 111: Hoare triple {25656#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25656#false} is VALID [2022-02-20 17:59:28,717 INFO L290 TraceCheckUtils]: 112: Hoare triple {25656#false} assume !(0 == test_~op1~0#1); {25656#false} is VALID [2022-02-20 17:59:28,717 INFO L290 TraceCheckUtils]: 113: Hoare triple {25656#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {25656#false} is VALID [2022-02-20 17:59:28,717 INFO L290 TraceCheckUtils]: 114: Hoare triple {25656#false} assume 0 != test_~tmp___8~0#1; {25656#false} is VALID [2022-02-20 17:59:28,717 INFO L290 TraceCheckUtils]: 115: Hoare triple {25656#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25656#false} is VALID [2022-02-20 17:59:28,718 INFO L290 TraceCheckUtils]: 116: Hoare triple {25656#false} test_~op2~0#1 := 1; {25656#false} is VALID [2022-02-20 17:59:28,718 INFO L290 TraceCheckUtils]: 117: Hoare triple {25656#false} assume !false; {25656#false} is VALID [2022-02-20 17:59:28,718 INFO L290 TraceCheckUtils]: 118: Hoare triple {25656#false} assume !(test_~splverifierCounter~0#1 < 4); {25656#false} is VALID [2022-02-20 17:59:28,718 INFO L290 TraceCheckUtils]: 119: Hoare triple {25656#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {25656#false} is VALID [2022-02-20 17:59:28,718 INFO L272 TraceCheckUtils]: 120: Hoare triple {25656#false} call sendEmail(~bob~0, ~rjh~0); {25656#false} is VALID [2022-02-20 17:59:28,718 INFO L290 TraceCheckUtils]: 121: Hoare triple {25656#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25656#false} is VALID [2022-02-20 17:59:28,718 INFO L272 TraceCheckUtils]: 122: Hoare triple {25656#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:28,719 INFO L290 TraceCheckUtils]: 123: Hoare triple {25770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,719 INFO L290 TraceCheckUtils]: 124: Hoare triple {25655#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,719 INFO L290 TraceCheckUtils]: 125: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,719 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25655#true} {25656#false} #1670#return; {25656#false} is VALID [2022-02-20 17:59:28,719 INFO L272 TraceCheckUtils]: 127: Hoare triple {25656#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25771#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:28,719 INFO L290 TraceCheckUtils]: 128: Hoare triple {25771#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,719 INFO L290 TraceCheckUtils]: 129: Hoare triple {25655#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,719 INFO L290 TraceCheckUtils]: 130: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,720 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25655#true} {25656#false} #1672#return; {25656#false} is VALID [2022-02-20 17:59:28,720 INFO L290 TraceCheckUtils]: 132: Hoare triple {25656#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {25656#false} is VALID [2022-02-20 17:59:28,720 INFO L290 TraceCheckUtils]: 133: Hoare triple {25656#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {25656#false} is VALID [2022-02-20 17:59:28,720 INFO L272 TraceCheckUtils]: 134: Hoare triple {25656#false} call outgoing(~sender#1, ~email~0#1); {25656#false} is VALID [2022-02-20 17:59:28,720 INFO L290 TraceCheckUtils]: 135: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25656#false} is VALID [2022-02-20 17:59:28,720 INFO L290 TraceCheckUtils]: 136: Hoare triple {25656#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {25656#false} is VALID [2022-02-20 17:59:28,720 INFO L272 TraceCheckUtils]: 137: Hoare triple {25656#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {25655#true} is VALID [2022-02-20 17:59:28,720 INFO L290 TraceCheckUtils]: 138: Hoare triple {25655#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25655#true} is VALID [2022-02-20 17:59:28,721 INFO L290 TraceCheckUtils]: 139: Hoare triple {25655#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {25655#true} is VALID [2022-02-20 17:59:28,721 INFO L290 TraceCheckUtils]: 140: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,721 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {25655#true} {25656#false} #1602#return; {25656#false} is VALID [2022-02-20 17:59:28,721 INFO L290 TraceCheckUtils]: 142: Hoare triple {25656#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {25656#false} is VALID [2022-02-20 17:59:28,721 INFO L290 TraceCheckUtils]: 143: Hoare triple {25656#false} assume 0 == sign_~privkey~1#1; {25656#false} is VALID [2022-02-20 17:59:28,721 INFO L290 TraceCheckUtils]: 144: Hoare triple {25656#false} assume { :end_inline_sign } true; {25656#false} is VALID [2022-02-20 17:59:28,721 INFO L272 TraceCheckUtils]: 145: Hoare triple {25656#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {25656#false} is VALID [2022-02-20 17:59:28,722 INFO L290 TraceCheckUtils]: 146: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25656#false} is VALID [2022-02-20 17:59:28,722 INFO L290 TraceCheckUtils]: 147: Hoare triple {25656#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {25656#false} is VALID [2022-02-20 17:59:28,722 INFO L272 TraceCheckUtils]: 148: Hoare triple {25656#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {25656#false} is VALID [2022-02-20 17:59:28,722 INFO L290 TraceCheckUtils]: 149: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25656#false} is VALID [2022-02-20 17:59:28,722 INFO L290 TraceCheckUtils]: 150: Hoare triple {25656#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25656#false} is VALID [2022-02-20 17:59:28,722 INFO L272 TraceCheckUtils]: 151: Hoare triple {25656#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {25656#false} is VALID [2022-02-20 17:59:28,722 INFO L290 TraceCheckUtils]: 152: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {25656#false} is VALID [2022-02-20 17:59:28,722 INFO L290 TraceCheckUtils]: 153: Hoare triple {25656#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {25656#false} is VALID [2022-02-20 17:59:28,723 INFO L290 TraceCheckUtils]: 154: Hoare triple {25656#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {25656#false} is VALID [2022-02-20 17:59:28,723 INFO L272 TraceCheckUtils]: 155: Hoare triple {25656#false} call setEmailFrom(~msg#1, ~tmp~10#1); {25770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:28,723 INFO L290 TraceCheckUtils]: 156: Hoare triple {25770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:28,723 INFO L290 TraceCheckUtils]: 157: Hoare triple {25655#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:28,723 INFO L290 TraceCheckUtils]: 158: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,723 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {25655#true} {25656#false} #1682#return; {25656#false} is VALID [2022-02-20 17:59:28,723 INFO L290 TraceCheckUtils]: 160: Hoare triple {25656#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {25656#false} is VALID [2022-02-20 17:59:28,723 INFO L272 TraceCheckUtils]: 161: Hoare triple {25656#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {25655#true} is VALID [2022-02-20 17:59:28,724 INFO L290 TraceCheckUtils]: 162: Hoare triple {25655#true} ~handle := #in~handle;havoc ~retValue_acc~24; {25655#true} is VALID [2022-02-20 17:59:28,724 INFO L290 TraceCheckUtils]: 163: Hoare triple {25655#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {25655#true} is VALID [2022-02-20 17:59:28,724 INFO L290 TraceCheckUtils]: 164: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,724 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {25655#true} {25656#false} #1684#return; {25656#false} is VALID [2022-02-20 17:59:28,724 INFO L290 TraceCheckUtils]: 166: Hoare triple {25656#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {25656#false} is VALID [2022-02-20 17:59:28,724 INFO L290 TraceCheckUtils]: 167: Hoare triple {25656#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {25656#false} is VALID [2022-02-20 17:59:28,724 INFO L272 TraceCheckUtils]: 168: Hoare triple {25656#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {25655#true} is VALID [2022-02-20 17:59:28,724 INFO L290 TraceCheckUtils]: 169: Hoare triple {25655#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25655#true} is VALID [2022-02-20 17:59:28,725 INFO L290 TraceCheckUtils]: 170: Hoare triple {25655#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {25655#true} is VALID [2022-02-20 17:59:28,725 INFO L290 TraceCheckUtils]: 171: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,725 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25655#true} {25656#false} #1686#return; {25656#false} is VALID [2022-02-20 17:59:28,725 INFO L290 TraceCheckUtils]: 173: Hoare triple {25656#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {25656#false} is VALID [2022-02-20 17:59:28,725 INFO L290 TraceCheckUtils]: 174: Hoare triple {25656#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {25656#false} is VALID [2022-02-20 17:59:28,725 INFO L272 TraceCheckUtils]: 175: Hoare triple {25656#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {25656#false} is VALID [2022-02-20 17:59:28,725 INFO L290 TraceCheckUtils]: 176: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25656#false} is VALID [2022-02-20 17:59:28,725 INFO L290 TraceCheckUtils]: 177: Hoare triple {25656#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {25656#false} is VALID [2022-02-20 17:59:28,726 INFO L290 TraceCheckUtils]: 178: Hoare triple {25656#false} assume 1 == ~sent_signed~0; {25656#false} is VALID [2022-02-20 17:59:28,726 INFO L272 TraceCheckUtils]: 179: Hoare triple {25656#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {25655#true} is VALID [2022-02-20 17:59:28,726 INFO L290 TraceCheckUtils]: 180: Hoare triple {25655#true} ~handle := #in~handle;havoc ~retValue_acc~18; {25655#true} is VALID [2022-02-20 17:59:28,726 INFO L290 TraceCheckUtils]: 181: Hoare triple {25655#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {25655#true} is VALID [2022-02-20 17:59:28,726 INFO L290 TraceCheckUtils]: 182: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,726 INFO L284 TraceCheckUtils]: 183: Hoare quadruple {25655#true} {25656#false} #1608#return; {25656#false} is VALID [2022-02-20 17:59:28,726 INFO L290 TraceCheckUtils]: 184: Hoare triple {25656#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {25656#false} is VALID [2022-02-20 17:59:28,726 INFO L272 TraceCheckUtils]: 185: Hoare triple {25656#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {25655#true} is VALID [2022-02-20 17:59:28,726 INFO L290 TraceCheckUtils]: 186: Hoare triple {25655#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {25655#true} is VALID [2022-02-20 17:59:28,727 INFO L290 TraceCheckUtils]: 187: Hoare triple {25655#true} assume 1 == ~handle; {25655#true} is VALID [2022-02-20 17:59:28,727 INFO L290 TraceCheckUtils]: 188: Hoare triple {25655#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {25655#true} is VALID [2022-02-20 17:59:28,727 INFO L290 TraceCheckUtils]: 189: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:28,727 INFO L284 TraceCheckUtils]: 190: Hoare quadruple {25655#true} {25656#false} #1610#return; {25656#false} is VALID [2022-02-20 17:59:28,727 INFO L290 TraceCheckUtils]: 191: Hoare triple {25656#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {25656#false} is VALID [2022-02-20 17:59:28,727 INFO L290 TraceCheckUtils]: 192: Hoare triple {25656#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {25656#false} is VALID [2022-02-20 17:59:28,727 INFO L272 TraceCheckUtils]: 193: Hoare triple {25656#false} call __automaton_fail(); {25656#false} is VALID [2022-02-20 17:59:28,727 INFO L290 TraceCheckUtils]: 194: Hoare triple {25656#false} assume !false; {25656#false} is VALID [2022-02-20 17:59:28,728 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 17:59:28,728 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:28,728 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [881511622] [2022-02-20 17:59:28,728 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [881511622] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:28,728 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1130581935] [2022-02-20 17:59:28,729 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:28,729 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:28,729 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:28,730 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:28,731 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:59:29,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,027 INFO L263 TraceCheckSpWp]: Trace formula consists of 1601 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:29,086 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:29,090 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:29,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {25655#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {25655#true} is VALID [2022-02-20 17:59:29,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {25655#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25655#true} is VALID [2022-02-20 17:59:29,501 INFO L290 TraceCheckUtils]: 2: Hoare triple {25655#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {25655#true} is VALID [2022-02-20 17:59:29,501 INFO L272 TraceCheckUtils]: 3: Hoare triple {25655#true} call select_features_#t~ret27#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:29,501 INFO L290 TraceCheckUtils]: 4: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:29,501 INFO L290 TraceCheckUtils]: 5: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,501 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25655#true} {25655#true} #1754#return; {25655#true} is VALID [2022-02-20 17:59:29,501 INFO L290 TraceCheckUtils]: 7: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {25655#true} is VALID [2022-02-20 17:59:29,501 INFO L272 TraceCheckUtils]: 8: Hoare triple {25655#true} call select_features_#t~ret28#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:29,501 INFO L290 TraceCheckUtils]: 9: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L290 TraceCheckUtils]: 10: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25655#true} {25655#true} #1756#return; {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L290 TraceCheckUtils]: 12: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L272 TraceCheckUtils]: 13: Hoare triple {25655#true} call select_features_#t~ret29#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L290 TraceCheckUtils]: 14: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L290 TraceCheckUtils]: 15: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25655#true} {25655#true} #1758#return; {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L290 TraceCheckUtils]: 17: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {25655#true} is VALID [2022-02-20 17:59:29,502 INFO L272 TraceCheckUtils]: 18: Hoare triple {25655#true} call select_features_#t~ret30#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 19: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 20: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,503 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25655#true} {25655#true} #1760#return; {25655#true} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 22: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {25655#true} is VALID [2022-02-20 17:59:29,503 INFO L272 TraceCheckUtils]: 23: Hoare triple {25655#true} call select_features_#t~ret31#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 24: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:29,503 INFO L290 TraceCheckUtils]: 25: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,503 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25655#true} {25655#true} #1762#return; {25655#true} is VALID [2022-02-20 17:59:29,504 INFO L290 TraceCheckUtils]: 27: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {25655#true} is VALID [2022-02-20 17:59:29,504 INFO L272 TraceCheckUtils]: 28: Hoare triple {25655#true} call select_features_#t~ret32#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:29,504 INFO L290 TraceCheckUtils]: 29: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:29,504 INFO L290 TraceCheckUtils]: 30: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,504 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25655#true} {25655#true} #1764#return; {25655#true} is VALID [2022-02-20 17:59:29,504 INFO L290 TraceCheckUtils]: 32: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {25655#true} is VALID [2022-02-20 17:59:29,504 INFO L272 TraceCheckUtils]: 33: Hoare triple {25655#true} call select_features_#t~ret33#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:29,504 INFO L290 TraceCheckUtils]: 34: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 35: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25655#true} {25655#true} #1766#return; {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 37: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L272 TraceCheckUtils]: 38: Hoare triple {25655#true} call select_features_#t~ret34#1 := select_one(); {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 39: Hoare triple {25655#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 40: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25655#true} {25655#true} #1768#return; {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 42: Hoare triple {25655#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {25655#true} is VALID [2022-02-20 17:59:29,505 INFO L290 TraceCheckUtils]: 43: Hoare triple {25655#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {25655#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 44: Hoare triple {25655#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25655#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 45: Hoare triple {25655#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {25655#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 46: Hoare triple {25655#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25655#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 47: Hoare triple {25655#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {25655#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 48: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {25655#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 49: Hoare triple {25655#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {25655#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 50: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {25655#true} is VALID [2022-02-20 17:59:29,506 INFO L290 TraceCheckUtils]: 51: Hoare triple {25655#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 52: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 53: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 54: Hoare triple {25655#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 55: Hoare triple {25655#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 56: Hoare triple {25655#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 57: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L272 TraceCheckUtils]: 58: Hoare triple {25655#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L290 TraceCheckUtils]: 59: Hoare triple {25655#true} ~bob___0 := #in~bob___0; {25655#true} is VALID [2022-02-20 17:59:29,507 INFO L272 TraceCheckUtils]: 60: Hoare triple {25655#true} call setClientId(~bob___0, ~bob___0); {25655#true} is VALID [2022-02-20 17:59:29,508 INFO L290 TraceCheckUtils]: 61: Hoare triple {25655#true} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:29,508 INFO L290 TraceCheckUtils]: 62: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:29,508 INFO L290 TraceCheckUtils]: 63: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,508 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25655#true} {25655#true} #1752#return; {25655#true} is VALID [2022-02-20 17:59:29,508 INFO L290 TraceCheckUtils]: 65: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,508 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25655#true} {25655#true} #1770#return; {25655#true} is VALID [2022-02-20 17:59:29,508 INFO L272 TraceCheckUtils]: 67: Hoare triple {25655#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25655#true} is VALID [2022-02-20 17:59:29,508 INFO L290 TraceCheckUtils]: 68: Hoare triple {25655#true} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L290 TraceCheckUtils]: 69: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L290 TraceCheckUtils]: 70: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25655#true} {25655#true} #1772#return; {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L290 TraceCheckUtils]: 72: Hoare triple {25655#true} assume { :end_inline_setup_bob__role__Keys } true; {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L290 TraceCheckUtils]: 73: Hoare triple {25655#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L290 TraceCheckUtils]: 74: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L272 TraceCheckUtils]: 75: Hoare triple {25655#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L290 TraceCheckUtils]: 76: Hoare triple {25655#true} ~rjh___0 := #in~rjh___0; {25655#true} is VALID [2022-02-20 17:59:29,509 INFO L272 TraceCheckUtils]: 77: Hoare triple {25655#true} call setClientId(~rjh___0, ~rjh___0); {25655#true} is VALID [2022-02-20 17:59:29,510 INFO L290 TraceCheckUtils]: 78: Hoare triple {25655#true} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:29,510 INFO L290 TraceCheckUtils]: 79: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:29,510 INFO L290 TraceCheckUtils]: 80: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,510 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25655#true} {25655#true} #1704#return; {25655#true} is VALID [2022-02-20 17:59:29,510 INFO L290 TraceCheckUtils]: 82: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,510 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25655#true} {25655#true} #1776#return; {25655#true} is VALID [2022-02-20 17:59:29,510 INFO L272 TraceCheckUtils]: 84: Hoare triple {25655#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25655#true} is VALID [2022-02-20 17:59:29,510 INFO L290 TraceCheckUtils]: 85: Hoare triple {25655#true} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:29,511 INFO L290 TraceCheckUtils]: 86: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:29,511 INFO L290 TraceCheckUtils]: 87: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,511 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25655#true} {25655#true} #1778#return; {25655#true} is VALID [2022-02-20 17:59:29,511 INFO L290 TraceCheckUtils]: 89: Hoare triple {25655#true} assume { :end_inline_setup_rjh__role__Keys } true; {25655#true} is VALID [2022-02-20 17:59:29,511 INFO L290 TraceCheckUtils]: 90: Hoare triple {25655#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25655#true} is VALID [2022-02-20 17:59:29,511 INFO L290 TraceCheckUtils]: 91: Hoare triple {25655#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25655#true} is VALID [2022-02-20 17:59:29,511 INFO L272 TraceCheckUtils]: 92: Hoare triple {25655#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25655#true} is VALID [2022-02-20 17:59:29,511 INFO L290 TraceCheckUtils]: 93: Hoare triple {25655#true} ~chuck___0 := #in~chuck___0; {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L272 TraceCheckUtils]: 94: Hoare triple {25655#true} call setClientId(~chuck___0, ~chuck___0); {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L290 TraceCheckUtils]: 95: Hoare triple {25655#true} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L290 TraceCheckUtils]: 96: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L290 TraceCheckUtils]: 97: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25655#true} {25655#true} #1648#return; {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L290 TraceCheckUtils]: 99: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25655#true} {25655#true} #1782#return; {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L272 TraceCheckUtils]: 101: Hoare triple {25655#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25655#true} is VALID [2022-02-20 17:59:29,512 INFO L290 TraceCheckUtils]: 102: Hoare triple {25655#true} ~handle := #in~handle;~value := #in~value; {25655#true} is VALID [2022-02-20 17:59:29,513 INFO L290 TraceCheckUtils]: 103: Hoare triple {25655#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25655#true} is VALID [2022-02-20 17:59:29,513 INFO L290 TraceCheckUtils]: 104: Hoare triple {25655#true} assume true; {25655#true} is VALID [2022-02-20 17:59:29,513 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25655#true} {25655#true} #1784#return; {25655#true} is VALID [2022-02-20 17:59:29,513 INFO L290 TraceCheckUtils]: 106: Hoare triple {25655#true} assume { :end_inline_setup_chuck__role__Keys } true; {25655#true} is VALID [2022-02-20 17:59:29,513 INFO L290 TraceCheckUtils]: 107: Hoare triple {25655#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {25655#true} is VALID [2022-02-20 17:59:29,513 INFO L290 TraceCheckUtils]: 108: Hoare triple {25655#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26099#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:29,514 INFO L290 TraceCheckUtils]: 109: Hoare triple {26099#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {26099#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:29,514 INFO L290 TraceCheckUtils]: 110: Hoare triple {26099#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {26099#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:29,514 INFO L290 TraceCheckUtils]: 111: Hoare triple {26099#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26099#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:59:29,515 INFO L290 TraceCheckUtils]: 112: Hoare triple {26099#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {25656#false} is VALID [2022-02-20 17:59:29,515 INFO L290 TraceCheckUtils]: 113: Hoare triple {25656#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {25656#false} is VALID [2022-02-20 17:59:29,515 INFO L290 TraceCheckUtils]: 114: Hoare triple {25656#false} assume 0 != test_~tmp___8~0#1; {25656#false} is VALID [2022-02-20 17:59:29,515 INFO L290 TraceCheckUtils]: 115: Hoare triple {25656#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25656#false} is VALID [2022-02-20 17:59:29,515 INFO L290 TraceCheckUtils]: 116: Hoare triple {25656#false} test_~op2~0#1 := 1; {25656#false} is VALID [2022-02-20 17:59:29,515 INFO L290 TraceCheckUtils]: 117: Hoare triple {25656#false} assume !false; {25656#false} is VALID [2022-02-20 17:59:29,515 INFO L290 TraceCheckUtils]: 118: Hoare triple {25656#false} assume !(test_~splverifierCounter~0#1 < 4); {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 119: Hoare triple {25656#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L272 TraceCheckUtils]: 120: Hoare triple {25656#false} call sendEmail(~bob~0, ~rjh~0); {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 121: Hoare triple {25656#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L272 TraceCheckUtils]: 122: Hoare triple {25656#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 123: Hoare triple {25656#false} ~handle := #in~handle;~value := #in~value; {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 124: Hoare triple {25656#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L290 TraceCheckUtils]: 125: Hoare triple {25656#false} assume true; {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25656#false} {25656#false} #1670#return; {25656#false} is VALID [2022-02-20 17:59:29,516 INFO L272 TraceCheckUtils]: 127: Hoare triple {25656#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25656#false} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 128: Hoare triple {25656#false} ~handle := #in~handle;~value := #in~value; {25656#false} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 129: Hoare triple {25656#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25656#false} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 130: Hoare triple {25656#false} assume true; {25656#false} is VALID [2022-02-20 17:59:29,517 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25656#false} {25656#false} #1672#return; {25656#false} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 132: Hoare triple {25656#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {25656#false} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 133: Hoare triple {25656#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {25656#false} is VALID [2022-02-20 17:59:29,517 INFO L272 TraceCheckUtils]: 134: Hoare triple {25656#false} call outgoing(~sender#1, ~email~0#1); {25656#false} is VALID [2022-02-20 17:59:29,517 INFO L290 TraceCheckUtils]: 135: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 136: Hoare triple {25656#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L272 TraceCheckUtils]: 137: Hoare triple {25656#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 138: Hoare triple {25656#false} ~handle := #in~handle;havoc ~retValue_acc~36; {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 139: Hoare triple {25656#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 140: Hoare triple {25656#false} assume true; {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {25656#false} {25656#false} #1602#return; {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 142: Hoare triple {25656#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 143: Hoare triple {25656#false} assume 0 == sign_~privkey~1#1; {25656#false} is VALID [2022-02-20 17:59:29,518 INFO L290 TraceCheckUtils]: 144: Hoare triple {25656#false} assume { :end_inline_sign } true; {25656#false} is VALID [2022-02-20 17:59:29,519 INFO L272 TraceCheckUtils]: 145: Hoare triple {25656#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {25656#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 146: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25656#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 147: Hoare triple {25656#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {25656#false} is VALID [2022-02-20 17:59:29,519 INFO L272 TraceCheckUtils]: 148: Hoare triple {25656#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {25656#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 149: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25656#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 150: Hoare triple {25656#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25656#false} is VALID [2022-02-20 17:59:29,519 INFO L272 TraceCheckUtils]: 151: Hoare triple {25656#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {25656#false} is VALID [2022-02-20 17:59:29,519 INFO L290 TraceCheckUtils]: 152: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {25656#false} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 153: Hoare triple {25656#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {25656#false} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 154: Hoare triple {25656#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {25656#false} is VALID [2022-02-20 17:59:29,520 INFO L272 TraceCheckUtils]: 155: Hoare triple {25656#false} call setEmailFrom(~msg#1, ~tmp~10#1); {25656#false} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 156: Hoare triple {25656#false} ~handle := #in~handle;~value := #in~value; {25656#false} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 157: Hoare triple {25656#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25656#false} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 158: Hoare triple {25656#false} assume true; {25656#false} is VALID [2022-02-20 17:59:29,520 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {25656#false} {25656#false} #1682#return; {25656#false} is VALID [2022-02-20 17:59:29,520 INFO L290 TraceCheckUtils]: 160: Hoare triple {25656#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L272 TraceCheckUtils]: 161: Hoare triple {25656#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 162: Hoare triple {25656#false} ~handle := #in~handle;havoc ~retValue_acc~24; {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 163: Hoare triple {25656#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 164: Hoare triple {25656#false} assume true; {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {25656#false} {25656#false} #1684#return; {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 166: Hoare triple {25656#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 167: Hoare triple {25656#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L272 TraceCheckUtils]: 168: Hoare triple {25656#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {25656#false} is VALID [2022-02-20 17:59:29,521 INFO L290 TraceCheckUtils]: 169: Hoare triple {25656#false} ~handle := #in~handle;havoc ~retValue_acc~19; {25656#false} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 170: Hoare triple {25656#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {25656#false} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 171: Hoare triple {25656#false} assume true; {25656#false} is VALID [2022-02-20 17:59:29,522 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25656#false} {25656#false} #1686#return; {25656#false} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 173: Hoare triple {25656#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {25656#false} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 174: Hoare triple {25656#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {25656#false} is VALID [2022-02-20 17:59:29,522 INFO L272 TraceCheckUtils]: 175: Hoare triple {25656#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {25656#false} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 176: Hoare triple {25656#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25656#false} is VALID [2022-02-20 17:59:29,522 INFO L290 TraceCheckUtils]: 177: Hoare triple {25656#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L290 TraceCheckUtils]: 178: Hoare triple {25656#false} assume 1 == ~sent_signed~0; {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L272 TraceCheckUtils]: 179: Hoare triple {25656#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L290 TraceCheckUtils]: 180: Hoare triple {25656#false} ~handle := #in~handle;havoc ~retValue_acc~18; {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L290 TraceCheckUtils]: 181: Hoare triple {25656#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L290 TraceCheckUtils]: 182: Hoare triple {25656#false} assume true; {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L284 TraceCheckUtils]: 183: Hoare quadruple {25656#false} {25656#false} #1608#return; {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L290 TraceCheckUtils]: 184: Hoare triple {25656#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L272 TraceCheckUtils]: 185: Hoare triple {25656#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {25656#false} is VALID [2022-02-20 17:59:29,523 INFO L290 TraceCheckUtils]: 186: Hoare triple {25656#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {25656#false} is VALID [2022-02-20 17:59:29,524 INFO L290 TraceCheckUtils]: 187: Hoare triple {25656#false} assume 1 == ~handle; {25656#false} is VALID [2022-02-20 17:59:29,524 INFO L290 TraceCheckUtils]: 188: Hoare triple {25656#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {25656#false} is VALID [2022-02-20 17:59:29,524 INFO L290 TraceCheckUtils]: 189: Hoare triple {25656#false} assume true; {25656#false} is VALID [2022-02-20 17:59:29,524 INFO L284 TraceCheckUtils]: 190: Hoare quadruple {25656#false} {25656#false} #1610#return; {25656#false} is VALID [2022-02-20 17:59:29,524 INFO L290 TraceCheckUtils]: 191: Hoare triple {25656#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {25656#false} is VALID [2022-02-20 17:59:29,524 INFO L290 TraceCheckUtils]: 192: Hoare triple {25656#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {25656#false} is VALID [2022-02-20 17:59:29,524 INFO L272 TraceCheckUtils]: 193: Hoare triple {25656#false} call __automaton_fail(); {25656#false} is VALID [2022-02-20 17:59:29,524 INFO L290 TraceCheckUtils]: 194: Hoare triple {25656#false} assume !false; {25656#false} is VALID [2022-02-20 17:59:29,525 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 17:59:29,525 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:29,525 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1130581935] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:29,525 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:29,525 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 17:59:29,526 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1109161014] [2022-02-20 17:59:29,526 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:29,526 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 36.333333333333336) internal successors, (109), 3 states have internal predecessors, (109), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 195 [2022-02-20 17:59:29,527 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:29,527 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 36.333333333333336) internal successors, (109), 3 states have internal predecessors, (109), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:29,643 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 166 edges. 166 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:29,643 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:29,643 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:29,643 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:29,644 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:29,644 INFO L87 Difference]: Start difference. First operand 604 states and 866 transitions. Second operand has 3 states, 3 states have (on average 36.333333333333336) internal successors, (109), 3 states have internal predecessors, (109), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:30,291 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:30,295 INFO L93 Difference]: Finished difference Result 1228 states and 1793 transitions. [2022-02-20 17:59:30,295 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:30,296 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 36.333333333333336) internal successors, (109), 3 states have internal predecessors, (109), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 195 [2022-02-20 17:59:30,296 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:30,296 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 36.333333333333336) internal successors, (109), 3 states have internal predecessors, (109), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:30,327 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1789 transitions. [2022-02-20 17:59:30,328 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 36.333333333333336) internal successors, (109), 3 states have internal predecessors, (109), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:30,362 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1789 transitions. [2022-02-20 17:59:30,362 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1789 transitions. [2022-02-20 17:59:31,051 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1789 edges. 1789 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:31,111 INFO L225 Difference]: With dead ends: 1228 [2022-02-20 17:59:31,111 INFO L226 Difference]: Without dead ends: 702 [2022-02-20 17:59:31,113 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 250 GetRequests, 239 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:31,117 INFO L933 BasicCegarLoop]: 886 mSDtfsCounter, 165 mSDsluCounter, 813 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1699 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:31,117 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 1699 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:31,119 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 702 states. [2022-02-20 17:59:31,141 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 702 to 694. [2022-02-20 17:59:31,141 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:31,142 INFO L82 GeneralOperation]: Start isEquivalent. First operand 702 states. Second operand has 694 states, 527 states have (on average 1.462998102466793) internal successors, (771), 538 states have internal predecessors, (771), 122 states have call successors, (122), 45 states have call predecessors, (122), 44 states have return successors, (119), 118 states have call predecessors, (119), 119 states have call successors, (119) [2022-02-20 17:59:31,143 INFO L74 IsIncluded]: Start isIncluded. First operand 702 states. Second operand has 694 states, 527 states have (on average 1.462998102466793) internal successors, (771), 538 states have internal predecessors, (771), 122 states have call successors, (122), 45 states have call predecessors, (122), 44 states have return successors, (119), 118 states have call predecessors, (119), 119 states have call successors, (119) [2022-02-20 17:59:31,144 INFO L87 Difference]: Start difference. First operand 702 states. Second operand has 694 states, 527 states have (on average 1.462998102466793) internal successors, (771), 538 states have internal predecessors, (771), 122 states have call successors, (122), 45 states have call predecessors, (122), 44 states have return successors, (119), 118 states have call predecessors, (119), 119 states have call successors, (119) [2022-02-20 17:59:31,161 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:31,162 INFO L93 Difference]: Finished difference Result 702 states and 1021 transitions. [2022-02-20 17:59:31,162 INFO L276 IsEmpty]: Start isEmpty. Operand 702 states and 1021 transitions. [2022-02-20 17:59:31,163 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:31,164 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:31,165 INFO L74 IsIncluded]: Start isIncluded. First operand has 694 states, 527 states have (on average 1.462998102466793) internal successors, (771), 538 states have internal predecessors, (771), 122 states have call successors, (122), 45 states have call predecessors, (122), 44 states have return successors, (119), 118 states have call predecessors, (119), 119 states have call successors, (119) Second operand 702 states. [2022-02-20 17:59:31,165 INFO L87 Difference]: Start difference. First operand has 694 states, 527 states have (on average 1.462998102466793) internal successors, (771), 538 states have internal predecessors, (771), 122 states have call successors, (122), 45 states have call predecessors, (122), 44 states have return successors, (119), 118 states have call predecessors, (119), 119 states have call successors, (119) Second operand 702 states. [2022-02-20 17:59:31,182 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:31,183 INFO L93 Difference]: Finished difference Result 702 states and 1021 transitions. [2022-02-20 17:59:31,183 INFO L276 IsEmpty]: Start isEmpty. Operand 702 states and 1021 transitions. [2022-02-20 17:59:31,184 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:31,185 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:31,185 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:31,185 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:31,186 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 694 states, 527 states have (on average 1.462998102466793) internal successors, (771), 538 states have internal predecessors, (771), 122 states have call successors, (122), 45 states have call predecessors, (122), 44 states have return successors, (119), 118 states have call predecessors, (119), 119 states have call successors, (119) [2022-02-20 17:59:31,229 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 694 states to 694 states and 1012 transitions. [2022-02-20 17:59:31,230 INFO L78 Accepts]: Start accepts. Automaton has 694 states and 1012 transitions. Word has length 195 [2022-02-20 17:59:31,231 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:31,232 INFO L470 AbstractCegarLoop]: Abstraction has 694 states and 1012 transitions. [2022-02-20 17:59:31,232 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 36.333333333333336) internal successors, (109), 3 states have internal predecessors, (109), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 17:59:31,232 INFO L276 IsEmpty]: Start isEmpty. Operand 694 states and 1012 transitions. [2022-02-20 17:59:31,234 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 225 [2022-02-20 17:59:31,234 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:31,234 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:31,267 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 17:59:31,447 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2022-02-20 17:59:31,448 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:31,449 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:31,449 INFO L85 PathProgramCache]: Analyzing trace with hash -606111174, now seen corresponding path program 1 times [2022-02-20 17:59:31,449 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:31,449 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1491537517] [2022-02-20 17:59:31,449 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:31,449 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:31,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:31,529 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,531 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,531 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,531 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30414#true} {30414#true} #1754#return; {30414#true} is VALID [2022-02-20 17:59:31,532 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:31,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,535 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,535 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30414#true} {30414#true} #1756#return; {30414#true} is VALID [2022-02-20 17:59:31,535 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:31,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,538 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,538 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,539 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30414#true} {30414#true} #1758#return; {30414#true} is VALID [2022-02-20 17:59:31,539 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:31,540 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,541 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,542 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,542 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30414#true} {30414#true} #1760#return; {30414#true} is VALID [2022-02-20 17:59:31,542 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:31,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,544 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,545 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,545 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30414#true} {30414#true} #1762#return; {30414#true} is VALID [2022-02-20 17:59:31,545 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:31,546 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,548 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30414#true} {30414#true} #1764#return; {30414#true} is VALID [2022-02-20 17:59:31,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:31,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,551 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,551 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30414#true} {30414#true} #1766#return; {30414#true} is VALID [2022-02-20 17:59:31,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:31,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,555 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30414#true} {30414#true} #1768#return; {30414#true} is VALID [2022-02-20 17:59:31,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:31,561 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:31,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,575 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30414#true} #1752#return; {30414#true} is VALID [2022-02-20 17:59:31,575 INFO L290 TraceCheckUtils]: 0: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {30414#true} is VALID [2022-02-20 17:59:31,575 INFO L272 TraceCheckUtils]: 1: Hoare triple {30414#true} call setClientId(~bob___0, ~bob___0); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,576 INFO L290 TraceCheckUtils]: 2: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,576 INFO L290 TraceCheckUtils]: 3: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,576 INFO L290 TraceCheckUtils]: 4: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,576 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30414#true} {30414#true} #1752#return; {30414#true} is VALID [2022-02-20 17:59:31,576 INFO L290 TraceCheckUtils]: 6: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,576 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {30414#true} {30414#true} #1770#return; {30414#true} is VALID [2022-02-20 17:59:31,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:31,583 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,585 INFO L290 TraceCheckUtils]: 0: Hoare triple {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,585 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,585 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,585 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30414#true} #1772#return; {30414#true} is VALID [2022-02-20 17:59:31,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:31,588 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:31,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30540#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {30540#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {30541#(= |setClientId_#in~handle| 1)} assume true; {30541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,616 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30541#(= |setClientId_#in~handle| 1)} {30534#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:31,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {30534#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:31,617 INFO L272 TraceCheckUtils]: 1: Hoare triple {30534#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,618 INFO L290 TraceCheckUtils]: 2: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30540#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,618 INFO L290 TraceCheckUtils]: 3: Hoare triple {30540#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,618 INFO L290 TraceCheckUtils]: 4: Hoare triple {30541#(= |setClientId_#in~handle| 1)} assume true; {30541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,619 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30541#(= |setClientId_#in~handle| 1)} {30534#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:31,619 INFO L290 TraceCheckUtils]: 6: Hoare triple {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:31,620 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30453#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {30415#false} is VALID [2022-02-20 17:59:31,620 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:31,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,623 INFO L290 TraceCheckUtils]: 0: Hoare triple {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,623 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,623 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,623 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1778#return; {30415#false} is VALID [2022-02-20 17:59:31,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:59:31,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:31,627 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,628 INFO L290 TraceCheckUtils]: 0: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,629 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,629 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30414#true} #1648#return; {30414#true} is VALID [2022-02-20 17:59:31,629 INFO L290 TraceCheckUtils]: 0: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {30414#true} is VALID [2022-02-20 17:59:31,629 INFO L272 TraceCheckUtils]: 1: Hoare triple {30414#true} call setClientId(~chuck___0, ~chuck___0); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,630 INFO L290 TraceCheckUtils]: 3: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,630 INFO L290 TraceCheckUtils]: 4: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,630 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30414#true} {30414#true} #1648#return; {30414#true} is VALID [2022-02-20 17:59:31,630 INFO L290 TraceCheckUtils]: 6: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,630 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {30414#true} {30415#false} #1782#return; {30415#false} is VALID [2022-02-20 17:59:31,630 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:31,631 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,633 INFO L290 TraceCheckUtils]: 0: Hoare triple {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,633 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,633 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,633 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1784#return; {30415#false} is VALID [2022-02-20 17:59:31,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:59:31,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,642 INFO L290 TraceCheckUtils]: 0: Hoare triple {30546#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,642 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,642 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,643 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1670#return; {30415#false} is VALID [2022-02-20 17:59:31,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:59:31,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {30547#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,652 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,652 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,652 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1672#return; {30415#false} is VALID [2022-02-20 17:59:31,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 17:59:31,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,654 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30414#true} is VALID [2022-02-20 17:59:31,654 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {30414#true} is VALID [2022-02-20 17:59:31,654 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,655 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1602#return; {30415#false} is VALID [2022-02-20 17:59:31,655 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 17:59:31,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,657 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~30; {30414#true} is VALID [2022-02-20 17:59:31,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {30414#true} is VALID [2022-02-20 17:59:31,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,657 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1650#return; {30415#false} is VALID [2022-02-20 17:59:31,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 159 [2022-02-20 17:59:31,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,659 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~19; {30414#true} is VALID [2022-02-20 17:59:31,659 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {30414#true} is VALID [2022-02-20 17:59:31,659 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,660 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1636#return; {30415#false} is VALID [2022-02-20 17:59:31,660 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 165 [2022-02-20 17:59:31,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {30414#true} is VALID [2022-02-20 17:59:31,662 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle; {30414#true} is VALID [2022-02-20 17:59:31,662 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {30414#true} is VALID [2022-02-20 17:59:31,662 INFO L290 TraceCheckUtils]: 3: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,662 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30414#true} {30415#false} #1638#return; {30415#false} is VALID [2022-02-20 17:59:31,662 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 177 [2022-02-20 17:59:31,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,665 INFO L290 TraceCheckUtils]: 0: Hoare triple {30546#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,665 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,665 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,665 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1682#return; {30415#false} is VALID [2022-02-20 17:59:31,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 183 [2022-02-20 17:59:31,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~24; {30414#true} is VALID [2022-02-20 17:59:31,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {30414#true} is VALID [2022-02-20 17:59:31,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,668 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1684#return; {30415#false} is VALID [2022-02-20 17:59:31,668 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 190 [2022-02-20 17:59:31,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~19; {30414#true} is VALID [2022-02-20 17:59:31,670 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {30414#true} is VALID [2022-02-20 17:59:31,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,670 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1686#return; {30415#false} is VALID [2022-02-20 17:59:31,670 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 197 [2022-02-20 17:59:31,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30414#true} is VALID [2022-02-20 17:59:31,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {30414#true} is VALID [2022-02-20 17:59:31,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,672 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1688#return; {30415#false} is VALID [2022-02-20 17:59:31,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 208 [2022-02-20 17:59:31,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~18; {30414#true} is VALID [2022-02-20 17:59:31,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {30414#true} is VALID [2022-02-20 17:59:31,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30414#true} {30415#false} #1608#return; {30415#false} is VALID [2022-02-20 17:59:31,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 214 [2022-02-20 17:59:31,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,677 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {30414#true} is VALID [2022-02-20 17:59:31,677 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume 1 == ~handle; {30414#true} is VALID [2022-02-20 17:59:31,677 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {30414#true} is VALID [2022-02-20 17:59:31,677 INFO L290 TraceCheckUtils]: 3: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,677 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30414#true} {30415#false} #1610#return; {30415#false} is VALID [2022-02-20 17:59:31,677 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {30414#true} is VALID [2022-02-20 17:59:31,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {30414#true} is VALID [2022-02-20 17:59:31,678 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {30414#true} is VALID [2022-02-20 17:59:31,678 INFO L272 TraceCheckUtils]: 3: Hoare triple {30414#true} call select_features_#t~ret27#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:31,678 INFO L290 TraceCheckUtils]: 4: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,678 INFO L290 TraceCheckUtils]: 5: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,678 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {30414#true} {30414#true} #1754#return; {30414#true} is VALID [2022-02-20 17:59:31,678 INFO L290 TraceCheckUtils]: 7: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {30414#true} is VALID [2022-02-20 17:59:31,678 INFO L272 TraceCheckUtils]: 8: Hoare triple {30414#true} call select_features_#t~ret28#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L290 TraceCheckUtils]: 9: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L290 TraceCheckUtils]: 10: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {30414#true} {30414#true} #1756#return; {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L290 TraceCheckUtils]: 12: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L272 TraceCheckUtils]: 13: Hoare triple {30414#true} call select_features_#t~ret29#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L290 TraceCheckUtils]: 14: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L290 TraceCheckUtils]: 15: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30414#true} {30414#true} #1758#return; {30414#true} is VALID [2022-02-20 17:59:31,679 INFO L290 TraceCheckUtils]: 17: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L272 TraceCheckUtils]: 18: Hoare triple {30414#true} call select_features_#t~ret30#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L290 TraceCheckUtils]: 19: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L290 TraceCheckUtils]: 20: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {30414#true} {30414#true} #1760#return; {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L290 TraceCheckUtils]: 22: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L272 TraceCheckUtils]: 23: Hoare triple {30414#true} call select_features_#t~ret31#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L290 TraceCheckUtils]: 24: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L290 TraceCheckUtils]: 25: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,680 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {30414#true} {30414#true} #1762#return; {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L290 TraceCheckUtils]: 27: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L272 TraceCheckUtils]: 28: Hoare triple {30414#true} call select_features_#t~ret32#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L290 TraceCheckUtils]: 29: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L290 TraceCheckUtils]: 30: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {30414#true} {30414#true} #1764#return; {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L290 TraceCheckUtils]: 32: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L272 TraceCheckUtils]: 33: Hoare triple {30414#true} call select_features_#t~ret33#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L290 TraceCheckUtils]: 34: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,681 INFO L290 TraceCheckUtils]: 35: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,682 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {30414#true} {30414#true} #1766#return; {30414#true} is VALID [2022-02-20 17:59:31,682 INFO L290 TraceCheckUtils]: 37: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {30414#true} is VALID [2022-02-20 17:59:31,682 INFO L272 TraceCheckUtils]: 38: Hoare triple {30414#true} call select_features_#t~ret34#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:31,682 INFO L290 TraceCheckUtils]: 39: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:31,682 INFO L290 TraceCheckUtils]: 40: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,682 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {30414#true} {30414#true} #1768#return; {30414#true} is VALID [2022-02-20 17:59:31,682 INFO L290 TraceCheckUtils]: 42: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {30414#true} is VALID [2022-02-20 17:59:31,682 INFO L290 TraceCheckUtils]: 43: Hoare triple {30414#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 44: Hoare triple {30414#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 45: Hoare triple {30414#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 46: Hoare triple {30414#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 47: Hoare triple {30414#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 48: Hoare triple {30414#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 49: Hoare triple {30414#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 50: Hoare triple {30414#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 51: Hoare triple {30414#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {30414#true} is VALID [2022-02-20 17:59:31,683 INFO L290 TraceCheckUtils]: 52: Hoare triple {30414#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {30414#true} is VALID [2022-02-20 17:59:31,684 INFO L290 TraceCheckUtils]: 53: Hoare triple {30414#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {30414#true} is VALID [2022-02-20 17:59:31,684 INFO L290 TraceCheckUtils]: 54: Hoare triple {30414#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {30414#true} is VALID [2022-02-20 17:59:31,684 INFO L290 TraceCheckUtils]: 55: Hoare triple {30414#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {30414#true} is VALID [2022-02-20 17:59:31,684 INFO L290 TraceCheckUtils]: 56: Hoare triple {30414#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {30414#true} is VALID [2022-02-20 17:59:31,684 INFO L290 TraceCheckUtils]: 57: Hoare triple {30414#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {30414#true} is VALID [2022-02-20 17:59:31,685 INFO L272 TraceCheckUtils]: 58: Hoare triple {30414#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,685 INFO L290 TraceCheckUtils]: 59: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {30414#true} is VALID [2022-02-20 17:59:31,685 INFO L272 TraceCheckUtils]: 60: Hoare triple {30414#true} call setClientId(~bob___0, ~bob___0); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,685 INFO L290 TraceCheckUtils]: 61: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,686 INFO L290 TraceCheckUtils]: 62: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,686 INFO L290 TraceCheckUtils]: 63: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,686 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {30414#true} {30414#true} #1752#return; {30414#true} is VALID [2022-02-20 17:59:31,686 INFO L290 TraceCheckUtils]: 65: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,686 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {30414#true} {30414#true} #1770#return; {30414#true} is VALID [2022-02-20 17:59:31,687 INFO L272 TraceCheckUtils]: 67: Hoare triple {30414#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,687 INFO L290 TraceCheckUtils]: 68: Hoare triple {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,687 INFO L290 TraceCheckUtils]: 69: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,687 INFO L290 TraceCheckUtils]: 70: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,687 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {30414#true} {30414#true} #1772#return; {30414#true} is VALID [2022-02-20 17:59:31,687 INFO L290 TraceCheckUtils]: 72: Hoare triple {30414#true} assume { :end_inline_setup_bob__role__Keys } true; {30414#true} is VALID [2022-02-20 17:59:31,688 INFO L290 TraceCheckUtils]: 73: Hoare triple {30414#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {30452#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:31,688 INFO L290 TraceCheckUtils]: 74: Hoare triple {30452#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {30453#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:31,688 INFO L272 TraceCheckUtils]: 75: Hoare triple {30453#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,689 INFO L290 TraceCheckUtils]: 76: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {30534#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:31,689 INFO L272 TraceCheckUtils]: 77: Hoare triple {30534#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,690 INFO L290 TraceCheckUtils]: 78: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30540#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,690 INFO L290 TraceCheckUtils]: 79: Hoare triple {30540#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,690 INFO L290 TraceCheckUtils]: 80: Hoare triple {30541#(= |setClientId_#in~handle| 1)} assume true; {30541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:31,691 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30541#(= |setClientId_#in~handle| 1)} {30534#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:31,691 INFO L290 TraceCheckUtils]: 82: Hoare triple {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:31,692 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {30539#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30453#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {30415#false} is VALID [2022-02-20 17:59:31,692 INFO L272 TraceCheckUtils]: 84: Hoare triple {30415#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,692 INFO L290 TraceCheckUtils]: 85: Hoare triple {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,692 INFO L290 TraceCheckUtils]: 86: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,692 INFO L290 TraceCheckUtils]: 87: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,692 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {30414#true} {30415#false} #1778#return; {30415#false} is VALID [2022-02-20 17:59:31,692 INFO L290 TraceCheckUtils]: 89: Hoare triple {30415#false} assume { :end_inline_setup_rjh__role__Keys } true; {30415#false} is VALID [2022-02-20 17:59:31,692 INFO L290 TraceCheckUtils]: 90: Hoare triple {30415#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {30415#false} is VALID [2022-02-20 17:59:31,692 INFO L290 TraceCheckUtils]: 91: Hoare triple {30415#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {30415#false} is VALID [2022-02-20 17:59:31,693 INFO L272 TraceCheckUtils]: 92: Hoare triple {30415#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,693 INFO L290 TraceCheckUtils]: 93: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {30414#true} is VALID [2022-02-20 17:59:31,693 INFO L272 TraceCheckUtils]: 94: Hoare triple {30414#true} call setClientId(~chuck___0, ~chuck___0); {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,693 INFO L290 TraceCheckUtils]: 95: Hoare triple {30528#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,694 INFO L290 TraceCheckUtils]: 96: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,694 INFO L290 TraceCheckUtils]: 97: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,694 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {30414#true} {30414#true} #1648#return; {30414#true} is VALID [2022-02-20 17:59:31,694 INFO L290 TraceCheckUtils]: 99: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,694 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {30414#true} {30415#false} #1782#return; {30415#false} is VALID [2022-02-20 17:59:31,694 INFO L272 TraceCheckUtils]: 101: Hoare triple {30415#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,694 INFO L290 TraceCheckUtils]: 102: Hoare triple {30533#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,694 INFO L290 TraceCheckUtils]: 103: Hoare triple {30414#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,694 INFO L290 TraceCheckUtils]: 104: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,695 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {30414#true} {30415#false} #1784#return; {30415#false} is VALID [2022-02-20 17:59:31,695 INFO L290 TraceCheckUtils]: 106: Hoare triple {30415#false} assume { :end_inline_setup_chuck__role__Keys } true; {30415#false} is VALID [2022-02-20 17:59:31,695 INFO L290 TraceCheckUtils]: 107: Hoare triple {30415#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {30415#false} is VALID [2022-02-20 17:59:31,695 INFO L290 TraceCheckUtils]: 108: Hoare triple {30415#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30415#false} is VALID [2022-02-20 17:59:31,695 INFO L290 TraceCheckUtils]: 109: Hoare triple {30415#false} assume !false; {30415#false} is VALID [2022-02-20 17:59:31,695 INFO L290 TraceCheckUtils]: 110: Hoare triple {30415#false} assume test_~splverifierCounter~0#1 < 4; {30415#false} is VALID [2022-02-20 17:59:31,695 INFO L290 TraceCheckUtils]: 111: Hoare triple {30415#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30415#false} is VALID [2022-02-20 17:59:31,699 INFO L290 TraceCheckUtils]: 112: Hoare triple {30415#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {30415#false} is VALID [2022-02-20 17:59:31,699 INFO L290 TraceCheckUtils]: 113: Hoare triple {30415#false} assume !(0 != test_~tmp___9~0#1); {30415#false} is VALID [2022-02-20 17:59:31,699 INFO L290 TraceCheckUtils]: 114: Hoare triple {30415#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {30415#false} is VALID [2022-02-20 17:59:31,699 INFO L290 TraceCheckUtils]: 115: Hoare triple {30415#false} assume 0 != test_~tmp___8~0#1; {30415#false} is VALID [2022-02-20 17:59:31,700 INFO L290 TraceCheckUtils]: 116: Hoare triple {30415#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {30415#false} is VALID [2022-02-20 17:59:31,700 INFO L290 TraceCheckUtils]: 117: Hoare triple {30415#false} test_~op2~0#1 := 1; {30415#false} is VALID [2022-02-20 17:59:31,700 INFO L290 TraceCheckUtils]: 118: Hoare triple {30415#false} assume !false; {30415#false} is VALID [2022-02-20 17:59:31,700 INFO L290 TraceCheckUtils]: 119: Hoare triple {30415#false} assume !(test_~splverifierCounter~0#1 < 4); {30415#false} is VALID [2022-02-20 17:59:31,700 INFO L290 TraceCheckUtils]: 120: Hoare triple {30415#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {30415#false} is VALID [2022-02-20 17:59:31,700 INFO L272 TraceCheckUtils]: 121: Hoare triple {30415#false} call sendEmail(~bob~0, ~rjh~0); {30415#false} is VALID [2022-02-20 17:59:31,700 INFO L290 TraceCheckUtils]: 122: Hoare triple {30415#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30415#false} is VALID [2022-02-20 17:59:31,700 INFO L272 TraceCheckUtils]: 123: Hoare triple {30415#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30546#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:31,701 INFO L290 TraceCheckUtils]: 124: Hoare triple {30546#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,701 INFO L290 TraceCheckUtils]: 125: Hoare triple {30414#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,701 INFO L290 TraceCheckUtils]: 126: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,701 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {30414#true} {30415#false} #1670#return; {30415#false} is VALID [2022-02-20 17:59:31,701 INFO L272 TraceCheckUtils]: 128: Hoare triple {30415#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30547#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:31,701 INFO L290 TraceCheckUtils]: 129: Hoare triple {30547#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,701 INFO L290 TraceCheckUtils]: 130: Hoare triple {30414#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,701 INFO L290 TraceCheckUtils]: 131: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,701 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {30414#true} {30415#false} #1672#return; {30415#false} is VALID [2022-02-20 17:59:31,702 INFO L290 TraceCheckUtils]: 133: Hoare triple {30415#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {30415#false} is VALID [2022-02-20 17:59:31,702 INFO L290 TraceCheckUtils]: 134: Hoare triple {30415#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {30415#false} is VALID [2022-02-20 17:59:31,702 INFO L272 TraceCheckUtils]: 135: Hoare triple {30415#false} call outgoing(~sender#1, ~email~0#1); {30415#false} is VALID [2022-02-20 17:59:31,702 INFO L290 TraceCheckUtils]: 136: Hoare triple {30415#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30415#false} is VALID [2022-02-20 17:59:31,702 INFO L290 TraceCheckUtils]: 137: Hoare triple {30415#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {30415#false} is VALID [2022-02-20 17:59:31,702 INFO L272 TraceCheckUtils]: 138: Hoare triple {30415#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {30414#true} is VALID [2022-02-20 17:59:31,702 INFO L290 TraceCheckUtils]: 139: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30414#true} is VALID [2022-02-20 17:59:31,702 INFO L290 TraceCheckUtils]: 140: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {30414#true} is VALID [2022-02-20 17:59:31,703 INFO L290 TraceCheckUtils]: 141: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,703 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {30414#true} {30415#false} #1602#return; {30415#false} is VALID [2022-02-20 17:59:31,703 INFO L290 TraceCheckUtils]: 143: Hoare triple {30415#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {30415#false} is VALID [2022-02-20 17:59:31,703 INFO L290 TraceCheckUtils]: 144: Hoare triple {30415#false} assume 0 == sign_~privkey~1#1; {30415#false} is VALID [2022-02-20 17:59:31,703 INFO L290 TraceCheckUtils]: 145: Hoare triple {30415#false} assume { :end_inline_sign } true; {30415#false} is VALID [2022-02-20 17:59:31,703 INFO L272 TraceCheckUtils]: 146: Hoare triple {30415#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {30415#false} is VALID [2022-02-20 17:59:31,703 INFO L290 TraceCheckUtils]: 147: Hoare triple {30415#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30415#false} is VALID [2022-02-20 17:59:31,703 INFO L290 TraceCheckUtils]: 148: Hoare triple {30415#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret64#1, outgoing__role__AddressBook_#t~ret65#1, outgoing__role__AddressBook_#t~ret66#1, outgoing__role__AddressBook_#t~ret67#1, outgoing__role__AddressBook_#t~ret68#1, outgoing__role__AddressBook_#t~ret69#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~0#1, outgoing__role__AddressBook_~tmp~12#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~4#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~1#1, outgoing__role__AddressBook_~tmp___2~1#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~0#1;havoc outgoing__role__AddressBook_~tmp~12#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~4#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~1#1;havoc outgoing__role__AddressBook_~tmp___2~1#1; {30415#false} is VALID [2022-02-20 17:59:31,704 INFO L272 TraceCheckUtils]: 149: Hoare triple {30415#false} call outgoing__role__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {30414#true} is VALID [2022-02-20 17:59:31,704 INFO L290 TraceCheckUtils]: 150: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~30; {30414#true} is VALID [2022-02-20 17:59:31,704 INFO L290 TraceCheckUtils]: 151: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {30414#true} is VALID [2022-02-20 17:59:31,704 INFO L290 TraceCheckUtils]: 152: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,704 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {30414#true} {30415#false} #1650#return; {30415#false} is VALID [2022-02-20 17:59:31,704 INFO L290 TraceCheckUtils]: 154: Hoare triple {30415#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret64#1 && outgoing__role__AddressBook_#t~ret64#1 <= 2147483647;outgoing__role__AddressBook_~tmp~12#1 := outgoing__role__AddressBook_#t~ret64#1;havoc outgoing__role__AddressBook_#t~ret64#1;outgoing__role__AddressBook_~size~0#1 := outgoing__role__AddressBook_~tmp~12#1; {30415#false} is VALID [2022-02-20 17:59:31,704 INFO L290 TraceCheckUtils]: 155: Hoare triple {30415#false} assume !(0 != outgoing__role__AddressBook_~size~0#1); {30415#false} is VALID [2022-02-20 17:59:31,704 INFO L272 TraceCheckUtils]: 156: Hoare triple {30415#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {30415#false} is VALID [2022-02-20 17:59:31,704 INFO L290 TraceCheckUtils]: 157: Hoare triple {30415#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30415#false} is VALID [2022-02-20 17:59:31,705 INFO L290 TraceCheckUtils]: 158: Hoare triple {30415#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret62#1, outgoing__role__Encrypt_#t~ret63#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~11#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~3#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~11#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~3#1; {30415#false} is VALID [2022-02-20 17:59:31,705 INFO L272 TraceCheckUtils]: 159: Hoare triple {30415#false} call outgoing__role__Encrypt_#t~ret62#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {30414#true} is VALID [2022-02-20 17:59:31,705 INFO L290 TraceCheckUtils]: 160: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~19; {30414#true} is VALID [2022-02-20 17:59:31,705 INFO L290 TraceCheckUtils]: 161: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {30414#true} is VALID [2022-02-20 17:59:31,705 INFO L290 TraceCheckUtils]: 162: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,705 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {30414#true} {30415#false} #1636#return; {30415#false} is VALID [2022-02-20 17:59:31,705 INFO L290 TraceCheckUtils]: 164: Hoare triple {30415#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret62#1 && outgoing__role__Encrypt_#t~ret62#1 <= 2147483647;outgoing__role__Encrypt_~tmp~11#1 := outgoing__role__Encrypt_#t~ret62#1;havoc outgoing__role__Encrypt_#t~ret62#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~11#1; {30415#false} is VALID [2022-02-20 17:59:31,705 INFO L272 TraceCheckUtils]: 165: Hoare triple {30415#false} call outgoing__role__Encrypt_#t~ret63#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {30414#true} is VALID [2022-02-20 17:59:31,706 INFO L290 TraceCheckUtils]: 166: Hoare triple {30414#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {30414#true} is VALID [2022-02-20 17:59:31,706 INFO L290 TraceCheckUtils]: 167: Hoare triple {30414#true} assume 1 == ~handle; {30414#true} is VALID [2022-02-20 17:59:31,706 INFO L290 TraceCheckUtils]: 168: Hoare triple {30414#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {30414#true} is VALID [2022-02-20 17:59:31,706 INFO L290 TraceCheckUtils]: 169: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,706 INFO L284 TraceCheckUtils]: 170: Hoare quadruple {30414#true} {30415#false} #1638#return; {30415#false} is VALID [2022-02-20 17:59:31,706 INFO L290 TraceCheckUtils]: 171: Hoare triple {30415#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret63#1 && outgoing__role__Encrypt_#t~ret63#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~3#1 := outgoing__role__Encrypt_#t~ret63#1;havoc outgoing__role__Encrypt_#t~ret63#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~3#1; {30415#false} is VALID [2022-02-20 17:59:31,706 INFO L290 TraceCheckUtils]: 172: Hoare triple {30415#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {30415#false} is VALID [2022-02-20 17:59:31,706 INFO L272 TraceCheckUtils]: 173: Hoare triple {30415#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {30415#false} is VALID [2022-02-20 17:59:31,706 INFO L290 TraceCheckUtils]: 174: Hoare triple {30415#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {30415#false} is VALID [2022-02-20 17:59:31,707 INFO L290 TraceCheckUtils]: 175: Hoare triple {30415#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {30415#false} is VALID [2022-02-20 17:59:31,707 INFO L290 TraceCheckUtils]: 176: Hoare triple {30415#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {30415#false} is VALID [2022-02-20 17:59:31,707 INFO L272 TraceCheckUtils]: 177: Hoare triple {30415#false} call setEmailFrom(~msg#1, ~tmp~10#1); {30546#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:31,707 INFO L290 TraceCheckUtils]: 178: Hoare triple {30546#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30414#true} is VALID [2022-02-20 17:59:31,707 INFO L290 TraceCheckUtils]: 179: Hoare triple {30414#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30414#true} is VALID [2022-02-20 17:59:31,707 INFO L290 TraceCheckUtils]: 180: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,707 INFO L284 TraceCheckUtils]: 181: Hoare quadruple {30414#true} {30415#false} #1682#return; {30415#false} is VALID [2022-02-20 17:59:31,707 INFO L290 TraceCheckUtils]: 182: Hoare triple {30415#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {30415#false} is VALID [2022-02-20 17:59:31,708 INFO L272 TraceCheckUtils]: 183: Hoare triple {30415#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {30414#true} is VALID [2022-02-20 17:59:31,708 INFO L290 TraceCheckUtils]: 184: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~24; {30414#true} is VALID [2022-02-20 17:59:31,708 INFO L290 TraceCheckUtils]: 185: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {30414#true} is VALID [2022-02-20 17:59:31,708 INFO L290 TraceCheckUtils]: 186: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,708 INFO L284 TraceCheckUtils]: 187: Hoare quadruple {30414#true} {30415#false} #1684#return; {30415#false} is VALID [2022-02-20 17:59:31,708 INFO L290 TraceCheckUtils]: 188: Hoare triple {30415#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {30415#false} is VALID [2022-02-20 17:59:31,708 INFO L290 TraceCheckUtils]: 189: Hoare triple {30415#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {30415#false} is VALID [2022-02-20 17:59:31,708 INFO L272 TraceCheckUtils]: 190: Hoare triple {30415#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {30414#true} is VALID [2022-02-20 17:59:31,708 INFO L290 TraceCheckUtils]: 191: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~19; {30414#true} is VALID [2022-02-20 17:59:31,709 INFO L290 TraceCheckUtils]: 192: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {30414#true} is VALID [2022-02-20 17:59:31,709 INFO L290 TraceCheckUtils]: 193: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,709 INFO L284 TraceCheckUtils]: 194: Hoare quadruple {30414#true} {30415#false} #1686#return; {30415#false} is VALID [2022-02-20 17:59:31,709 INFO L290 TraceCheckUtils]: 195: Hoare triple {30415#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {30415#false} is VALID [2022-02-20 17:59:31,709 INFO L290 TraceCheckUtils]: 196: Hoare triple {30415#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret73#1, incoming__role__Decrypt_#t~ret74#1, incoming__role__Decrypt_#t~ret75#1, incoming__role__Decrypt_#t~ret76#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~15#1, incoming__role__Decrypt_~tmp___0~5#1, incoming__role__Decrypt_~tmp___1~2#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~15#1;havoc incoming__role__Decrypt_~tmp___0~5#1;havoc incoming__role__Decrypt_~tmp___1~2#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {30415#false} is VALID [2022-02-20 17:59:31,709 INFO L272 TraceCheckUtils]: 197: Hoare triple {30415#false} call incoming__role__Decrypt_#t~ret73#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {30414#true} is VALID [2022-02-20 17:59:31,709 INFO L290 TraceCheckUtils]: 198: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30414#true} is VALID [2022-02-20 17:59:31,709 INFO L290 TraceCheckUtils]: 199: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {30414#true} is VALID [2022-02-20 17:59:31,709 INFO L290 TraceCheckUtils]: 200: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,710 INFO L284 TraceCheckUtils]: 201: Hoare quadruple {30414#true} {30415#false} #1688#return; {30415#false} is VALID [2022-02-20 17:59:31,710 INFO L290 TraceCheckUtils]: 202: Hoare triple {30415#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret73#1 && incoming__role__Decrypt_#t~ret73#1 <= 2147483647;incoming__role__Decrypt_~tmp~15#1 := incoming__role__Decrypt_#t~ret73#1;havoc incoming__role__Decrypt_#t~ret73#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~15#1; {30415#false} is VALID [2022-02-20 17:59:31,710 INFO L290 TraceCheckUtils]: 203: Hoare triple {30415#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {30415#false} is VALID [2022-02-20 17:59:31,710 INFO L272 TraceCheckUtils]: 204: Hoare triple {30415#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {30415#false} is VALID [2022-02-20 17:59:31,710 INFO L290 TraceCheckUtils]: 205: Hoare triple {30415#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30415#false} is VALID [2022-02-20 17:59:31,710 INFO L290 TraceCheckUtils]: 206: Hoare triple {30415#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {30415#false} is VALID [2022-02-20 17:59:31,710 INFO L290 TraceCheckUtils]: 207: Hoare triple {30415#false} assume 1 == ~sent_signed~0; {30415#false} is VALID [2022-02-20 17:59:31,710 INFO L272 TraceCheckUtils]: 208: Hoare triple {30415#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {30414#true} is VALID [2022-02-20 17:59:31,711 INFO L290 TraceCheckUtils]: 209: Hoare triple {30414#true} ~handle := #in~handle;havoc ~retValue_acc~18; {30414#true} is VALID [2022-02-20 17:59:31,711 INFO L290 TraceCheckUtils]: 210: Hoare triple {30414#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {30414#true} is VALID [2022-02-20 17:59:31,711 INFO L290 TraceCheckUtils]: 211: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,711 INFO L284 TraceCheckUtils]: 212: Hoare quadruple {30414#true} {30415#false} #1608#return; {30415#false} is VALID [2022-02-20 17:59:31,711 INFO L290 TraceCheckUtils]: 213: Hoare triple {30415#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {30415#false} is VALID [2022-02-20 17:59:31,711 INFO L272 TraceCheckUtils]: 214: Hoare triple {30415#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {30414#true} is VALID [2022-02-20 17:59:31,711 INFO L290 TraceCheckUtils]: 215: Hoare triple {30414#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {30414#true} is VALID [2022-02-20 17:59:31,711 INFO L290 TraceCheckUtils]: 216: Hoare triple {30414#true} assume 1 == ~handle; {30414#true} is VALID [2022-02-20 17:59:31,711 INFO L290 TraceCheckUtils]: 217: Hoare triple {30414#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {30414#true} is VALID [2022-02-20 17:59:31,712 INFO L290 TraceCheckUtils]: 218: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:31,712 INFO L284 TraceCheckUtils]: 219: Hoare quadruple {30414#true} {30415#false} #1610#return; {30415#false} is VALID [2022-02-20 17:59:31,712 INFO L290 TraceCheckUtils]: 220: Hoare triple {30415#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {30415#false} is VALID [2022-02-20 17:59:31,712 INFO L290 TraceCheckUtils]: 221: Hoare triple {30415#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {30415#false} is VALID [2022-02-20 17:59:31,712 INFO L272 TraceCheckUtils]: 222: Hoare triple {30415#false} call __automaton_fail(); {30415#false} is VALID [2022-02-20 17:59:31,712 INFO L290 TraceCheckUtils]: 223: Hoare triple {30415#false} assume !false; {30415#false} is VALID [2022-02-20 17:59:31,713 INFO L134 CoverageAnalysis]: Checked inductivity of 127 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 121 trivial. 0 not checked. [2022-02-20 17:59:31,713 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:31,713 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1491537517] [2022-02-20 17:59:31,713 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1491537517] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:31,713 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [524150292] [2022-02-20 17:59:31,713 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:31,713 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:31,714 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:31,728 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:31,729 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:59:32,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:32,021 INFO L263 TraceCheckSpWp]: Trace formula consists of 1725 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:32,090 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:32,096 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:32,543 INFO L290 TraceCheckUtils]: 0: Hoare triple {30414#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {30414#true} is VALID [2022-02-20 17:59:32,543 INFO L290 TraceCheckUtils]: 1: Hoare triple {30414#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {30414#true} is VALID [2022-02-20 17:59:32,543 INFO L290 TraceCheckUtils]: 2: Hoare triple {30414#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L272 TraceCheckUtils]: 3: Hoare triple {30414#true} call select_features_#t~ret27#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L290 TraceCheckUtils]: 4: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L290 TraceCheckUtils]: 5: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {30414#true} {30414#true} #1754#return; {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L290 TraceCheckUtils]: 7: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L272 TraceCheckUtils]: 8: Hoare triple {30414#true} call select_features_#t~ret28#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L290 TraceCheckUtils]: 9: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L290 TraceCheckUtils]: 10: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:32,544 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {30414#true} {30414#true} #1756#return; {30414#true} is VALID [2022-02-20 17:59:32,545 INFO L290 TraceCheckUtils]: 12: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {30414#true} is VALID [2022-02-20 17:59:32,545 INFO L272 TraceCheckUtils]: 13: Hoare triple {30414#true} call select_features_#t~ret29#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:32,545 INFO L290 TraceCheckUtils]: 14: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:32,545 INFO L290 TraceCheckUtils]: 15: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:32,545 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30414#true} {30414#true} #1758#return; {30414#true} is VALID [2022-02-20 17:59:32,545 INFO L290 TraceCheckUtils]: 17: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {30414#true} is VALID [2022-02-20 17:59:32,545 INFO L272 TraceCheckUtils]: 18: Hoare triple {30414#true} call select_features_#t~ret30#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:32,545 INFO L290 TraceCheckUtils]: 19: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:32,546 INFO L290 TraceCheckUtils]: 20: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:32,546 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {30414#true} {30414#true} #1760#return; {30414#true} is VALID [2022-02-20 17:59:32,546 INFO L290 TraceCheckUtils]: 22: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {30414#true} is VALID [2022-02-20 17:59:32,546 INFO L272 TraceCheckUtils]: 23: Hoare triple {30414#true} call select_features_#t~ret31#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:32,546 INFO L290 TraceCheckUtils]: 24: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:32,546 INFO L290 TraceCheckUtils]: 25: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:32,546 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {30414#true} {30414#true} #1762#return; {30414#true} is VALID [2022-02-20 17:59:32,546 INFO L290 TraceCheckUtils]: 27: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L272 TraceCheckUtils]: 28: Hoare triple {30414#true} call select_features_#t~ret32#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L290 TraceCheckUtils]: 29: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L290 TraceCheckUtils]: 30: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {30414#true} {30414#true} #1764#return; {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L290 TraceCheckUtils]: 32: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L272 TraceCheckUtils]: 33: Hoare triple {30414#true} call select_features_#t~ret33#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L290 TraceCheckUtils]: 34: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L290 TraceCheckUtils]: 35: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:32,547 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {30414#true} {30414#true} #1766#return; {30414#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 37: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {30414#true} is VALID [2022-02-20 17:59:32,548 INFO L272 TraceCheckUtils]: 38: Hoare triple {30414#true} call select_features_#t~ret34#1 := select_one(); {30414#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 39: Hoare triple {30414#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {30414#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 40: Hoare triple {30414#true} assume true; {30414#true} is VALID [2022-02-20 17:59:32,548 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {30414#true} {30414#true} #1768#return; {30414#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 42: Hoare triple {30414#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {30414#true} is VALID [2022-02-20 17:59:32,548 INFO L290 TraceCheckUtils]: 43: Hoare triple {30414#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {30414#true} is VALID [2022-02-20 17:59:32,549 INFO L290 TraceCheckUtils]: 44: Hoare triple {30414#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,549 INFO L290 TraceCheckUtils]: 45: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,549 INFO L290 TraceCheckUtils]: 46: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,550 INFO L290 TraceCheckUtils]: 47: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,550 INFO L290 TraceCheckUtils]: 48: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Verify~0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,550 INFO L290 TraceCheckUtils]: 49: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,551 INFO L290 TraceCheckUtils]: 50: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Sign~0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,551 INFO L290 TraceCheckUtils]: 51: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,551 INFO L290 TraceCheckUtils]: 52: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Keys~0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,551 INFO L290 TraceCheckUtils]: 53: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,552 INFO L290 TraceCheckUtils]: 54: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,552 INFO L290 TraceCheckUtils]: 55: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,552 INFO L290 TraceCheckUtils]: 56: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,553 INFO L290 TraceCheckUtils]: 57: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,553 INFO L272 TraceCheckUtils]: 58: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,554 INFO L290 TraceCheckUtils]: 59: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~bob___0 := #in~bob___0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,554 INFO L272 TraceCheckUtils]: 60: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setClientId(~bob___0, ~bob___0); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,554 INFO L290 TraceCheckUtils]: 61: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;~value := #in~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,555 INFO L290 TraceCheckUtils]: 62: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,555 INFO L290 TraceCheckUtils]: 63: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,555 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1752#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,556 INFO L290 TraceCheckUtils]: 65: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,556 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1770#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,557 INFO L272 TraceCheckUtils]: 67: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,557 INFO L290 TraceCheckUtils]: 68: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;~value := #in~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,557 INFO L290 TraceCheckUtils]: 69: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,558 INFO L290 TraceCheckUtils]: 70: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,558 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1772#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,558 INFO L290 TraceCheckUtils]: 72: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :end_inline_setup_bob__role__Keys } true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,559 INFO L290 TraceCheckUtils]: 73: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,559 INFO L290 TraceCheckUtils]: 74: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,559 INFO L272 TraceCheckUtils]: 75: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,560 INFO L290 TraceCheckUtils]: 76: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~rjh___0 := #in~rjh___0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,560 INFO L272 TraceCheckUtils]: 77: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setClientId(~rjh___0, ~rjh___0); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,561 INFO L290 TraceCheckUtils]: 78: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;~value := #in~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,561 INFO L290 TraceCheckUtils]: 79: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,561 INFO L290 TraceCheckUtils]: 80: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,562 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1704#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,562 INFO L290 TraceCheckUtils]: 82: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,562 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1776#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,563 INFO L272 TraceCheckUtils]: 84: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,563 INFO L290 TraceCheckUtils]: 85: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;~value := #in~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,564 INFO L290 TraceCheckUtils]: 86: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,564 INFO L290 TraceCheckUtils]: 87: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,564 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1778#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,565 INFO L290 TraceCheckUtils]: 89: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :end_inline_setup_rjh__role__Keys } true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,565 INFO L290 TraceCheckUtils]: 90: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,565 INFO L290 TraceCheckUtils]: 91: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,566 INFO L272 TraceCheckUtils]: 92: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,566 INFO L290 TraceCheckUtils]: 93: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~chuck___0 := #in~chuck___0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,566 INFO L272 TraceCheckUtils]: 94: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setClientId(~chuck___0, ~chuck___0); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,567 INFO L290 TraceCheckUtils]: 95: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;~value := #in~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,567 INFO L290 TraceCheckUtils]: 96: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,567 INFO L290 TraceCheckUtils]: 97: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,568 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1648#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,568 INFO L290 TraceCheckUtils]: 99: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,568 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1782#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,569 INFO L272 TraceCheckUtils]: 101: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,569 INFO L290 TraceCheckUtils]: 102: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;~value := #in~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,570 INFO L290 TraceCheckUtils]: 103: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,570 INFO L290 TraceCheckUtils]: 104: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,570 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1784#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,571 INFO L290 TraceCheckUtils]: 106: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :end_inline_setup_chuck__role__Keys } true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,571 INFO L290 TraceCheckUtils]: 107: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,571 INFO L290 TraceCheckUtils]: 108: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,572 INFO L290 TraceCheckUtils]: 109: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !false; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,572 INFO L290 TraceCheckUtils]: 110: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume test_~splverifierCounter~0#1 < 4; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,572 INFO L290 TraceCheckUtils]: 111: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,572 INFO L290 TraceCheckUtils]: 112: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,573 INFO L290 TraceCheckUtils]: 113: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !(0 != test_~tmp___9~0#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,573 INFO L290 TraceCheckUtils]: 114: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,573 INFO L290 TraceCheckUtils]: 115: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != test_~tmp___8~0#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,574 INFO L290 TraceCheckUtils]: 116: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,574 INFO L290 TraceCheckUtils]: 117: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} test_~op2~0#1 := 1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,574 INFO L290 TraceCheckUtils]: 118: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !false; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,574 INFO L290 TraceCheckUtils]: 119: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !(test_~splverifierCounter~0#1 < 4); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,575 INFO L290 TraceCheckUtils]: 120: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,575 INFO L272 TraceCheckUtils]: 121: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call sendEmail(~bob~0, ~rjh~0); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,576 INFO L290 TraceCheckUtils]: 122: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,576 INFO L272 TraceCheckUtils]: 123: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,576 INFO L290 TraceCheckUtils]: 124: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;~value := #in~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,577 INFO L290 TraceCheckUtils]: 125: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,577 INFO L290 TraceCheckUtils]: 126: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,577 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1670#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,578 INFO L272 TraceCheckUtils]: 128: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,578 INFO L290 TraceCheckUtils]: 129: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;~value := #in~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,579 INFO L290 TraceCheckUtils]: 130: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,579 INFO L290 TraceCheckUtils]: 131: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,579 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1672#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,580 INFO L290 TraceCheckUtils]: 133: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,580 INFO L290 TraceCheckUtils]: 134: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,580 INFO L272 TraceCheckUtils]: 135: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call outgoing(~sender#1, ~email~0#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,581 INFO L290 TraceCheckUtils]: 136: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,581 INFO L290 TraceCheckUtils]: 137: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,581 INFO L272 TraceCheckUtils]: 138: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,582 INFO L290 TraceCheckUtils]: 139: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;havoc ~retValue_acc~36; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,582 INFO L290 TraceCheckUtils]: 140: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,582 INFO L290 TraceCheckUtils]: 141: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,583 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1602#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,583 INFO L290 TraceCheckUtils]: 143: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,583 INFO L290 TraceCheckUtils]: 144: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 == sign_~privkey~1#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,584 INFO L290 TraceCheckUtils]: 145: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume { :end_inline_sign } true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,584 INFO L272 TraceCheckUtils]: 146: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,585 INFO L290 TraceCheckUtils]: 147: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,585 INFO L290 TraceCheckUtils]: 148: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret64#1, outgoing__role__AddressBook_#t~ret65#1, outgoing__role__AddressBook_#t~ret66#1, outgoing__role__AddressBook_#t~ret67#1, outgoing__role__AddressBook_#t~ret68#1, outgoing__role__AddressBook_#t~ret69#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~0#1, outgoing__role__AddressBook_~tmp~12#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~4#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~1#1, outgoing__role__AddressBook_~tmp___2~1#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~0#1;havoc outgoing__role__AddressBook_~tmp~12#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~4#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~1#1;havoc outgoing__role__AddressBook_~tmp___2~1#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,585 INFO L272 TraceCheckUtils]: 149: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call outgoing__role__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,586 INFO L290 TraceCheckUtils]: 150: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~handle := #in~handle;havoc ~retValue_acc~30; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,586 INFO L290 TraceCheckUtils]: 151: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,586 INFO L290 TraceCheckUtils]: 152: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume true; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,587 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} #1650#return; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,587 INFO L290 TraceCheckUtils]: 154: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume -2147483648 <= outgoing__role__AddressBook_#t~ret64#1 && outgoing__role__AddressBook_#t~ret64#1 <= 2147483647;outgoing__role__AddressBook_~tmp~12#1 := outgoing__role__AddressBook_#t~ret64#1;havoc outgoing__role__AddressBook_#t~ret64#1;outgoing__role__AddressBook_~size~0#1 := outgoing__role__AddressBook_~tmp~12#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,587 INFO L290 TraceCheckUtils]: 155: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume !(0 != outgoing__role__AddressBook_~size~0#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,588 INFO L272 TraceCheckUtils]: 156: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,588 INFO L290 TraceCheckUtils]: 157: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} is VALID [2022-02-20 17:59:32,588 INFO L290 TraceCheckUtils]: 158: Hoare triple {30683#(= ~__SELECTED_FEATURE_Encrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret62#1, outgoing__role__Encrypt_#t~ret63#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~11#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~3#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~11#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~3#1; {30415#false} is VALID [2022-02-20 17:59:32,589 INFO L272 TraceCheckUtils]: 159: Hoare triple {30415#false} call outgoing__role__Encrypt_#t~ret62#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {30415#false} is VALID [2022-02-20 17:59:32,589 INFO L290 TraceCheckUtils]: 160: Hoare triple {30415#false} ~handle := #in~handle;havoc ~retValue_acc~19; {30415#false} is VALID [2022-02-20 17:59:32,589 INFO L290 TraceCheckUtils]: 161: Hoare triple {30415#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {30415#false} is VALID [2022-02-20 17:59:32,589 INFO L290 TraceCheckUtils]: 162: Hoare triple {30415#false} assume true; {30415#false} is VALID [2022-02-20 17:59:32,589 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {30415#false} {30415#false} #1636#return; {30415#false} is VALID [2022-02-20 17:59:32,589 INFO L290 TraceCheckUtils]: 164: Hoare triple {30415#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret62#1 && outgoing__role__Encrypt_#t~ret62#1 <= 2147483647;outgoing__role__Encrypt_~tmp~11#1 := outgoing__role__Encrypt_#t~ret62#1;havoc outgoing__role__Encrypt_#t~ret62#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~11#1; {30415#false} is VALID [2022-02-20 17:59:32,589 INFO L272 TraceCheckUtils]: 165: Hoare triple {30415#false} call outgoing__role__Encrypt_#t~ret63#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {30415#false} is VALID [2022-02-20 17:59:32,589 INFO L290 TraceCheckUtils]: 166: Hoare triple {30415#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L290 TraceCheckUtils]: 167: Hoare triple {30415#false} assume 1 == ~handle; {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L290 TraceCheckUtils]: 168: Hoare triple {30415#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L290 TraceCheckUtils]: 169: Hoare triple {30415#false} assume true; {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L284 TraceCheckUtils]: 170: Hoare quadruple {30415#false} {30415#false} #1638#return; {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L290 TraceCheckUtils]: 171: Hoare triple {30415#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret63#1 && outgoing__role__Encrypt_#t~ret63#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~3#1 := outgoing__role__Encrypt_#t~ret63#1;havoc outgoing__role__Encrypt_#t~ret63#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~3#1; {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L290 TraceCheckUtils]: 172: Hoare triple {30415#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L272 TraceCheckUtils]: 173: Hoare triple {30415#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L290 TraceCheckUtils]: 174: Hoare triple {30415#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {30415#false} is VALID [2022-02-20 17:59:32,590 INFO L290 TraceCheckUtils]: 175: Hoare triple {30415#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {30415#false} is VALID [2022-02-20 17:59:32,591 INFO L290 TraceCheckUtils]: 176: Hoare triple {30415#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {30415#false} is VALID [2022-02-20 17:59:32,591 INFO L272 TraceCheckUtils]: 177: Hoare triple {30415#false} call setEmailFrom(~msg#1, ~tmp~10#1); {30415#false} is VALID [2022-02-20 17:59:32,591 INFO L290 TraceCheckUtils]: 178: Hoare triple {30415#false} ~handle := #in~handle;~value := #in~value; {30415#false} is VALID [2022-02-20 17:59:32,591 INFO L290 TraceCheckUtils]: 179: Hoare triple {30415#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30415#false} is VALID [2022-02-20 17:59:32,591 INFO L290 TraceCheckUtils]: 180: Hoare triple {30415#false} assume true; {30415#false} is VALID [2022-02-20 17:59:32,591 INFO L284 TraceCheckUtils]: 181: Hoare quadruple {30415#false} {30415#false} #1682#return; {30415#false} is VALID [2022-02-20 17:59:32,591 INFO L290 TraceCheckUtils]: 182: Hoare triple {30415#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {30415#false} is VALID [2022-02-20 17:59:32,591 INFO L272 TraceCheckUtils]: 183: Hoare triple {30415#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L290 TraceCheckUtils]: 184: Hoare triple {30415#false} ~handle := #in~handle;havoc ~retValue_acc~24; {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L290 TraceCheckUtils]: 185: Hoare triple {30415#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L290 TraceCheckUtils]: 186: Hoare triple {30415#false} assume true; {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L284 TraceCheckUtils]: 187: Hoare quadruple {30415#false} {30415#false} #1684#return; {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L290 TraceCheckUtils]: 188: Hoare triple {30415#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L290 TraceCheckUtils]: 189: Hoare triple {30415#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L272 TraceCheckUtils]: 190: Hoare triple {30415#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L290 TraceCheckUtils]: 191: Hoare triple {30415#false} ~handle := #in~handle;havoc ~retValue_acc~19; {30415#false} is VALID [2022-02-20 17:59:32,592 INFO L290 TraceCheckUtils]: 192: Hoare triple {30415#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {30415#false} is VALID [2022-02-20 17:59:32,593 INFO L290 TraceCheckUtils]: 193: Hoare triple {30415#false} assume true; {30415#false} is VALID [2022-02-20 17:59:32,593 INFO L284 TraceCheckUtils]: 194: Hoare quadruple {30415#false} {30415#false} #1686#return; {30415#false} is VALID [2022-02-20 17:59:32,593 INFO L290 TraceCheckUtils]: 195: Hoare triple {30415#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {30415#false} is VALID [2022-02-20 17:59:32,593 INFO L290 TraceCheckUtils]: 196: Hoare triple {30415#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret73#1, incoming__role__Decrypt_#t~ret74#1, incoming__role__Decrypt_#t~ret75#1, incoming__role__Decrypt_#t~ret76#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~15#1, incoming__role__Decrypt_~tmp___0~5#1, incoming__role__Decrypt_~tmp___1~2#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~15#1;havoc incoming__role__Decrypt_~tmp___0~5#1;havoc incoming__role__Decrypt_~tmp___1~2#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {30415#false} is VALID [2022-02-20 17:59:32,593 INFO L272 TraceCheckUtils]: 197: Hoare triple {30415#false} call incoming__role__Decrypt_#t~ret73#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {30415#false} is VALID [2022-02-20 17:59:32,593 INFO L290 TraceCheckUtils]: 198: Hoare triple {30415#false} ~handle := #in~handle;havoc ~retValue_acc~36; {30415#false} is VALID [2022-02-20 17:59:32,593 INFO L290 TraceCheckUtils]: 199: Hoare triple {30415#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {30415#false} is VALID [2022-02-20 17:59:32,593 INFO L290 TraceCheckUtils]: 200: Hoare triple {30415#false} assume true; {30415#false} is VALID [2022-02-20 17:59:32,594 INFO L284 TraceCheckUtils]: 201: Hoare quadruple {30415#false} {30415#false} #1688#return; {30415#false} is VALID [2022-02-20 17:59:32,594 INFO L290 TraceCheckUtils]: 202: Hoare triple {30415#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret73#1 && incoming__role__Decrypt_#t~ret73#1 <= 2147483647;incoming__role__Decrypt_~tmp~15#1 := incoming__role__Decrypt_#t~ret73#1;havoc incoming__role__Decrypt_#t~ret73#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~15#1; {30415#false} is VALID [2022-02-20 17:59:32,594 INFO L290 TraceCheckUtils]: 203: Hoare triple {30415#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {30415#false} is VALID [2022-02-20 17:59:32,594 INFO L272 TraceCheckUtils]: 204: Hoare triple {30415#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {30415#false} is VALID [2022-02-20 17:59:32,594 INFO L290 TraceCheckUtils]: 205: Hoare triple {30415#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30415#false} is VALID [2022-02-20 17:59:32,594 INFO L290 TraceCheckUtils]: 206: Hoare triple {30415#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {30415#false} is VALID [2022-02-20 17:59:32,594 INFO L290 TraceCheckUtils]: 207: Hoare triple {30415#false} assume 1 == ~sent_signed~0; {30415#false} is VALID [2022-02-20 17:59:32,594 INFO L272 TraceCheckUtils]: 208: Hoare triple {30415#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L290 TraceCheckUtils]: 209: Hoare triple {30415#false} ~handle := #in~handle;havoc ~retValue_acc~18; {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L290 TraceCheckUtils]: 210: Hoare triple {30415#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L290 TraceCheckUtils]: 211: Hoare triple {30415#false} assume true; {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L284 TraceCheckUtils]: 212: Hoare quadruple {30415#false} {30415#false} #1608#return; {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L290 TraceCheckUtils]: 213: Hoare triple {30415#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L272 TraceCheckUtils]: 214: Hoare triple {30415#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L290 TraceCheckUtils]: 215: Hoare triple {30415#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L290 TraceCheckUtils]: 216: Hoare triple {30415#false} assume 1 == ~handle; {30415#false} is VALID [2022-02-20 17:59:32,595 INFO L290 TraceCheckUtils]: 217: Hoare triple {30415#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {30415#false} is VALID [2022-02-20 17:59:32,596 INFO L290 TraceCheckUtils]: 218: Hoare triple {30415#false} assume true; {30415#false} is VALID [2022-02-20 17:59:32,596 INFO L284 TraceCheckUtils]: 219: Hoare quadruple {30415#false} {30415#false} #1610#return; {30415#false} is VALID [2022-02-20 17:59:32,596 INFO L290 TraceCheckUtils]: 220: Hoare triple {30415#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {30415#false} is VALID [2022-02-20 17:59:32,596 INFO L290 TraceCheckUtils]: 221: Hoare triple {30415#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {30415#false} is VALID [2022-02-20 17:59:32,596 INFO L272 TraceCheckUtils]: 222: Hoare triple {30415#false} call __automaton_fail(); {30415#false} is VALID [2022-02-20 17:59:32,596 INFO L290 TraceCheckUtils]: 223: Hoare triple {30415#false} assume !false; {30415#false} is VALID [2022-02-20 17:59:32,597 INFO L134 CoverageAnalysis]: Checked inductivity of 127 backedges. 8 proven. 0 refuted. 0 times theorem prover too weak. 119 trivial. 0 not checked. [2022-02-20 17:59:32,597 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:32,597 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [524150292] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:32,597 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:32,597 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 17:59:32,597 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [241558048] [2022-02-20 17:59:32,597 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:32,598 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 41.666666666666664) internal successors, (125), 3 states have internal predecessors, (125), 3 states have call successors, (36), 3 states have call predecessors, (36), 3 states have return successors, (29), 3 states have call predecessors, (29), 3 states have call successors, (29) Word has length 224 [2022-02-20 17:59:32,598 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:32,599 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 41.666666666666664) internal successors, (125), 3 states have internal predecessors, (125), 3 states have call successors, (36), 3 states have call predecessors, (36), 3 states have return successors, (29), 3 states have call predecessors, (29), 3 states have call successors, (29) [2022-02-20 17:59:32,732 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 190 edges. 190 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:32,733 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:32,733 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:32,733 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:32,733 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:32,733 INFO L87 Difference]: Start difference. First operand 694 states and 1012 transitions. Second operand has 3 states, 3 states have (on average 41.666666666666664) internal successors, (125), 3 states have internal predecessors, (125), 3 states have call successors, (36), 3 states have call predecessors, (36), 3 states have return successors, (29), 3 states have call predecessors, (29), 3 states have call successors, (29) [2022-02-20 17:59:33,672 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:33,672 INFO L93 Difference]: Finished difference Result 2007 states and 2977 transitions. [2022-02-20 17:59:33,672 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:33,673 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 41.666666666666664) internal successors, (125), 3 states have internal predecessors, (125), 3 states have call successors, (36), 3 states have call predecessors, (36), 3 states have return successors, (29), 3 states have call predecessors, (29), 3 states have call successors, (29) Word has length 224 [2022-02-20 17:59:33,673 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:33,673 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 41.666666666666664) internal successors, (125), 3 states have internal predecessors, (125), 3 states have call successors, (36), 3 states have call predecessors, (36), 3 states have return successors, (29), 3 states have call predecessors, (29), 3 states have call successors, (29) [2022-02-20 17:59:33,710 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 2531 transitions. [2022-02-20 17:59:33,710 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 41.666666666666664) internal successors, (125), 3 states have internal predecessors, (125), 3 states have call successors, (36), 3 states have call predecessors, (36), 3 states have return successors, (29), 3 states have call predecessors, (29), 3 states have call successors, (29) [2022-02-20 17:59:33,732 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 2531 transitions. [2022-02-20 17:59:33,732 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 2531 transitions. [2022-02-20 17:59:35,113 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 2531 edges. 2531 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:35,189 INFO L225 Difference]: With dead ends: 2007 [2022-02-20 17:59:35,190 INFO L226 Difference]: Without dead ends: 1342 [2022-02-20 17:59:35,191 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 287 GetRequests, 276 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:35,192 INFO L933 BasicCegarLoop]: 987 mSDtfsCounter, 726 mSDsluCounter, 832 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 726 SdHoareTripleChecker+Valid, 1819 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:35,192 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [726 Valid, 1819 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:35,193 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1342 states. [2022-02-20 17:59:35,231 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1342 to 1338. [2022-02-20 17:59:35,231 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:35,233 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1342 states. Second operand has 1338 states, 1027 states have (on average 1.4673807205452776) internal successors, (1507), 1043 states have internal predecessors, (1507), 223 states have call successors, (223), 88 states have call predecessors, (223), 87 states have return successors, (235), 219 states have call predecessors, (235), 219 states have call successors, (235) [2022-02-20 17:59:35,234 INFO L74 IsIncluded]: Start isIncluded. First operand 1342 states. Second operand has 1338 states, 1027 states have (on average 1.4673807205452776) internal successors, (1507), 1043 states have internal predecessors, (1507), 223 states have call successors, (223), 88 states have call predecessors, (223), 87 states have return successors, (235), 219 states have call predecessors, (235), 219 states have call successors, (235) [2022-02-20 17:59:35,237 INFO L87 Difference]: Start difference. First operand 1342 states. Second operand has 1338 states, 1027 states have (on average 1.4673807205452776) internal successors, (1507), 1043 states have internal predecessors, (1507), 223 states have call successors, (223), 88 states have call predecessors, (223), 87 states have return successors, (235), 219 states have call predecessors, (235), 219 states have call successors, (235) [2022-02-20 17:59:35,290 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:35,291 INFO L93 Difference]: Finished difference Result 1342 states and 1968 transitions. [2022-02-20 17:59:35,291 INFO L276 IsEmpty]: Start isEmpty. Operand 1342 states and 1968 transitions. [2022-02-20 17:59:35,294 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:35,294 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:35,296 INFO L74 IsIncluded]: Start isIncluded. First operand has 1338 states, 1027 states have (on average 1.4673807205452776) internal successors, (1507), 1043 states have internal predecessors, (1507), 223 states have call successors, (223), 88 states have call predecessors, (223), 87 states have return successors, (235), 219 states have call predecessors, (235), 219 states have call successors, (235) Second operand 1342 states. [2022-02-20 17:59:35,297 INFO L87 Difference]: Start difference. First operand has 1338 states, 1027 states have (on average 1.4673807205452776) internal successors, (1507), 1043 states have internal predecessors, (1507), 223 states have call successors, (223), 88 states have call predecessors, (223), 87 states have return successors, (235), 219 states have call predecessors, (235), 219 states have call successors, (235) Second operand 1342 states. [2022-02-20 17:59:35,349 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:35,349 INFO L93 Difference]: Finished difference Result 1342 states and 1968 transitions. [2022-02-20 17:59:35,350 INFO L276 IsEmpty]: Start isEmpty. Operand 1342 states and 1968 transitions. [2022-02-20 17:59:35,352 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:35,352 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:35,352 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:35,352 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:35,354 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1338 states, 1027 states have (on average 1.4673807205452776) internal successors, (1507), 1043 states have internal predecessors, (1507), 223 states have call successors, (223), 88 states have call predecessors, (223), 87 states have return successors, (235), 219 states have call predecessors, (235), 219 states have call successors, (235) [2022-02-20 17:59:35,427 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1338 states to 1338 states and 1965 transitions. [2022-02-20 17:59:35,427 INFO L78 Accepts]: Start accepts. Automaton has 1338 states and 1965 transitions. Word has length 224 [2022-02-20 17:59:35,428 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:35,428 INFO L470 AbstractCegarLoop]: Abstraction has 1338 states and 1965 transitions. [2022-02-20 17:59:35,428 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 41.666666666666664) internal successors, (125), 3 states have internal predecessors, (125), 3 states have call successors, (36), 3 states have call predecessors, (36), 3 states have return successors, (29), 3 states have call predecessors, (29), 3 states have call successors, (29) [2022-02-20 17:59:35,428 INFO L276 IsEmpty]: Start isEmpty. Operand 1338 states and 1965 transitions. [2022-02-20 17:59:35,431 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 204 [2022-02-20 17:59:35,431 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:35,431 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:35,454 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:35,652 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:35,652 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:35,652 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:35,653 INFO L85 PathProgramCache]: Analyzing trace with hash 1006413150, now seen corresponding path program 1 times [2022-02-20 17:59:35,653 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:35,653 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1319123213] [2022-02-20 17:59:35,653 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:35,653 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:35,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:35,733 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,735 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {38522#true} {38522#true} #1754#return; {38522#true} is VALID [2022-02-20 17:59:35,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:35,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,738 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {38522#true} {38522#true} #1756#return; {38522#true} is VALID [2022-02-20 17:59:35,739 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:35,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,742 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {38522#true} {38522#true} #1758#return; {38522#true} is VALID [2022-02-20 17:59:35,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:35,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,746 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,746 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,746 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {38522#true} {38522#true} #1760#return; {38522#true} is VALID [2022-02-20 17:59:35,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:35,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,750 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,750 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,750 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {38522#true} {38522#true} #1762#return; {38522#true} is VALID [2022-02-20 17:59:35,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:35,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,753 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,754 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,754 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {38522#true} {38522#true} #1764#return; {38522#true} is VALID [2022-02-20 17:59:35,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:35,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,757 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {38522#true} {38522#true} #1766#return; {38522#true} is VALID [2022-02-20 17:59:35,757 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:35,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,762 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,762 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {38522#true} {38522#true} #1768#return; {38522#true} is VALID [2022-02-20 17:59:35,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:35,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,770 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:35,771 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,772 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38522#true} #1752#return; {38522#true} is VALID [2022-02-20 17:59:35,773 INFO L290 TraceCheckUtils]: 0: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {38522#true} is VALID [2022-02-20 17:59:35,773 INFO L272 TraceCheckUtils]: 1: Hoare triple {38522#true} call setClientId(~bob___0, ~bob___0); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,773 INFO L290 TraceCheckUtils]: 2: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,773 INFO L290 TraceCheckUtils]: 3: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,774 INFO L290 TraceCheckUtils]: 4: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,774 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {38522#true} {38522#true} #1752#return; {38522#true} is VALID [2022-02-20 17:59:35,774 INFO L290 TraceCheckUtils]: 6: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,774 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {38522#true} {38522#true} #1770#return; {38522#true} is VALID [2022-02-20 17:59:35,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:35,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,783 INFO L290 TraceCheckUtils]: 0: Hoare triple {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,783 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,784 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38522#true} #1772#return; {38522#true} is VALID [2022-02-20 17:59:35,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:35,785 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:35,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,816 INFO L290 TraceCheckUtils]: 0: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38635#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:35,816 INFO L290 TraceCheckUtils]: 1: Hoare triple {38635#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38636#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:35,816 INFO L290 TraceCheckUtils]: 2: Hoare triple {38636#(= |setClientId_#in~handle| 1)} assume true; {38636#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:35,817 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38636#(= |setClientId_#in~handle| 1)} {38629#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:35,817 INFO L290 TraceCheckUtils]: 0: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {38629#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:35,818 INFO L272 TraceCheckUtils]: 1: Hoare triple {38629#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,818 INFO L290 TraceCheckUtils]: 2: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38635#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:35,819 INFO L290 TraceCheckUtils]: 3: Hoare triple {38635#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38636#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:35,819 INFO L290 TraceCheckUtils]: 4: Hoare triple {38636#(= |setClientId_#in~handle| 1)} assume true; {38636#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:35,820 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {38636#(= |setClientId_#in~handle| 1)} {38629#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:35,820 INFO L290 TraceCheckUtils]: 6: Hoare triple {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:35,820 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {38561#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {38523#false} is VALID [2022-02-20 17:59:35,821 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:35,822 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,823 INFO L290 TraceCheckUtils]: 0: Hoare triple {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,824 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,824 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,824 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1778#return; {38523#false} is VALID [2022-02-20 17:59:35,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:59:35,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:35,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,847 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38522#true} #1648#return; {38522#true} is VALID [2022-02-20 17:59:35,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {38522#true} is VALID [2022-02-20 17:59:35,848 INFO L272 TraceCheckUtils]: 1: Hoare triple {38522#true} call setClientId(~chuck___0, ~chuck___0); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,848 INFO L290 TraceCheckUtils]: 2: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,849 INFO L290 TraceCheckUtils]: 3: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,849 INFO L290 TraceCheckUtils]: 4: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,849 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {38522#true} {38522#true} #1648#return; {38522#true} is VALID [2022-02-20 17:59:35,849 INFO L290 TraceCheckUtils]: 6: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,849 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {38522#true} {38523#false} #1782#return; {38523#false} is VALID [2022-02-20 17:59:35,849 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:35,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,852 INFO L290 TraceCheckUtils]: 0: Hoare triple {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,852 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,852 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,852 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1784#return; {38523#false} is VALID [2022-02-20 17:59:35,860 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:59:35,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {38641#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,862 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,863 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1670#return; {38523#false} is VALID [2022-02-20 17:59:35,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:59:35,871 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,873 INFO L290 TraceCheckUtils]: 0: Hoare triple {38642#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,873 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,873 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,873 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1672#return; {38523#false} is VALID [2022-02-20 17:59:35,873 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 17:59:35,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,875 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~36; {38522#true} is VALID [2022-02-20 17:59:35,875 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {38522#true} is VALID [2022-02-20 17:59:35,875 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,875 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1602#return; {38523#false} is VALID [2022-02-20 17:59:35,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 17:59:35,876 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,877 INFO L290 TraceCheckUtils]: 0: Hoare triple {38641#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,877 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,878 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,878 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1682#return; {38523#false} is VALID [2022-02-20 17:59:35,878 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-02-20 17:59:35,879 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,881 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~24; {38522#true} is VALID [2022-02-20 17:59:35,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {38522#true} is VALID [2022-02-20 17:59:35,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,882 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1684#return; {38523#false} is VALID [2022-02-20 17:59:35,882 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-02-20 17:59:35,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~19; {38522#true} is VALID [2022-02-20 17:59:35,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {38522#true} is VALID [2022-02-20 17:59:35,885 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,885 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1686#return; {38523#false} is VALID [2022-02-20 17:59:35,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 176 [2022-02-20 17:59:35,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,887 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~36; {38522#true} is VALID [2022-02-20 17:59:35,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {38522#true} is VALID [2022-02-20 17:59:35,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,887 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1688#return; {38523#false} is VALID [2022-02-20 17:59:35,887 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 187 [2022-02-20 17:59:35,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~18; {38522#true} is VALID [2022-02-20 17:59:35,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {38522#true} is VALID [2022-02-20 17:59:35,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,889 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {38522#true} {38523#false} #1608#return; {38523#false} is VALID [2022-02-20 17:59:35,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 193 [2022-02-20 17:59:35,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:35,894 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {38522#true} is VALID [2022-02-20 17:59:35,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume 1 == ~handle; {38522#true} is VALID [2022-02-20 17:59:35,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {38522#true} is VALID [2022-02-20 17:59:35,894 INFO L290 TraceCheckUtils]: 3: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,894 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {38522#true} {38523#false} #1610#return; {38523#false} is VALID [2022-02-20 17:59:35,895 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {38522#true} is VALID [2022-02-20 17:59:35,895 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {38522#true} is VALID [2022-02-20 17:59:35,895 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {38522#true} is VALID [2022-02-20 17:59:35,895 INFO L272 TraceCheckUtils]: 3: Hoare triple {38522#true} call select_features_#t~ret27#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:35,895 INFO L290 TraceCheckUtils]: 4: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,895 INFO L290 TraceCheckUtils]: 5: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,895 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {38522#true} {38522#true} #1754#return; {38522#true} is VALID [2022-02-20 17:59:35,895 INFO L290 TraceCheckUtils]: 7: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L272 TraceCheckUtils]: 8: Hoare triple {38522#true} call select_features_#t~ret28#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L290 TraceCheckUtils]: 9: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L290 TraceCheckUtils]: 10: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {38522#true} {38522#true} #1756#return; {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L290 TraceCheckUtils]: 12: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L272 TraceCheckUtils]: 13: Hoare triple {38522#true} call select_features_#t~ret29#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L290 TraceCheckUtils]: 14: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L290 TraceCheckUtils]: 15: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,896 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {38522#true} {38522#true} #1758#return; {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L290 TraceCheckUtils]: 17: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L272 TraceCheckUtils]: 18: Hoare triple {38522#true} call select_features_#t~ret30#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L290 TraceCheckUtils]: 19: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L290 TraceCheckUtils]: 20: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {38522#true} {38522#true} #1760#return; {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L290 TraceCheckUtils]: 22: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L272 TraceCheckUtils]: 23: Hoare triple {38522#true} call select_features_#t~ret31#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L290 TraceCheckUtils]: 24: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,897 INFO L290 TraceCheckUtils]: 25: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {38522#true} {38522#true} #1762#return; {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L290 TraceCheckUtils]: 27: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L272 TraceCheckUtils]: 28: Hoare triple {38522#true} call select_features_#t~ret32#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L290 TraceCheckUtils]: 29: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L290 TraceCheckUtils]: 30: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {38522#true} {38522#true} #1764#return; {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L290 TraceCheckUtils]: 32: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L272 TraceCheckUtils]: 33: Hoare triple {38522#true} call select_features_#t~ret33#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:35,898 INFO L290 TraceCheckUtils]: 34: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L290 TraceCheckUtils]: 35: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {38522#true} {38522#true} #1766#return; {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L290 TraceCheckUtils]: 37: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L272 TraceCheckUtils]: 38: Hoare triple {38522#true} call select_features_#t~ret34#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L290 TraceCheckUtils]: 39: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L290 TraceCheckUtils]: 40: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {38522#true} {38522#true} #1768#return; {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L290 TraceCheckUtils]: 42: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {38522#true} is VALID [2022-02-20 17:59:35,899 INFO L290 TraceCheckUtils]: 43: Hoare triple {38522#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 44: Hoare triple {38522#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 45: Hoare triple {38522#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 46: Hoare triple {38522#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 47: Hoare triple {38522#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 48: Hoare triple {38522#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 49: Hoare triple {38522#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 50: Hoare triple {38522#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 51: Hoare triple {38522#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {38522#true} is VALID [2022-02-20 17:59:35,900 INFO L290 TraceCheckUtils]: 52: Hoare triple {38522#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {38522#true} is VALID [2022-02-20 17:59:35,901 INFO L290 TraceCheckUtils]: 53: Hoare triple {38522#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {38522#true} is VALID [2022-02-20 17:59:35,901 INFO L290 TraceCheckUtils]: 54: Hoare triple {38522#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {38522#true} is VALID [2022-02-20 17:59:35,901 INFO L290 TraceCheckUtils]: 55: Hoare triple {38522#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {38522#true} is VALID [2022-02-20 17:59:35,901 INFO L290 TraceCheckUtils]: 56: Hoare triple {38522#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {38522#true} is VALID [2022-02-20 17:59:35,901 INFO L290 TraceCheckUtils]: 57: Hoare triple {38522#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {38522#true} is VALID [2022-02-20 17:59:35,902 INFO L272 TraceCheckUtils]: 58: Hoare triple {38522#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,902 INFO L290 TraceCheckUtils]: 59: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {38522#true} is VALID [2022-02-20 17:59:35,902 INFO L272 TraceCheckUtils]: 60: Hoare triple {38522#true} call setClientId(~bob___0, ~bob___0); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,902 INFO L290 TraceCheckUtils]: 61: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,903 INFO L290 TraceCheckUtils]: 62: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,903 INFO L290 TraceCheckUtils]: 63: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,903 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {38522#true} {38522#true} #1752#return; {38522#true} is VALID [2022-02-20 17:59:35,903 INFO L290 TraceCheckUtils]: 65: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,903 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {38522#true} {38522#true} #1770#return; {38522#true} is VALID [2022-02-20 17:59:35,904 INFO L272 TraceCheckUtils]: 67: Hoare triple {38522#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:35,904 INFO L290 TraceCheckUtils]: 68: Hoare triple {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,904 INFO L290 TraceCheckUtils]: 69: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,904 INFO L290 TraceCheckUtils]: 70: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,904 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {38522#true} {38522#true} #1772#return; {38522#true} is VALID [2022-02-20 17:59:35,904 INFO L290 TraceCheckUtils]: 72: Hoare triple {38522#true} assume { :end_inline_setup_bob__role__Keys } true; {38522#true} is VALID [2022-02-20 17:59:35,905 INFO L290 TraceCheckUtils]: 73: Hoare triple {38522#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {38560#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:35,905 INFO L290 TraceCheckUtils]: 74: Hoare triple {38560#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {38561#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:35,905 INFO L272 TraceCheckUtils]: 75: Hoare triple {38561#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,906 INFO L290 TraceCheckUtils]: 76: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {38629#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:35,906 INFO L272 TraceCheckUtils]: 77: Hoare triple {38629#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,907 INFO L290 TraceCheckUtils]: 78: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38635#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:35,907 INFO L290 TraceCheckUtils]: 79: Hoare triple {38635#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38636#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:35,907 INFO L290 TraceCheckUtils]: 80: Hoare triple {38636#(= |setClientId_#in~handle| 1)} assume true; {38636#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:35,908 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {38636#(= |setClientId_#in~handle| 1)} {38629#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:35,908 INFO L290 TraceCheckUtils]: 82: Hoare triple {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:35,909 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {38634#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {38561#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {38523#false} is VALID [2022-02-20 17:59:35,909 INFO L272 TraceCheckUtils]: 84: Hoare triple {38523#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:35,909 INFO L290 TraceCheckUtils]: 85: Hoare triple {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,909 INFO L290 TraceCheckUtils]: 86: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,909 INFO L290 TraceCheckUtils]: 87: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,909 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {38522#true} {38523#false} #1778#return; {38523#false} is VALID [2022-02-20 17:59:35,909 INFO L290 TraceCheckUtils]: 89: Hoare triple {38523#false} assume { :end_inline_setup_rjh__role__Keys } true; {38523#false} is VALID [2022-02-20 17:59:35,909 INFO L290 TraceCheckUtils]: 90: Hoare triple {38523#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {38523#false} is VALID [2022-02-20 17:59:35,910 INFO L290 TraceCheckUtils]: 91: Hoare triple {38523#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {38523#false} is VALID [2022-02-20 17:59:35,910 INFO L272 TraceCheckUtils]: 92: Hoare triple {38523#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,910 INFO L290 TraceCheckUtils]: 93: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {38522#true} is VALID [2022-02-20 17:59:35,910 INFO L272 TraceCheckUtils]: 94: Hoare triple {38522#true} call setClientId(~chuck___0, ~chuck___0); {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:35,910 INFO L290 TraceCheckUtils]: 95: Hoare triple {38623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,911 INFO L290 TraceCheckUtils]: 96: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,911 INFO L290 TraceCheckUtils]: 97: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,911 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {38522#true} {38522#true} #1648#return; {38522#true} is VALID [2022-02-20 17:59:35,911 INFO L290 TraceCheckUtils]: 99: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,911 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {38522#true} {38523#false} #1782#return; {38523#false} is VALID [2022-02-20 17:59:35,911 INFO L272 TraceCheckUtils]: 101: Hoare triple {38523#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:35,911 INFO L290 TraceCheckUtils]: 102: Hoare triple {38628#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,911 INFO L290 TraceCheckUtils]: 103: Hoare triple {38522#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,911 INFO L290 TraceCheckUtils]: 104: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,912 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {38522#true} {38523#false} #1784#return; {38523#false} is VALID [2022-02-20 17:59:35,912 INFO L290 TraceCheckUtils]: 106: Hoare triple {38523#false} assume { :end_inline_setup_chuck__role__Keys } true; {38523#false} is VALID [2022-02-20 17:59:35,912 INFO L290 TraceCheckUtils]: 107: Hoare triple {38523#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {38523#false} is VALID [2022-02-20 17:59:35,912 INFO L290 TraceCheckUtils]: 108: Hoare triple {38523#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {38523#false} is VALID [2022-02-20 17:59:35,912 INFO L290 TraceCheckUtils]: 109: Hoare triple {38523#false} assume !false; {38523#false} is VALID [2022-02-20 17:59:35,912 INFO L290 TraceCheckUtils]: 110: Hoare triple {38523#false} assume test_~splverifierCounter~0#1 < 4; {38523#false} is VALID [2022-02-20 17:59:35,912 INFO L290 TraceCheckUtils]: 111: Hoare triple {38523#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {38523#false} is VALID [2022-02-20 17:59:35,912 INFO L290 TraceCheckUtils]: 112: Hoare triple {38523#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {38523#false} is VALID [2022-02-20 17:59:35,912 INFO L290 TraceCheckUtils]: 113: Hoare triple {38523#false} assume !(0 != test_~tmp___9~0#1); {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L290 TraceCheckUtils]: 114: Hoare triple {38523#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L290 TraceCheckUtils]: 115: Hoare triple {38523#false} assume 0 != test_~tmp___8~0#1; {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L290 TraceCheckUtils]: 116: Hoare triple {38523#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L290 TraceCheckUtils]: 117: Hoare triple {38523#false} test_~op2~0#1 := 1; {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L290 TraceCheckUtils]: 118: Hoare triple {38523#false} assume !false; {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L290 TraceCheckUtils]: 119: Hoare triple {38523#false} assume !(test_~splverifierCounter~0#1 < 4); {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L290 TraceCheckUtils]: 120: Hoare triple {38523#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L272 TraceCheckUtils]: 121: Hoare triple {38523#false} call sendEmail(~bob~0, ~rjh~0); {38523#false} is VALID [2022-02-20 17:59:35,913 INFO L290 TraceCheckUtils]: 122: Hoare triple {38523#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {38523#false} is VALID [2022-02-20 17:59:35,914 INFO L272 TraceCheckUtils]: 123: Hoare triple {38523#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {38641#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:35,914 INFO L290 TraceCheckUtils]: 124: Hoare triple {38641#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,914 INFO L290 TraceCheckUtils]: 125: Hoare triple {38522#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,914 INFO L290 TraceCheckUtils]: 126: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,914 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {38522#true} {38523#false} #1670#return; {38523#false} is VALID [2022-02-20 17:59:35,914 INFO L272 TraceCheckUtils]: 128: Hoare triple {38523#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {38642#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:35,914 INFO L290 TraceCheckUtils]: 129: Hoare triple {38642#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,914 INFO L290 TraceCheckUtils]: 130: Hoare triple {38522#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,914 INFO L290 TraceCheckUtils]: 131: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,915 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {38522#true} {38523#false} #1672#return; {38523#false} is VALID [2022-02-20 17:59:35,915 INFO L290 TraceCheckUtils]: 133: Hoare triple {38523#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {38523#false} is VALID [2022-02-20 17:59:35,915 INFO L290 TraceCheckUtils]: 134: Hoare triple {38523#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {38523#false} is VALID [2022-02-20 17:59:35,915 INFO L272 TraceCheckUtils]: 135: Hoare triple {38523#false} call outgoing(~sender#1, ~email~0#1); {38523#false} is VALID [2022-02-20 17:59:35,915 INFO L290 TraceCheckUtils]: 136: Hoare triple {38523#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {38523#false} is VALID [2022-02-20 17:59:35,915 INFO L290 TraceCheckUtils]: 137: Hoare triple {38523#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {38523#false} is VALID [2022-02-20 17:59:35,915 INFO L272 TraceCheckUtils]: 138: Hoare triple {38523#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {38522#true} is VALID [2022-02-20 17:59:35,915 INFO L290 TraceCheckUtils]: 139: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~36; {38522#true} is VALID [2022-02-20 17:59:35,916 INFO L290 TraceCheckUtils]: 140: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {38522#true} is VALID [2022-02-20 17:59:35,916 INFO L290 TraceCheckUtils]: 141: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,916 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {38522#true} {38523#false} #1602#return; {38523#false} is VALID [2022-02-20 17:59:35,916 INFO L290 TraceCheckUtils]: 143: Hoare triple {38523#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {38523#false} is VALID [2022-02-20 17:59:35,916 INFO L290 TraceCheckUtils]: 144: Hoare triple {38523#false} assume 0 == sign_~privkey~1#1; {38523#false} is VALID [2022-02-20 17:59:35,916 INFO L290 TraceCheckUtils]: 145: Hoare triple {38523#false} assume { :end_inline_sign } true; {38523#false} is VALID [2022-02-20 17:59:35,916 INFO L272 TraceCheckUtils]: 146: Hoare triple {38523#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {38523#false} is VALID [2022-02-20 17:59:35,916 INFO L290 TraceCheckUtils]: 147: Hoare triple {38523#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {38523#false} is VALID [2022-02-20 17:59:35,916 INFO L290 TraceCheckUtils]: 148: Hoare triple {38523#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {38523#false} is VALID [2022-02-20 17:59:35,916 INFO L272 TraceCheckUtils]: 149: Hoare triple {38523#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {38523#false} is VALID [2022-02-20 17:59:35,917 INFO L290 TraceCheckUtils]: 150: Hoare triple {38523#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {38523#false} is VALID [2022-02-20 17:59:35,917 INFO L290 TraceCheckUtils]: 151: Hoare triple {38523#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {38523#false} is VALID [2022-02-20 17:59:35,917 INFO L272 TraceCheckUtils]: 152: Hoare triple {38523#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {38523#false} is VALID [2022-02-20 17:59:35,917 INFO L290 TraceCheckUtils]: 153: Hoare triple {38523#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {38523#false} is VALID [2022-02-20 17:59:35,917 INFO L290 TraceCheckUtils]: 154: Hoare triple {38523#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {38523#false} is VALID [2022-02-20 17:59:35,917 INFO L290 TraceCheckUtils]: 155: Hoare triple {38523#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {38523#false} is VALID [2022-02-20 17:59:35,917 INFO L272 TraceCheckUtils]: 156: Hoare triple {38523#false} call setEmailFrom(~msg#1, ~tmp~10#1); {38641#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:35,917 INFO L290 TraceCheckUtils]: 157: Hoare triple {38641#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {38522#true} is VALID [2022-02-20 17:59:35,917 INFO L290 TraceCheckUtils]: 158: Hoare triple {38522#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38522#true} is VALID [2022-02-20 17:59:35,918 INFO L290 TraceCheckUtils]: 159: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,918 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {38522#true} {38523#false} #1682#return; {38523#false} is VALID [2022-02-20 17:59:35,918 INFO L290 TraceCheckUtils]: 161: Hoare triple {38523#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {38523#false} is VALID [2022-02-20 17:59:35,918 INFO L272 TraceCheckUtils]: 162: Hoare triple {38523#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {38522#true} is VALID [2022-02-20 17:59:35,918 INFO L290 TraceCheckUtils]: 163: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~24; {38522#true} is VALID [2022-02-20 17:59:35,918 INFO L290 TraceCheckUtils]: 164: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {38522#true} is VALID [2022-02-20 17:59:35,918 INFO L290 TraceCheckUtils]: 165: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,918 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {38522#true} {38523#false} #1684#return; {38523#false} is VALID [2022-02-20 17:59:35,919 INFO L290 TraceCheckUtils]: 167: Hoare triple {38523#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {38523#false} is VALID [2022-02-20 17:59:35,919 INFO L290 TraceCheckUtils]: 168: Hoare triple {38523#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {38523#false} is VALID [2022-02-20 17:59:35,919 INFO L272 TraceCheckUtils]: 169: Hoare triple {38523#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {38522#true} is VALID [2022-02-20 17:59:35,919 INFO L290 TraceCheckUtils]: 170: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~19; {38522#true} is VALID [2022-02-20 17:59:35,919 INFO L290 TraceCheckUtils]: 171: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {38522#true} is VALID [2022-02-20 17:59:35,919 INFO L290 TraceCheckUtils]: 172: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,919 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {38522#true} {38523#false} #1686#return; {38523#false} is VALID [2022-02-20 17:59:35,919 INFO L290 TraceCheckUtils]: 174: Hoare triple {38523#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {38523#false} is VALID [2022-02-20 17:59:35,919 INFO L290 TraceCheckUtils]: 175: Hoare triple {38523#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret73#1, incoming__role__Decrypt_#t~ret74#1, incoming__role__Decrypt_#t~ret75#1, incoming__role__Decrypt_#t~ret76#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~15#1, incoming__role__Decrypt_~tmp___0~5#1, incoming__role__Decrypt_~tmp___1~2#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~15#1;havoc incoming__role__Decrypt_~tmp___0~5#1;havoc incoming__role__Decrypt_~tmp___1~2#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {38523#false} is VALID [2022-02-20 17:59:35,920 INFO L272 TraceCheckUtils]: 176: Hoare triple {38523#false} call incoming__role__Decrypt_#t~ret73#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {38522#true} is VALID [2022-02-20 17:59:35,920 INFO L290 TraceCheckUtils]: 177: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~36; {38522#true} is VALID [2022-02-20 17:59:35,920 INFO L290 TraceCheckUtils]: 178: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {38522#true} is VALID [2022-02-20 17:59:35,920 INFO L290 TraceCheckUtils]: 179: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,920 INFO L284 TraceCheckUtils]: 180: Hoare quadruple {38522#true} {38523#false} #1688#return; {38523#false} is VALID [2022-02-20 17:59:35,920 INFO L290 TraceCheckUtils]: 181: Hoare triple {38523#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret73#1 && incoming__role__Decrypt_#t~ret73#1 <= 2147483647;incoming__role__Decrypt_~tmp~15#1 := incoming__role__Decrypt_#t~ret73#1;havoc incoming__role__Decrypt_#t~ret73#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~15#1; {38523#false} is VALID [2022-02-20 17:59:35,920 INFO L290 TraceCheckUtils]: 182: Hoare triple {38523#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {38523#false} is VALID [2022-02-20 17:59:35,920 INFO L272 TraceCheckUtils]: 183: Hoare triple {38523#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {38523#false} is VALID [2022-02-20 17:59:35,920 INFO L290 TraceCheckUtils]: 184: Hoare triple {38523#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {38523#false} is VALID [2022-02-20 17:59:35,921 INFO L290 TraceCheckUtils]: 185: Hoare triple {38523#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {38523#false} is VALID [2022-02-20 17:59:35,921 INFO L290 TraceCheckUtils]: 186: Hoare triple {38523#false} assume 1 == ~sent_signed~0; {38523#false} is VALID [2022-02-20 17:59:35,921 INFO L272 TraceCheckUtils]: 187: Hoare triple {38523#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {38522#true} is VALID [2022-02-20 17:59:35,921 INFO L290 TraceCheckUtils]: 188: Hoare triple {38522#true} ~handle := #in~handle;havoc ~retValue_acc~18; {38522#true} is VALID [2022-02-20 17:59:35,921 INFO L290 TraceCheckUtils]: 189: Hoare triple {38522#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {38522#true} is VALID [2022-02-20 17:59:35,921 INFO L290 TraceCheckUtils]: 190: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,921 INFO L284 TraceCheckUtils]: 191: Hoare quadruple {38522#true} {38523#false} #1608#return; {38523#false} is VALID [2022-02-20 17:59:35,921 INFO L290 TraceCheckUtils]: 192: Hoare triple {38523#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {38523#false} is VALID [2022-02-20 17:59:35,921 INFO L272 TraceCheckUtils]: 193: Hoare triple {38523#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {38522#true} is VALID [2022-02-20 17:59:35,922 INFO L290 TraceCheckUtils]: 194: Hoare triple {38522#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {38522#true} is VALID [2022-02-20 17:59:35,922 INFO L290 TraceCheckUtils]: 195: Hoare triple {38522#true} assume 1 == ~handle; {38522#true} is VALID [2022-02-20 17:59:35,922 INFO L290 TraceCheckUtils]: 196: Hoare triple {38522#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {38522#true} is VALID [2022-02-20 17:59:35,922 INFO L290 TraceCheckUtils]: 197: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:35,922 INFO L284 TraceCheckUtils]: 198: Hoare quadruple {38522#true} {38523#false} #1610#return; {38523#false} is VALID [2022-02-20 17:59:35,922 INFO L290 TraceCheckUtils]: 199: Hoare triple {38523#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {38523#false} is VALID [2022-02-20 17:59:35,922 INFO L290 TraceCheckUtils]: 200: Hoare triple {38523#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {38523#false} is VALID [2022-02-20 17:59:35,922 INFO L272 TraceCheckUtils]: 201: Hoare triple {38523#false} call __automaton_fail(); {38523#false} is VALID [2022-02-20 17:59:35,922 INFO L290 TraceCheckUtils]: 202: Hoare triple {38523#false} assume !false; {38523#false} is VALID [2022-02-20 17:59:35,923 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 17:59:35,923 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:35,923 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1319123213] [2022-02-20 17:59:35,923 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1319123213] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:35,923 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1016503287] [2022-02-20 17:59:35,924 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:35,924 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:35,924 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:35,925 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:35,926 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:59:36,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:36,221 INFO L263 TraceCheckSpWp]: Trace formula consists of 1638 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:36,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:36,294 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:36,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {38522#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {38522#true} is VALID [2022-02-20 17:59:36,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {38522#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {38522#true} is VALID [2022-02-20 17:59:36,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {38522#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {38522#true} is VALID [2022-02-20 17:59:36,800 INFO L272 TraceCheckUtils]: 3: Hoare triple {38522#true} call select_features_#t~ret27#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:36,801 INFO L290 TraceCheckUtils]: 4: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:36,801 INFO L290 TraceCheckUtils]: 5: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:36,801 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {38522#true} {38522#true} #1754#return; {38522#true} is VALID [2022-02-20 17:59:36,801 INFO L290 TraceCheckUtils]: 7: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {38522#true} is VALID [2022-02-20 17:59:36,801 INFO L272 TraceCheckUtils]: 8: Hoare triple {38522#true} call select_features_#t~ret28#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:36,801 INFO L290 TraceCheckUtils]: 9: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:36,801 INFO L290 TraceCheckUtils]: 10: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:36,801 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {38522#true} {38522#true} #1756#return; {38522#true} is VALID [2022-02-20 17:59:36,802 INFO L290 TraceCheckUtils]: 12: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {38522#true} is VALID [2022-02-20 17:59:36,802 INFO L272 TraceCheckUtils]: 13: Hoare triple {38522#true} call select_features_#t~ret29#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:36,802 INFO L290 TraceCheckUtils]: 14: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:36,802 INFO L290 TraceCheckUtils]: 15: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:36,802 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {38522#true} {38522#true} #1758#return; {38522#true} is VALID [2022-02-20 17:59:36,802 INFO L290 TraceCheckUtils]: 17: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {38522#true} is VALID [2022-02-20 17:59:36,802 INFO L272 TraceCheckUtils]: 18: Hoare triple {38522#true} call select_features_#t~ret30#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:36,802 INFO L290 TraceCheckUtils]: 19: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L290 TraceCheckUtils]: 20: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {38522#true} {38522#true} #1760#return; {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L290 TraceCheckUtils]: 22: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L272 TraceCheckUtils]: 23: Hoare triple {38522#true} call select_features_#t~ret31#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L290 TraceCheckUtils]: 24: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L290 TraceCheckUtils]: 25: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {38522#true} {38522#true} #1762#return; {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L290 TraceCheckUtils]: 27: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {38522#true} is VALID [2022-02-20 17:59:36,803 INFO L272 TraceCheckUtils]: 28: Hoare triple {38522#true} call select_features_#t~ret32#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:36,804 INFO L290 TraceCheckUtils]: 29: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:36,804 INFO L290 TraceCheckUtils]: 30: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:36,804 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {38522#true} {38522#true} #1764#return; {38522#true} is VALID [2022-02-20 17:59:36,804 INFO L290 TraceCheckUtils]: 32: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {38522#true} is VALID [2022-02-20 17:59:36,804 INFO L272 TraceCheckUtils]: 33: Hoare triple {38522#true} call select_features_#t~ret33#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:36,804 INFO L290 TraceCheckUtils]: 34: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:36,804 INFO L290 TraceCheckUtils]: 35: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:36,804 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {38522#true} {38522#true} #1766#return; {38522#true} is VALID [2022-02-20 17:59:36,805 INFO L290 TraceCheckUtils]: 37: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {38522#true} is VALID [2022-02-20 17:59:36,805 INFO L272 TraceCheckUtils]: 38: Hoare triple {38522#true} call select_features_#t~ret34#1 := select_one(); {38522#true} is VALID [2022-02-20 17:59:36,805 INFO L290 TraceCheckUtils]: 39: Hoare triple {38522#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {38522#true} is VALID [2022-02-20 17:59:36,805 INFO L290 TraceCheckUtils]: 40: Hoare triple {38522#true} assume true; {38522#true} is VALID [2022-02-20 17:59:36,805 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {38522#true} {38522#true} #1768#return; {38522#true} is VALID [2022-02-20 17:59:36,805 INFO L290 TraceCheckUtils]: 42: Hoare triple {38522#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {38522#true} is VALID [2022-02-20 17:59:36,805 INFO L290 TraceCheckUtils]: 43: Hoare triple {38522#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {38522#true} is VALID [2022-02-20 17:59:36,805 INFO L290 TraceCheckUtils]: 44: Hoare triple {38522#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {38522#true} is VALID [2022-02-20 17:59:36,806 INFO L290 TraceCheckUtils]: 45: Hoare triple {38522#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,807 INFO L290 TraceCheckUtils]: 46: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,807 INFO L290 TraceCheckUtils]: 47: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,807 INFO L290 TraceCheckUtils]: 48: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Verify~0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,808 INFO L290 TraceCheckUtils]: 49: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,808 INFO L290 TraceCheckUtils]: 50: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Sign~0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,808 INFO L290 TraceCheckUtils]: 51: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,809 INFO L290 TraceCheckUtils]: 52: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Keys~0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,809 INFO L290 TraceCheckUtils]: 53: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,809 INFO L290 TraceCheckUtils]: 54: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,810 INFO L290 TraceCheckUtils]: 55: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,810 INFO L290 TraceCheckUtils]: 56: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,810 INFO L290 TraceCheckUtils]: 57: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,811 INFO L272 TraceCheckUtils]: 58: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,811 INFO L290 TraceCheckUtils]: 59: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~bob___0 := #in~bob___0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,812 INFO L272 TraceCheckUtils]: 60: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setClientId(~bob___0, ~bob___0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,812 INFO L290 TraceCheckUtils]: 61: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,813 INFO L290 TraceCheckUtils]: 62: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,813 INFO L290 TraceCheckUtils]: 63: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,814 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1752#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,814 INFO L290 TraceCheckUtils]: 65: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,815 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1770#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,815 INFO L272 TraceCheckUtils]: 67: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,815 INFO L290 TraceCheckUtils]: 68: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,816 INFO L290 TraceCheckUtils]: 69: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,816 INFO L290 TraceCheckUtils]: 70: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,817 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1772#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,817 INFO L290 TraceCheckUtils]: 72: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline_setup_bob__role__Keys } true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,817 INFO L290 TraceCheckUtils]: 73: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,818 INFO L290 TraceCheckUtils]: 74: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,818 INFO L272 TraceCheckUtils]: 75: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,819 INFO L290 TraceCheckUtils]: 76: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~rjh___0 := #in~rjh___0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,819 INFO L272 TraceCheckUtils]: 77: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setClientId(~rjh___0, ~rjh___0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,820 INFO L290 TraceCheckUtils]: 78: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,820 INFO L290 TraceCheckUtils]: 79: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,820 INFO L290 TraceCheckUtils]: 80: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,821 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1704#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,821 INFO L290 TraceCheckUtils]: 82: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,822 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1776#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,822 INFO L272 TraceCheckUtils]: 84: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,823 INFO L290 TraceCheckUtils]: 85: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,823 INFO L290 TraceCheckUtils]: 86: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,824 INFO L290 TraceCheckUtils]: 87: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,824 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1778#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,824 INFO L290 TraceCheckUtils]: 89: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline_setup_rjh__role__Keys } true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,825 INFO L290 TraceCheckUtils]: 90: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,825 INFO L290 TraceCheckUtils]: 91: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,826 INFO L272 TraceCheckUtils]: 92: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,826 INFO L290 TraceCheckUtils]: 93: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~chuck___0 := #in~chuck___0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,827 INFO L272 TraceCheckUtils]: 94: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setClientId(~chuck___0, ~chuck___0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,827 INFO L290 TraceCheckUtils]: 95: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,827 INFO L290 TraceCheckUtils]: 96: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,828 INFO L290 TraceCheckUtils]: 97: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,828 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1648#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,829 INFO L290 TraceCheckUtils]: 99: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,829 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1782#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,830 INFO L272 TraceCheckUtils]: 101: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,830 INFO L290 TraceCheckUtils]: 102: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,830 INFO L290 TraceCheckUtils]: 103: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,830 INFO L290 TraceCheckUtils]: 104: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,831 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1784#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,831 INFO L290 TraceCheckUtils]: 106: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline_setup_chuck__role__Keys } true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,832 INFO L290 TraceCheckUtils]: 107: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,832 INFO L290 TraceCheckUtils]: 108: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,832 INFO L290 TraceCheckUtils]: 109: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !false; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,833 INFO L290 TraceCheckUtils]: 110: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume test_~splverifierCounter~0#1 < 4; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,833 INFO L290 TraceCheckUtils]: 111: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,833 INFO L290 TraceCheckUtils]: 112: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,834 INFO L290 TraceCheckUtils]: 113: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !(0 != test_~tmp___9~0#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,834 INFO L290 TraceCheckUtils]: 114: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,834 INFO L290 TraceCheckUtils]: 115: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != test_~tmp___8~0#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,835 INFO L290 TraceCheckUtils]: 116: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,835 INFO L290 TraceCheckUtils]: 117: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} test_~op2~0#1 := 1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,835 INFO L290 TraceCheckUtils]: 118: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !false; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,836 INFO L290 TraceCheckUtils]: 119: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !(test_~splverifierCounter~0#1 < 4); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,836 INFO L290 TraceCheckUtils]: 120: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,836 INFO L272 TraceCheckUtils]: 121: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call sendEmail(~bob~0, ~rjh~0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,837 INFO L290 TraceCheckUtils]: 122: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,837 INFO L272 TraceCheckUtils]: 123: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,838 INFO L290 TraceCheckUtils]: 124: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,838 INFO L290 TraceCheckUtils]: 125: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,838 INFO L290 TraceCheckUtils]: 126: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,839 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1670#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,839 INFO L272 TraceCheckUtils]: 128: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,840 INFO L290 TraceCheckUtils]: 129: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,840 INFO L290 TraceCheckUtils]: 130: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,840 INFO L290 TraceCheckUtils]: 131: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,841 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1672#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,841 INFO L290 TraceCheckUtils]: 133: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,842 INFO L290 TraceCheckUtils]: 134: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,842 INFO L272 TraceCheckUtils]: 135: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call outgoing(~sender#1, ~email~0#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,842 INFO L290 TraceCheckUtils]: 136: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,843 INFO L290 TraceCheckUtils]: 137: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,843 INFO L272 TraceCheckUtils]: 138: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,844 INFO L290 TraceCheckUtils]: 139: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;havoc ~retValue_acc~36; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,844 INFO L290 TraceCheckUtils]: 140: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,844 INFO L290 TraceCheckUtils]: 141: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,845 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1602#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,845 INFO L290 TraceCheckUtils]: 143: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,845 INFO L290 TraceCheckUtils]: 144: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 == sign_~privkey~1#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,846 INFO L290 TraceCheckUtils]: 145: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline_sign } true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,846 INFO L272 TraceCheckUtils]: 146: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,847 INFO L290 TraceCheckUtils]: 147: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,847 INFO L290 TraceCheckUtils]: 148: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,848 INFO L272 TraceCheckUtils]: 149: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call outgoing__before__AddressBook(~client#1, ~msg#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,848 INFO L290 TraceCheckUtils]: 150: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,848 INFO L290 TraceCheckUtils]: 151: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,849 INFO L272 TraceCheckUtils]: 152: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call outgoing__before__Encrypt(~client#1, ~msg#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,849 INFO L290 TraceCheckUtils]: 153: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,849 INFO L290 TraceCheckUtils]: 154: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,850 INFO L290 TraceCheckUtils]: 155: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,850 INFO L272 TraceCheckUtils]: 156: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call setEmailFrom(~msg#1, ~tmp~10#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,851 INFO L290 TraceCheckUtils]: 157: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;~value := #in~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,851 INFO L290 TraceCheckUtils]: 158: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,851 INFO L290 TraceCheckUtils]: 159: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,852 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1682#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,852 INFO L290 TraceCheckUtils]: 161: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,853 INFO L272 TraceCheckUtils]: 162: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,853 INFO L290 TraceCheckUtils]: 163: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;havoc ~retValue_acc~24; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,853 INFO L290 TraceCheckUtils]: 164: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,854 INFO L290 TraceCheckUtils]: 165: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,854 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1684#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,855 INFO L290 TraceCheckUtils]: 167: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,855 INFO L290 TraceCheckUtils]: 168: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,855 INFO L272 TraceCheckUtils]: 169: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,856 INFO L290 TraceCheckUtils]: 170: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} ~handle := #in~handle;havoc ~retValue_acc~19; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,856 INFO L290 TraceCheckUtils]: 171: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,856 INFO L290 TraceCheckUtils]: 172: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume true; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,857 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} #1686#return; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,857 INFO L290 TraceCheckUtils]: 174: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} is VALID [2022-02-20 17:59:36,857 INFO L290 TraceCheckUtils]: 175: Hoare triple {38781#(= ~__SELECTED_FEATURE_Decrypt~0 0)} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret73#1, incoming__role__Decrypt_#t~ret74#1, incoming__role__Decrypt_#t~ret75#1, incoming__role__Decrypt_#t~ret76#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~15#1, incoming__role__Decrypt_~tmp___0~5#1, incoming__role__Decrypt_~tmp___1~2#1, incoming__role__Decrypt_~tmp___2~2#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~15#1;havoc incoming__role__Decrypt_~tmp___0~5#1;havoc incoming__role__Decrypt_~tmp___1~2#1;havoc incoming__role__Decrypt_~tmp___2~2#1; {38523#false} is VALID [2022-02-20 17:59:36,858 INFO L272 TraceCheckUtils]: 176: Hoare triple {38523#false} call incoming__role__Decrypt_#t~ret73#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {38523#false} is VALID [2022-02-20 17:59:36,858 INFO L290 TraceCheckUtils]: 177: Hoare triple {38523#false} ~handle := #in~handle;havoc ~retValue_acc~36; {38523#false} is VALID [2022-02-20 17:59:36,858 INFO L290 TraceCheckUtils]: 178: Hoare triple {38523#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {38523#false} is VALID [2022-02-20 17:59:36,858 INFO L290 TraceCheckUtils]: 179: Hoare triple {38523#false} assume true; {38523#false} is VALID [2022-02-20 17:59:36,858 INFO L284 TraceCheckUtils]: 180: Hoare quadruple {38523#false} {38523#false} #1688#return; {38523#false} is VALID [2022-02-20 17:59:36,858 INFO L290 TraceCheckUtils]: 181: Hoare triple {38523#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret73#1 && incoming__role__Decrypt_#t~ret73#1 <= 2147483647;incoming__role__Decrypt_~tmp~15#1 := incoming__role__Decrypt_#t~ret73#1;havoc incoming__role__Decrypt_#t~ret73#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~15#1; {38523#false} is VALID [2022-02-20 17:59:36,858 INFO L290 TraceCheckUtils]: 182: Hoare triple {38523#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {38523#false} is VALID [2022-02-20 17:59:36,858 INFO L272 TraceCheckUtils]: 183: Hoare triple {38523#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L290 TraceCheckUtils]: 184: Hoare triple {38523#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L290 TraceCheckUtils]: 185: Hoare triple {38523#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L290 TraceCheckUtils]: 186: Hoare triple {38523#false} assume 1 == ~sent_signed~0; {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L272 TraceCheckUtils]: 187: Hoare triple {38523#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L290 TraceCheckUtils]: 188: Hoare triple {38523#false} ~handle := #in~handle;havoc ~retValue_acc~18; {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L290 TraceCheckUtils]: 189: Hoare triple {38523#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L290 TraceCheckUtils]: 190: Hoare triple {38523#false} assume true; {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L284 TraceCheckUtils]: 191: Hoare quadruple {38523#false} {38523#false} #1608#return; {38523#false} is VALID [2022-02-20 17:59:36,859 INFO L290 TraceCheckUtils]: 192: Hoare triple {38523#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {38523#false} is VALID [2022-02-20 17:59:36,860 INFO L272 TraceCheckUtils]: 193: Hoare triple {38523#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {38523#false} is VALID [2022-02-20 17:59:36,860 INFO L290 TraceCheckUtils]: 194: Hoare triple {38523#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {38523#false} is VALID [2022-02-20 17:59:36,860 INFO L290 TraceCheckUtils]: 195: Hoare triple {38523#false} assume 1 == ~handle; {38523#false} is VALID [2022-02-20 17:59:36,860 INFO L290 TraceCheckUtils]: 196: Hoare triple {38523#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {38523#false} is VALID [2022-02-20 17:59:36,860 INFO L290 TraceCheckUtils]: 197: Hoare triple {38523#false} assume true; {38523#false} is VALID [2022-02-20 17:59:36,860 INFO L284 TraceCheckUtils]: 198: Hoare quadruple {38523#false} {38523#false} #1610#return; {38523#false} is VALID [2022-02-20 17:59:36,860 INFO L290 TraceCheckUtils]: 199: Hoare triple {38523#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {38523#false} is VALID [2022-02-20 17:59:36,860 INFO L290 TraceCheckUtils]: 200: Hoare triple {38523#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {38523#false} is VALID [2022-02-20 17:59:36,861 INFO L272 TraceCheckUtils]: 201: Hoare triple {38523#false} call __automaton_fail(); {38523#false} is VALID [2022-02-20 17:59:36,861 INFO L290 TraceCheckUtils]: 202: Hoare triple {38523#false} assume !false; {38523#false} is VALID [2022-02-20 17:59:36,861 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 114 trivial. 0 not checked. [2022-02-20 17:59:36,861 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:36,861 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1016503287] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:36,861 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:36,862 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 17:59:36,862 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1454103915] [2022-02-20 17:59:36,862 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:36,862 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 3 states have call successors, (33), 3 states have call predecessors, (33), 3 states have return successors, (26), 3 states have call predecessors, (26), 3 states have call successors, (26) Word has length 203 [2022-02-20 17:59:36,863 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:36,863 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 3 states have call successors, (33), 3 states have call predecessors, (33), 3 states have return successors, (26), 3 states have call predecessors, (26), 3 states have call successors, (26) [2022-02-20 17:59:36,981 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 173 edges. 173 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:36,981 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:59:36,981 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:36,981 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:59:36,981 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:36,982 INFO L87 Difference]: Start difference. First operand 1338 states and 1965 transitions. Second operand has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 3 states have call successors, (33), 3 states have call predecessors, (33), 3 states have return successors, (26), 3 states have call predecessors, (26), 3 states have call successors, (26) [2022-02-20 17:59:38,376 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:38,376 INFO L93 Difference]: Finished difference Result 3228 states and 4751 transitions. [2022-02-20 17:59:38,376 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:59:38,377 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 3 states have call successors, (33), 3 states have call predecessors, (33), 3 states have return successors, (26), 3 states have call predecessors, (26), 3 states have call successors, (26) Word has length 203 [2022-02-20 17:59:38,377 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:38,377 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 3 states have call successors, (33), 3 states have call predecessors, (33), 3 states have return successors, (26), 3 states have call predecessors, (26), 3 states have call successors, (26) [2022-02-20 17:59:38,393 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 2131 transitions. [2022-02-20 17:59:38,394 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 3 states have call successors, (33), 3 states have call predecessors, (33), 3 states have return successors, (26), 3 states have call predecessors, (26), 3 states have call successors, (26) [2022-02-20 17:59:38,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 2131 transitions. [2022-02-20 17:59:38,410 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 2131 transitions. [2022-02-20 17:59:39,879 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 2131 edges. 2131 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:40,167 INFO L225 Difference]: With dead ends: 3228 [2022-02-20 17:59:40,167 INFO L226 Difference]: Without dead ends: 2599 [2022-02-20 17:59:40,169 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 260 GetRequests, 249 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:59:40,170 INFO L933 BasicCegarLoop]: 963 mSDtfsCounter, 723 mSDsluCounter, 826 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 723 SdHoareTripleChecker+Valid, 1789 SdHoareTripleChecker+Invalid, 7 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:40,170 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [723 Valid, 1789 Invalid, 7 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:40,172 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2599 states. [2022-02-20 17:59:40,250 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2599 to 2595. [2022-02-20 17:59:40,251 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:40,292 INFO L82 GeneralOperation]: Start isEquivalent. First operand 2599 states. Second operand has 2595 states, 2005 states have (on average 1.4718204488778055) internal successors, (2951), 2030 states have internal predecessors, (2951), 420 states have call successors, (420), 170 states have call predecessors, (420), 169 states have return successors, (468), 414 states have call predecessors, (468), 414 states have call successors, (468) [2022-02-20 17:59:40,295 INFO L74 IsIncluded]: Start isIncluded. First operand 2599 states. Second operand has 2595 states, 2005 states have (on average 1.4718204488778055) internal successors, (2951), 2030 states have internal predecessors, (2951), 420 states have call successors, (420), 170 states have call predecessors, (420), 169 states have return successors, (468), 414 states have call predecessors, (468), 414 states have call successors, (468) [2022-02-20 17:59:40,299 INFO L87 Difference]: Start difference. First operand 2599 states. Second operand has 2595 states, 2005 states have (on average 1.4718204488778055) internal successors, (2951), 2030 states have internal predecessors, (2951), 420 states have call successors, (420), 170 states have call predecessors, (420), 169 states have return successors, (468), 414 states have call predecessors, (468), 414 states have call successors, (468) [2022-02-20 17:59:40,486 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:40,487 INFO L93 Difference]: Finished difference Result 2599 states and 3842 transitions. [2022-02-20 17:59:40,487 INFO L276 IsEmpty]: Start isEmpty. Operand 2599 states and 3842 transitions. [2022-02-20 17:59:40,492 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:40,492 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:40,497 INFO L74 IsIncluded]: Start isIncluded. First operand has 2595 states, 2005 states have (on average 1.4718204488778055) internal successors, (2951), 2030 states have internal predecessors, (2951), 420 states have call successors, (420), 170 states have call predecessors, (420), 169 states have return successors, (468), 414 states have call predecessors, (468), 414 states have call successors, (468) Second operand 2599 states. [2022-02-20 17:59:40,500 INFO L87 Difference]: Start difference. First operand has 2595 states, 2005 states have (on average 1.4718204488778055) internal successors, (2951), 2030 states have internal predecessors, (2951), 420 states have call successors, (420), 170 states have call predecessors, (420), 169 states have return successors, (468), 414 states have call predecessors, (468), 414 states have call successors, (468) Second operand 2599 states. [2022-02-20 17:59:40,690 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:40,690 INFO L93 Difference]: Finished difference Result 2599 states and 3842 transitions. [2022-02-20 17:59:40,690 INFO L276 IsEmpty]: Start isEmpty. Operand 2599 states and 3842 transitions. [2022-02-20 17:59:40,695 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:40,696 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:40,696 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:40,696 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:40,700 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2595 states, 2005 states have (on average 1.4718204488778055) internal successors, (2951), 2030 states have internal predecessors, (2951), 420 states have call successors, (420), 170 states have call predecessors, (420), 169 states have return successors, (468), 414 states have call predecessors, (468), 414 states have call successors, (468) [2022-02-20 17:59:40,999 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2595 states to 2595 states and 3839 transitions. [2022-02-20 17:59:40,999 INFO L78 Accepts]: Start accepts. Automaton has 2595 states and 3839 transitions. Word has length 203 [2022-02-20 17:59:40,999 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:41,000 INFO L470 AbstractCegarLoop]: Abstraction has 2595 states and 3839 transitions. [2022-02-20 17:59:41,000 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 38.0) internal successors, (114), 3 states have internal predecessors, (114), 3 states have call successors, (33), 3 states have call predecessors, (33), 3 states have return successors, (26), 3 states have call predecessors, (26), 3 states have call successors, (26) [2022-02-20 17:59:41,000 INFO L276 IsEmpty]: Start isEmpty. Operand 2595 states and 3839 transitions. [2022-02-20 17:59:41,005 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 197 [2022-02-20 17:59:41,005 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:41,005 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:41,026 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:41,224 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:41,224 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:41,224 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:41,225 INFO L85 PathProgramCache]: Analyzing trace with hash 1967193169, now seen corresponding path program 1 times [2022-02-20 17:59:41,225 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:41,225 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1874120043] [2022-02-20 17:59:41,225 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:41,225 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:41,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:41,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,294 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {52473#true} {52473#true} #1754#return; {52473#true} is VALID [2022-02-20 17:59:41,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:41,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,297 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,297 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,298 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {52473#true} {52473#true} #1756#return; {52473#true} is VALID [2022-02-20 17:59:41,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:41,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,300 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,301 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {52473#true} {52473#true} #1758#return; {52473#true} is VALID [2022-02-20 17:59:41,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:41,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,303 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,303 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,303 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {52473#true} {52473#true} #1760#return; {52473#true} is VALID [2022-02-20 17:59:41,304 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:41,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,307 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {52473#true} {52473#true} #1762#return; {52473#true} is VALID [2022-02-20 17:59:41,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:41,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,312 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {52473#true} {52473#true} #1764#return; {52473#true} is VALID [2022-02-20 17:59:41,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:41,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,315 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {52473#true} {52473#true} #1766#return; {52473#true} is VALID [2022-02-20 17:59:41,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:41,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,319 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,319 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,319 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {52473#true} {52473#true} #1768#return; {52473#true} is VALID [2022-02-20 17:59:41,324 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:41,325 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,327 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:41,327 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,329 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52473#true} #1752#return; {52473#true} is VALID [2022-02-20 17:59:41,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {52473#true} is VALID [2022-02-20 17:59:41,330 INFO L272 TraceCheckUtils]: 1: Hoare triple {52473#true} call setClientId(~bob___0, ~bob___0); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,330 INFO L290 TraceCheckUtils]: 2: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,330 INFO L290 TraceCheckUtils]: 3: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,330 INFO L290 TraceCheckUtils]: 4: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,330 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {52473#true} {52473#true} #1752#return; {52473#true} is VALID [2022-02-20 17:59:41,330 INFO L290 TraceCheckUtils]: 6: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,331 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {52473#true} {52473#true} #1770#return; {52473#true} is VALID [2022-02-20 17:59:41,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:41,337 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,339 INFO L290 TraceCheckUtils]: 0: Hoare triple {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,339 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,339 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,339 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52473#true} #1772#return; {52473#true} is VALID [2022-02-20 17:59:41,340 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:41,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,355 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:41,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,375 INFO L290 TraceCheckUtils]: 0: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52582#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:41,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {52582#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52583#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {52583#(= |setClientId_#in~handle| 1)} assume true; {52583#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,377 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52583#(= |setClientId_#in~handle| 1)} {52576#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:41,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {52576#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:41,378 INFO L272 TraceCheckUtils]: 1: Hoare triple {52576#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52582#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:41,378 INFO L290 TraceCheckUtils]: 3: Hoare triple {52582#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52583#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,378 INFO L290 TraceCheckUtils]: 4: Hoare triple {52583#(= |setClientId_#in~handle| 1)} assume true; {52583#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,379 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {52583#(= |setClientId_#in~handle| 1)} {52576#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:41,379 INFO L290 TraceCheckUtils]: 6: Hoare triple {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:41,380 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {52512#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {52474#false} is VALID [2022-02-20 17:59:41,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:59:41,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,383 INFO L290 TraceCheckUtils]: 0: Hoare triple {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,383 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,383 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,383 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1778#return; {52474#false} is VALID [2022-02-20 17:59:41,383 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:59:41,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,386 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:41,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,389 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,389 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,389 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52473#true} #1648#return; {52473#true} is VALID [2022-02-20 17:59:41,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {52473#true} is VALID [2022-02-20 17:59:41,390 INFO L272 TraceCheckUtils]: 1: Hoare triple {52473#true} call setClientId(~chuck___0, ~chuck___0); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,390 INFO L290 TraceCheckUtils]: 3: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,390 INFO L290 TraceCheckUtils]: 4: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,390 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {52473#true} {52473#true} #1648#return; {52473#true} is VALID [2022-02-20 17:59:41,391 INFO L290 TraceCheckUtils]: 6: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,391 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {52473#true} {52474#false} #1782#return; {52474#false} is VALID [2022-02-20 17:59:41,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:41,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,395 INFO L290 TraceCheckUtils]: 0: Hoare triple {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,395 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,395 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,395 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1784#return; {52474#false} is VALID [2022-02-20 17:59:41,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:59:41,404 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {52588#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,406 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,406 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1670#return; {52474#false} is VALID [2022-02-20 17:59:41,414 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:59:41,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {52589#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,417 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1672#return; {52474#false} is VALID [2022-02-20 17:59:41,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 17:59:41,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} ~handle := #in~handle;havoc ~retValue_acc~36; {52473#true} is VALID [2022-02-20 17:59:41,420 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {52473#true} is VALID [2022-02-20 17:59:41,420 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,420 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1602#return; {52474#false} is VALID [2022-02-20 17:59:41,420 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 17:59:41,421 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,428 INFO L290 TraceCheckUtils]: 0: Hoare triple {52588#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,428 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,428 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,429 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1682#return; {52474#false} is VALID [2022-02-20 17:59:41,429 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-02-20 17:59:41,430 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,431 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} ~handle := #in~handle;havoc ~retValue_acc~24; {52473#true} is VALID [2022-02-20 17:59:41,432 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {52473#true} is VALID [2022-02-20 17:59:41,432 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,432 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1684#return; {52474#false} is VALID [2022-02-20 17:59:41,432 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-02-20 17:59:41,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,438 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} ~handle := #in~handle;havoc ~retValue_acc~19; {52473#true} is VALID [2022-02-20 17:59:41,439 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {52473#true} is VALID [2022-02-20 17:59:41,439 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,439 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1686#return; {52474#false} is VALID [2022-02-20 17:59:41,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 180 [2022-02-20 17:59:41,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,442 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} ~handle := #in~handle;havoc ~retValue_acc~18; {52473#true} is VALID [2022-02-20 17:59:41,442 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {52473#true} is VALID [2022-02-20 17:59:41,442 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,442 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {52473#true} {52474#false} #1608#return; {52474#false} is VALID [2022-02-20 17:59:41,442 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 186 [2022-02-20 17:59:41,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,444 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {52473#true} is VALID [2022-02-20 17:59:41,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume 1 == ~handle; {52473#true} is VALID [2022-02-20 17:59:41,445 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {52473#true} is VALID [2022-02-20 17:59:41,445 INFO L290 TraceCheckUtils]: 3: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,445 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {52473#true} {52474#false} #1610#return; {52474#false} is VALID [2022-02-20 17:59:41,445 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {52473#true} is VALID [2022-02-20 17:59:41,445 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {52473#true} is VALID [2022-02-20 17:59:41,445 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {52473#true} is VALID [2022-02-20 17:59:41,445 INFO L272 TraceCheckUtils]: 3: Hoare triple {52473#true} call select_features_#t~ret27#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:41,445 INFO L290 TraceCheckUtils]: 4: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L290 TraceCheckUtils]: 5: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {52473#true} {52473#true} #1754#return; {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L290 TraceCheckUtils]: 7: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L272 TraceCheckUtils]: 8: Hoare triple {52473#true} call select_features_#t~ret28#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L290 TraceCheckUtils]: 9: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L290 TraceCheckUtils]: 10: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {52473#true} {52473#true} #1756#return; {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L290 TraceCheckUtils]: 12: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {52473#true} is VALID [2022-02-20 17:59:41,446 INFO L272 TraceCheckUtils]: 13: Hoare triple {52473#true} call select_features_#t~ret29#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L290 TraceCheckUtils]: 14: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L290 TraceCheckUtils]: 15: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {52473#true} {52473#true} #1758#return; {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L290 TraceCheckUtils]: 17: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L272 TraceCheckUtils]: 18: Hoare triple {52473#true} call select_features_#t~ret30#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L290 TraceCheckUtils]: 19: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L290 TraceCheckUtils]: 20: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {52473#true} {52473#true} #1760#return; {52473#true} is VALID [2022-02-20 17:59:41,447 INFO L290 TraceCheckUtils]: 22: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L272 TraceCheckUtils]: 23: Hoare triple {52473#true} call select_features_#t~ret31#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L290 TraceCheckUtils]: 24: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L290 TraceCheckUtils]: 25: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {52473#true} {52473#true} #1762#return; {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L290 TraceCheckUtils]: 27: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L272 TraceCheckUtils]: 28: Hoare triple {52473#true} call select_features_#t~ret32#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L290 TraceCheckUtils]: 29: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L290 TraceCheckUtils]: 30: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,448 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {52473#true} {52473#true} #1764#return; {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L290 TraceCheckUtils]: 32: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L272 TraceCheckUtils]: 33: Hoare triple {52473#true} call select_features_#t~ret33#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L290 TraceCheckUtils]: 34: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L290 TraceCheckUtils]: 35: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {52473#true} {52473#true} #1766#return; {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L290 TraceCheckUtils]: 37: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L272 TraceCheckUtils]: 38: Hoare triple {52473#true} call select_features_#t~ret34#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L290 TraceCheckUtils]: 39: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:41,449 INFO L290 TraceCheckUtils]: 40: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {52473#true} {52473#true} #1768#return; {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L290 TraceCheckUtils]: 42: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L290 TraceCheckUtils]: 43: Hoare triple {52473#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L290 TraceCheckUtils]: 44: Hoare triple {52473#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L290 TraceCheckUtils]: 45: Hoare triple {52473#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L290 TraceCheckUtils]: 46: Hoare triple {52473#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L290 TraceCheckUtils]: 47: Hoare triple {52473#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L290 TraceCheckUtils]: 48: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {52473#true} is VALID [2022-02-20 17:59:41,450 INFO L290 TraceCheckUtils]: 49: Hoare triple {52473#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {52473#true} is VALID [2022-02-20 17:59:41,451 INFO L290 TraceCheckUtils]: 50: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {52473#true} is VALID [2022-02-20 17:59:41,451 INFO L290 TraceCheckUtils]: 51: Hoare triple {52473#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {52473#true} is VALID [2022-02-20 17:59:41,451 INFO L290 TraceCheckUtils]: 52: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {52473#true} is VALID [2022-02-20 17:59:41,451 INFO L290 TraceCheckUtils]: 53: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {52473#true} is VALID [2022-02-20 17:59:41,451 INFO L290 TraceCheckUtils]: 54: Hoare triple {52473#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {52473#true} is VALID [2022-02-20 17:59:41,451 INFO L290 TraceCheckUtils]: 55: Hoare triple {52473#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {52473#true} is VALID [2022-02-20 17:59:41,451 INFO L290 TraceCheckUtils]: 56: Hoare triple {52473#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {52473#true} is VALID [2022-02-20 17:59:41,451 INFO L290 TraceCheckUtils]: 57: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {52473#true} is VALID [2022-02-20 17:59:41,452 INFO L272 TraceCheckUtils]: 58: Hoare triple {52473#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,452 INFO L290 TraceCheckUtils]: 59: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {52473#true} is VALID [2022-02-20 17:59:41,453 INFO L272 TraceCheckUtils]: 60: Hoare triple {52473#true} call setClientId(~bob___0, ~bob___0); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,453 INFO L290 TraceCheckUtils]: 61: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,453 INFO L290 TraceCheckUtils]: 62: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,453 INFO L290 TraceCheckUtils]: 63: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,453 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {52473#true} {52473#true} #1752#return; {52473#true} is VALID [2022-02-20 17:59:41,453 INFO L290 TraceCheckUtils]: 65: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,453 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {52473#true} {52473#true} #1770#return; {52473#true} is VALID [2022-02-20 17:59:41,454 INFO L272 TraceCheckUtils]: 67: Hoare triple {52473#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:41,454 INFO L290 TraceCheckUtils]: 68: Hoare triple {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,454 INFO L290 TraceCheckUtils]: 69: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,454 INFO L290 TraceCheckUtils]: 70: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,454 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {52473#true} {52473#true} #1772#return; {52473#true} is VALID [2022-02-20 17:59:41,454 INFO L290 TraceCheckUtils]: 72: Hoare triple {52473#true} assume { :end_inline_setup_bob__role__Keys } true; {52473#true} is VALID [2022-02-20 17:59:41,455 INFO L290 TraceCheckUtils]: 73: Hoare triple {52473#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {52511#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:41,455 INFO L290 TraceCheckUtils]: 74: Hoare triple {52511#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {52512#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 17:59:41,456 INFO L272 TraceCheckUtils]: 75: Hoare triple {52512#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,456 INFO L290 TraceCheckUtils]: 76: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {52576#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:41,456 INFO L272 TraceCheckUtils]: 77: Hoare triple {52576#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,457 INFO L290 TraceCheckUtils]: 78: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52582#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:41,457 INFO L290 TraceCheckUtils]: 79: Hoare triple {52582#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52583#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,457 INFO L290 TraceCheckUtils]: 80: Hoare triple {52583#(= |setClientId_#in~handle| 1)} assume true; {52583#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:41,458 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {52583#(= |setClientId_#in~handle| 1)} {52576#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:41,458 INFO L290 TraceCheckUtils]: 82: Hoare triple {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:41,458 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {52581#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {52512#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1776#return; {52474#false} is VALID [2022-02-20 17:59:41,459 INFO L272 TraceCheckUtils]: 84: Hoare triple {52474#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:41,459 INFO L290 TraceCheckUtils]: 85: Hoare triple {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,459 INFO L290 TraceCheckUtils]: 86: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,459 INFO L290 TraceCheckUtils]: 87: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,459 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {52473#true} {52474#false} #1778#return; {52474#false} is VALID [2022-02-20 17:59:41,459 INFO L290 TraceCheckUtils]: 89: Hoare triple {52474#false} assume { :end_inline_setup_rjh__role__Keys } true; {52474#false} is VALID [2022-02-20 17:59:41,459 INFO L290 TraceCheckUtils]: 90: Hoare triple {52474#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {52474#false} is VALID [2022-02-20 17:59:41,459 INFO L290 TraceCheckUtils]: 91: Hoare triple {52474#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {52474#false} is VALID [2022-02-20 17:59:41,460 INFO L272 TraceCheckUtils]: 92: Hoare triple {52474#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,460 INFO L290 TraceCheckUtils]: 93: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {52473#true} is VALID [2022-02-20 17:59:41,460 INFO L272 TraceCheckUtils]: 94: Hoare triple {52473#true} call setClientId(~chuck___0, ~chuck___0); {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:41,460 INFO L290 TraceCheckUtils]: 95: Hoare triple {52570#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,460 INFO L290 TraceCheckUtils]: 96: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,460 INFO L290 TraceCheckUtils]: 97: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,461 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {52473#true} {52473#true} #1648#return; {52473#true} is VALID [2022-02-20 17:59:41,461 INFO L290 TraceCheckUtils]: 99: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,461 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {52473#true} {52474#false} #1782#return; {52474#false} is VALID [2022-02-20 17:59:41,461 INFO L272 TraceCheckUtils]: 101: Hoare triple {52474#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:41,461 INFO L290 TraceCheckUtils]: 102: Hoare triple {52575#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,461 INFO L290 TraceCheckUtils]: 103: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,461 INFO L290 TraceCheckUtils]: 104: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,461 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {52473#true} {52474#false} #1784#return; {52474#false} is VALID [2022-02-20 17:59:41,461 INFO L290 TraceCheckUtils]: 106: Hoare triple {52474#false} assume { :end_inline_setup_chuck__role__Keys } true; {52474#false} is VALID [2022-02-20 17:59:41,462 INFO L290 TraceCheckUtils]: 107: Hoare triple {52474#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {52474#false} is VALID [2022-02-20 17:59:41,462 INFO L290 TraceCheckUtils]: 108: Hoare triple {52474#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {52474#false} is VALID [2022-02-20 17:59:41,462 INFO L290 TraceCheckUtils]: 109: Hoare triple {52474#false} assume !false; {52474#false} is VALID [2022-02-20 17:59:41,462 INFO L290 TraceCheckUtils]: 110: Hoare triple {52474#false} assume test_~splverifierCounter~0#1 < 4; {52474#false} is VALID [2022-02-20 17:59:41,462 INFO L290 TraceCheckUtils]: 111: Hoare triple {52474#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {52474#false} is VALID [2022-02-20 17:59:41,462 INFO L290 TraceCheckUtils]: 112: Hoare triple {52474#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {52474#false} is VALID [2022-02-20 17:59:41,462 INFO L290 TraceCheckUtils]: 113: Hoare triple {52474#false} assume !(0 != test_~tmp___9~0#1); {52474#false} is VALID [2022-02-20 17:59:41,462 INFO L290 TraceCheckUtils]: 114: Hoare triple {52474#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L290 TraceCheckUtils]: 115: Hoare triple {52474#false} assume 0 != test_~tmp___8~0#1; {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L290 TraceCheckUtils]: 116: Hoare triple {52474#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L290 TraceCheckUtils]: 117: Hoare triple {52474#false} test_~op2~0#1 := 1; {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L290 TraceCheckUtils]: 118: Hoare triple {52474#false} assume !false; {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L290 TraceCheckUtils]: 119: Hoare triple {52474#false} assume !(test_~splverifierCounter~0#1 < 4); {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L290 TraceCheckUtils]: 120: Hoare triple {52474#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L272 TraceCheckUtils]: 121: Hoare triple {52474#false} call sendEmail(~bob~0, ~rjh~0); {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L290 TraceCheckUtils]: 122: Hoare triple {52474#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {52474#false} is VALID [2022-02-20 17:59:41,463 INFO L272 TraceCheckUtils]: 123: Hoare triple {52474#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {52588#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:41,464 INFO L290 TraceCheckUtils]: 124: Hoare triple {52588#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,464 INFO L290 TraceCheckUtils]: 125: Hoare triple {52473#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,464 INFO L290 TraceCheckUtils]: 126: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,464 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {52473#true} {52474#false} #1670#return; {52474#false} is VALID [2022-02-20 17:59:41,464 INFO L272 TraceCheckUtils]: 128: Hoare triple {52474#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {52589#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:41,464 INFO L290 TraceCheckUtils]: 129: Hoare triple {52589#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,464 INFO L290 TraceCheckUtils]: 130: Hoare triple {52473#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,464 INFO L290 TraceCheckUtils]: 131: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,464 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {52473#true} {52474#false} #1672#return; {52474#false} is VALID [2022-02-20 17:59:41,465 INFO L290 TraceCheckUtils]: 133: Hoare triple {52474#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {52474#false} is VALID [2022-02-20 17:59:41,465 INFO L290 TraceCheckUtils]: 134: Hoare triple {52474#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {52474#false} is VALID [2022-02-20 17:59:41,465 INFO L272 TraceCheckUtils]: 135: Hoare triple {52474#false} call outgoing(~sender#1, ~email~0#1); {52474#false} is VALID [2022-02-20 17:59:41,465 INFO L290 TraceCheckUtils]: 136: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {52474#false} is VALID [2022-02-20 17:59:41,465 INFO L290 TraceCheckUtils]: 137: Hoare triple {52474#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {52474#false} is VALID [2022-02-20 17:59:41,465 INFO L272 TraceCheckUtils]: 138: Hoare triple {52474#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {52473#true} is VALID [2022-02-20 17:59:41,465 INFO L290 TraceCheckUtils]: 139: Hoare triple {52473#true} ~handle := #in~handle;havoc ~retValue_acc~36; {52473#true} is VALID [2022-02-20 17:59:41,465 INFO L290 TraceCheckUtils]: 140: Hoare triple {52473#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {52473#true} is VALID [2022-02-20 17:59:41,465 INFO L290 TraceCheckUtils]: 141: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,466 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {52473#true} {52474#false} #1602#return; {52474#false} is VALID [2022-02-20 17:59:41,466 INFO L290 TraceCheckUtils]: 143: Hoare triple {52474#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {52474#false} is VALID [2022-02-20 17:59:41,466 INFO L290 TraceCheckUtils]: 144: Hoare triple {52474#false} assume 0 == sign_~privkey~1#1; {52474#false} is VALID [2022-02-20 17:59:41,466 INFO L290 TraceCheckUtils]: 145: Hoare triple {52474#false} assume { :end_inline_sign } true; {52474#false} is VALID [2022-02-20 17:59:41,466 INFO L272 TraceCheckUtils]: 146: Hoare triple {52474#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {52474#false} is VALID [2022-02-20 17:59:41,466 INFO L290 TraceCheckUtils]: 147: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {52474#false} is VALID [2022-02-20 17:59:41,466 INFO L290 TraceCheckUtils]: 148: Hoare triple {52474#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {52474#false} is VALID [2022-02-20 17:59:41,466 INFO L272 TraceCheckUtils]: 149: Hoare triple {52474#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {52474#false} is VALID [2022-02-20 17:59:41,466 INFO L290 TraceCheckUtils]: 150: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {52474#false} is VALID [2022-02-20 17:59:41,467 INFO L290 TraceCheckUtils]: 151: Hoare triple {52474#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {52474#false} is VALID [2022-02-20 17:59:41,467 INFO L272 TraceCheckUtils]: 152: Hoare triple {52474#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {52474#false} is VALID [2022-02-20 17:59:41,467 INFO L290 TraceCheckUtils]: 153: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {52474#false} is VALID [2022-02-20 17:59:41,467 INFO L290 TraceCheckUtils]: 154: Hoare triple {52474#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {52474#false} is VALID [2022-02-20 17:59:41,467 INFO L290 TraceCheckUtils]: 155: Hoare triple {52474#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {52474#false} is VALID [2022-02-20 17:59:41,467 INFO L272 TraceCheckUtils]: 156: Hoare triple {52474#false} call setEmailFrom(~msg#1, ~tmp~10#1); {52588#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:41,467 INFO L290 TraceCheckUtils]: 157: Hoare triple {52588#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:41,467 INFO L290 TraceCheckUtils]: 158: Hoare triple {52473#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:41,467 INFO L290 TraceCheckUtils]: 159: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,468 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {52473#true} {52474#false} #1682#return; {52474#false} is VALID [2022-02-20 17:59:41,468 INFO L290 TraceCheckUtils]: 161: Hoare triple {52474#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {52474#false} is VALID [2022-02-20 17:59:41,468 INFO L272 TraceCheckUtils]: 162: Hoare triple {52474#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {52473#true} is VALID [2022-02-20 17:59:41,468 INFO L290 TraceCheckUtils]: 163: Hoare triple {52473#true} ~handle := #in~handle;havoc ~retValue_acc~24; {52473#true} is VALID [2022-02-20 17:59:41,468 INFO L290 TraceCheckUtils]: 164: Hoare triple {52473#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {52473#true} is VALID [2022-02-20 17:59:41,468 INFO L290 TraceCheckUtils]: 165: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,468 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {52473#true} {52474#false} #1684#return; {52474#false} is VALID [2022-02-20 17:59:41,468 INFO L290 TraceCheckUtils]: 167: Hoare triple {52474#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {52474#false} is VALID [2022-02-20 17:59:41,468 INFO L290 TraceCheckUtils]: 168: Hoare triple {52474#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {52474#false} is VALID [2022-02-20 17:59:41,469 INFO L272 TraceCheckUtils]: 169: Hoare triple {52474#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {52473#true} is VALID [2022-02-20 17:59:41,469 INFO L290 TraceCheckUtils]: 170: Hoare triple {52473#true} ~handle := #in~handle;havoc ~retValue_acc~19; {52473#true} is VALID [2022-02-20 17:59:41,469 INFO L290 TraceCheckUtils]: 171: Hoare triple {52473#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {52473#true} is VALID [2022-02-20 17:59:41,469 INFO L290 TraceCheckUtils]: 172: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,469 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {52473#true} {52474#false} #1686#return; {52474#false} is VALID [2022-02-20 17:59:41,469 INFO L290 TraceCheckUtils]: 174: Hoare triple {52474#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {52474#false} is VALID [2022-02-20 17:59:41,469 INFO L290 TraceCheckUtils]: 175: Hoare triple {52474#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {52474#false} is VALID [2022-02-20 17:59:41,469 INFO L272 TraceCheckUtils]: 176: Hoare triple {52474#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {52474#false} is VALID [2022-02-20 17:59:41,469 INFO L290 TraceCheckUtils]: 177: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {52474#false} is VALID [2022-02-20 17:59:41,470 INFO L290 TraceCheckUtils]: 178: Hoare triple {52474#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {52474#false} is VALID [2022-02-20 17:59:41,470 INFO L290 TraceCheckUtils]: 179: Hoare triple {52474#false} assume 1 == ~sent_signed~0; {52474#false} is VALID [2022-02-20 17:59:41,470 INFO L272 TraceCheckUtils]: 180: Hoare triple {52474#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {52473#true} is VALID [2022-02-20 17:59:41,470 INFO L290 TraceCheckUtils]: 181: Hoare triple {52473#true} ~handle := #in~handle;havoc ~retValue_acc~18; {52473#true} is VALID [2022-02-20 17:59:41,470 INFO L290 TraceCheckUtils]: 182: Hoare triple {52473#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {52473#true} is VALID [2022-02-20 17:59:41,470 INFO L290 TraceCheckUtils]: 183: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,470 INFO L284 TraceCheckUtils]: 184: Hoare quadruple {52473#true} {52474#false} #1608#return; {52474#false} is VALID [2022-02-20 17:59:41,470 INFO L290 TraceCheckUtils]: 185: Hoare triple {52474#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {52474#false} is VALID [2022-02-20 17:59:41,471 INFO L272 TraceCheckUtils]: 186: Hoare triple {52474#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {52473#true} is VALID [2022-02-20 17:59:41,471 INFO L290 TraceCheckUtils]: 187: Hoare triple {52473#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {52473#true} is VALID [2022-02-20 17:59:41,471 INFO L290 TraceCheckUtils]: 188: Hoare triple {52473#true} assume 1 == ~handle; {52473#true} is VALID [2022-02-20 17:59:41,471 INFO L290 TraceCheckUtils]: 189: Hoare triple {52473#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {52473#true} is VALID [2022-02-20 17:59:41,471 INFO L290 TraceCheckUtils]: 190: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:41,471 INFO L284 TraceCheckUtils]: 191: Hoare quadruple {52473#true} {52474#false} #1610#return; {52474#false} is VALID [2022-02-20 17:59:41,471 INFO L290 TraceCheckUtils]: 192: Hoare triple {52474#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {52474#false} is VALID [2022-02-20 17:59:41,471 INFO L290 TraceCheckUtils]: 193: Hoare triple {52474#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {52474#false} is VALID [2022-02-20 17:59:41,471 INFO L272 TraceCheckUtils]: 194: Hoare triple {52474#false} call __automaton_fail(); {52474#false} is VALID [2022-02-20 17:59:41,472 INFO L290 TraceCheckUtils]: 195: Hoare triple {52474#false} assume !false; {52474#false} is VALID [2022-02-20 17:59:41,472 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 17:59:41,472 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:41,472 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1874120043] [2022-02-20 17:59:41,472 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1874120043] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:41,472 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [603824456] [2022-02-20 17:59:41,473 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:41,473 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:41,473 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:41,496 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:41,497 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:59:41,776 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,782 INFO L263 TraceCheckSpWp]: Trace formula consists of 1608 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 17:59:41,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:41,844 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:42,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {52473#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {52473#true} is VALID [2022-02-20 17:59:42,364 INFO L290 TraceCheckUtils]: 1: Hoare triple {52473#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {52473#true} is VALID [2022-02-20 17:59:42,365 INFO L290 TraceCheckUtils]: 2: Hoare triple {52473#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {52473#true} is VALID [2022-02-20 17:59:42,365 INFO L272 TraceCheckUtils]: 3: Hoare triple {52473#true} call select_features_#t~ret27#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:42,365 INFO L290 TraceCheckUtils]: 4: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:42,365 INFO L290 TraceCheckUtils]: 5: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,365 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {52473#true} {52473#true} #1754#return; {52473#true} is VALID [2022-02-20 17:59:42,365 INFO L290 TraceCheckUtils]: 7: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {52473#true} is VALID [2022-02-20 17:59:42,365 INFO L272 TraceCheckUtils]: 8: Hoare triple {52473#true} call select_features_#t~ret28#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:42,365 INFO L290 TraceCheckUtils]: 9: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L290 TraceCheckUtils]: 10: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {52473#true} {52473#true} #1756#return; {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L290 TraceCheckUtils]: 12: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L272 TraceCheckUtils]: 13: Hoare triple {52473#true} call select_features_#t~ret29#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L290 TraceCheckUtils]: 14: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L290 TraceCheckUtils]: 15: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {52473#true} {52473#true} #1758#return; {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L290 TraceCheckUtils]: 17: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {52473#true} is VALID [2022-02-20 17:59:42,366 INFO L272 TraceCheckUtils]: 18: Hoare triple {52473#true} call select_features_#t~ret30#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:42,367 INFO L290 TraceCheckUtils]: 19: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:42,367 INFO L290 TraceCheckUtils]: 20: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,367 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {52473#true} {52473#true} #1760#return; {52473#true} is VALID [2022-02-20 17:59:42,367 INFO L290 TraceCheckUtils]: 22: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {52473#true} is VALID [2022-02-20 17:59:42,367 INFO L272 TraceCheckUtils]: 23: Hoare triple {52473#true} call select_features_#t~ret31#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:42,367 INFO L290 TraceCheckUtils]: 24: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:42,367 INFO L290 TraceCheckUtils]: 25: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,367 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {52473#true} {52473#true} #1762#return; {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L290 TraceCheckUtils]: 27: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L272 TraceCheckUtils]: 28: Hoare triple {52473#true} call select_features_#t~ret32#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L290 TraceCheckUtils]: 29: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L290 TraceCheckUtils]: 30: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {52473#true} {52473#true} #1764#return; {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L290 TraceCheckUtils]: 32: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L272 TraceCheckUtils]: 33: Hoare triple {52473#true} call select_features_#t~ret33#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L290 TraceCheckUtils]: 34: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:42,368 INFO L290 TraceCheckUtils]: 35: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {52473#true} {52473#true} #1766#return; {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L290 TraceCheckUtils]: 37: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L272 TraceCheckUtils]: 38: Hoare triple {52473#true} call select_features_#t~ret34#1 := select_one(); {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L290 TraceCheckUtils]: 39: Hoare triple {52473#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L290 TraceCheckUtils]: 40: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {52473#true} {52473#true} #1768#return; {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L290 TraceCheckUtils]: 42: Hoare triple {52473#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L290 TraceCheckUtils]: 43: Hoare triple {52473#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {52473#true} is VALID [2022-02-20 17:59:42,369 INFO L290 TraceCheckUtils]: 44: Hoare triple {52473#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {52473#true} is VALID [2022-02-20 17:59:42,370 INFO L290 TraceCheckUtils]: 45: Hoare triple {52473#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {52473#true} is VALID [2022-02-20 17:59:42,370 INFO L290 TraceCheckUtils]: 46: Hoare triple {52473#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {52473#true} is VALID [2022-02-20 17:59:42,370 INFO L290 TraceCheckUtils]: 47: Hoare triple {52473#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {52473#true} is VALID [2022-02-20 17:59:42,370 INFO L290 TraceCheckUtils]: 48: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {52473#true} is VALID [2022-02-20 17:59:42,370 INFO L290 TraceCheckUtils]: 49: Hoare triple {52473#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {52473#true} is VALID [2022-02-20 17:59:42,370 INFO L290 TraceCheckUtils]: 50: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {52473#true} is VALID [2022-02-20 17:59:42,370 INFO L290 TraceCheckUtils]: 51: Hoare triple {52473#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {52473#true} is VALID [2022-02-20 17:59:42,370 INFO L290 TraceCheckUtils]: 52: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L290 TraceCheckUtils]: 53: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L290 TraceCheckUtils]: 54: Hoare triple {52473#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L290 TraceCheckUtils]: 55: Hoare triple {52473#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L290 TraceCheckUtils]: 56: Hoare triple {52473#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L290 TraceCheckUtils]: 57: Hoare triple {52473#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L272 TraceCheckUtils]: 58: Hoare triple {52473#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L290 TraceCheckUtils]: 59: Hoare triple {52473#true} ~bob___0 := #in~bob___0; {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L272 TraceCheckUtils]: 60: Hoare triple {52473#true} call setClientId(~bob___0, ~bob___0); {52473#true} is VALID [2022-02-20 17:59:42,371 INFO L290 TraceCheckUtils]: 61: Hoare triple {52473#true} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L290 TraceCheckUtils]: 62: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L290 TraceCheckUtils]: 63: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {52473#true} {52473#true} #1752#return; {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L290 TraceCheckUtils]: 65: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {52473#true} {52473#true} #1770#return; {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L272 TraceCheckUtils]: 67: Hoare triple {52473#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L290 TraceCheckUtils]: 68: Hoare triple {52473#true} ~handle := #in~handle;~value := #in~value; {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L290 TraceCheckUtils]: 69: Hoare triple {52473#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52473#true} is VALID [2022-02-20 17:59:42,372 INFO L290 TraceCheckUtils]: 70: Hoare triple {52473#true} assume true; {52473#true} is VALID [2022-02-20 17:59:42,373 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {52473#true} {52473#true} #1772#return; {52473#true} is VALID [2022-02-20 17:59:42,373 INFO L290 TraceCheckUtils]: 72: Hoare triple {52473#true} assume { :end_inline_setup_bob__role__Keys } true; {52473#true} is VALID [2022-02-20 17:59:42,373 INFO L290 TraceCheckUtils]: 73: Hoare triple {52473#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {52812#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:42,374 INFO L290 TraceCheckUtils]: 74: Hoare triple {52812#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {52816#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 17:59:42,374 INFO L272 TraceCheckUtils]: 75: Hoare triple {52816#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {52473#true} is VALID [2022-02-20 17:59:42,374 INFO L290 TraceCheckUtils]: 76: Hoare triple {52473#true} ~rjh___0 := #in~rjh___0; {52823#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 17:59:42,374 INFO L272 TraceCheckUtils]: 77: Hoare triple {52823#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {52473#true} is VALID [2022-02-20 17:59:42,375 INFO L290 TraceCheckUtils]: 78: Hoare triple {52473#true} ~handle := #in~handle;~value := #in~value; {52830#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:59:42,375 INFO L290 TraceCheckUtils]: 79: Hoare triple {52830#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52834#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:42,375 INFO L290 TraceCheckUtils]: 80: Hoare triple {52834#(<= |setClientId_#in~handle| 1)} assume true; {52834#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:42,376 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {52834#(<= |setClientId_#in~handle| 1)} {52823#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1704#return; {52841#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:42,376 INFO L290 TraceCheckUtils]: 82: Hoare triple {52841#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {52841#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 17:59:42,376 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {52841#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {52816#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1776#return; {52474#false} is VALID [2022-02-20 17:59:42,377 INFO L272 TraceCheckUtils]: 84: Hoare triple {52474#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {52474#false} is VALID [2022-02-20 17:59:42,377 INFO L290 TraceCheckUtils]: 85: Hoare triple {52474#false} ~handle := #in~handle;~value := #in~value; {52474#false} is VALID [2022-02-20 17:59:42,377 INFO L290 TraceCheckUtils]: 86: Hoare triple {52474#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52474#false} is VALID [2022-02-20 17:59:42,377 INFO L290 TraceCheckUtils]: 87: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,377 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {52474#false} {52474#false} #1778#return; {52474#false} is VALID [2022-02-20 17:59:42,377 INFO L290 TraceCheckUtils]: 89: Hoare triple {52474#false} assume { :end_inline_setup_rjh__role__Keys } true; {52474#false} is VALID [2022-02-20 17:59:42,377 INFO L290 TraceCheckUtils]: 90: Hoare triple {52474#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {52474#false} is VALID [2022-02-20 17:59:42,377 INFO L290 TraceCheckUtils]: 91: Hoare triple {52474#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L272 TraceCheckUtils]: 92: Hoare triple {52474#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L290 TraceCheckUtils]: 93: Hoare triple {52474#false} ~chuck___0 := #in~chuck___0; {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L272 TraceCheckUtils]: 94: Hoare triple {52474#false} call setClientId(~chuck___0, ~chuck___0); {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L290 TraceCheckUtils]: 95: Hoare triple {52474#false} ~handle := #in~handle;~value := #in~value; {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L290 TraceCheckUtils]: 96: Hoare triple {52474#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L290 TraceCheckUtils]: 97: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {52474#false} {52474#false} #1648#return; {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L290 TraceCheckUtils]: 99: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,378 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {52474#false} {52474#false} #1782#return; {52474#false} is VALID [2022-02-20 17:59:42,379 INFO L272 TraceCheckUtils]: 101: Hoare triple {52474#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {52474#false} is VALID [2022-02-20 17:59:42,379 INFO L290 TraceCheckUtils]: 102: Hoare triple {52474#false} ~handle := #in~handle;~value := #in~value; {52474#false} is VALID [2022-02-20 17:59:42,379 INFO L290 TraceCheckUtils]: 103: Hoare triple {52474#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {52474#false} is VALID [2022-02-20 17:59:42,379 INFO L290 TraceCheckUtils]: 104: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,379 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {52474#false} {52474#false} #1784#return; {52474#false} is VALID [2022-02-20 17:59:42,379 INFO L290 TraceCheckUtils]: 106: Hoare triple {52474#false} assume { :end_inline_setup_chuck__role__Keys } true; {52474#false} is VALID [2022-02-20 17:59:42,379 INFO L290 TraceCheckUtils]: 107: Hoare triple {52474#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {52474#false} is VALID [2022-02-20 17:59:42,379 INFO L290 TraceCheckUtils]: 108: Hoare triple {52474#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 109: Hoare triple {52474#false} assume !false; {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 110: Hoare triple {52474#false} assume test_~splverifierCounter~0#1 < 4; {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 111: Hoare triple {52474#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 112: Hoare triple {52474#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 113: Hoare triple {52474#false} assume !(0 != test_~tmp___9~0#1); {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 114: Hoare triple {52474#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 115: Hoare triple {52474#false} assume 0 != test_~tmp___8~0#1; {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 116: Hoare triple {52474#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {52474#false} is VALID [2022-02-20 17:59:42,380 INFO L290 TraceCheckUtils]: 117: Hoare triple {52474#false} test_~op2~0#1 := 1; {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L290 TraceCheckUtils]: 118: Hoare triple {52474#false} assume !false; {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L290 TraceCheckUtils]: 119: Hoare triple {52474#false} assume !(test_~splverifierCounter~0#1 < 4); {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L290 TraceCheckUtils]: 120: Hoare triple {52474#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L272 TraceCheckUtils]: 121: Hoare triple {52474#false} call sendEmail(~bob~0, ~rjh~0); {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L290 TraceCheckUtils]: 122: Hoare triple {52474#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L272 TraceCheckUtils]: 123: Hoare triple {52474#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L290 TraceCheckUtils]: 124: Hoare triple {52474#false} ~handle := #in~handle;~value := #in~value; {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L290 TraceCheckUtils]: 125: Hoare triple {52474#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {52474#false} is VALID [2022-02-20 17:59:42,381 INFO L290 TraceCheckUtils]: 126: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {52474#false} {52474#false} #1670#return; {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L272 TraceCheckUtils]: 128: Hoare triple {52474#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L290 TraceCheckUtils]: 129: Hoare triple {52474#false} ~handle := #in~handle;~value := #in~value; {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L290 TraceCheckUtils]: 130: Hoare triple {52474#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L290 TraceCheckUtils]: 131: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {52474#false} {52474#false} #1672#return; {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L290 TraceCheckUtils]: 133: Hoare triple {52474#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L290 TraceCheckUtils]: 134: Hoare triple {52474#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {52474#false} is VALID [2022-02-20 17:59:42,382 INFO L272 TraceCheckUtils]: 135: Hoare triple {52474#false} call outgoing(~sender#1, ~email~0#1); {52474#false} is VALID [2022-02-20 17:59:42,383 INFO L290 TraceCheckUtils]: 136: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {52474#false} is VALID [2022-02-20 17:59:42,383 INFO L290 TraceCheckUtils]: 137: Hoare triple {52474#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {52474#false} is VALID [2022-02-20 17:59:42,383 INFO L272 TraceCheckUtils]: 138: Hoare triple {52474#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {52474#false} is VALID [2022-02-20 17:59:42,383 INFO L290 TraceCheckUtils]: 139: Hoare triple {52474#false} ~handle := #in~handle;havoc ~retValue_acc~36; {52474#false} is VALID [2022-02-20 17:59:42,383 INFO L290 TraceCheckUtils]: 140: Hoare triple {52474#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {52474#false} is VALID [2022-02-20 17:59:42,383 INFO L290 TraceCheckUtils]: 141: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {52474#false} {52474#false} #1602#return; {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L290 TraceCheckUtils]: 143: Hoare triple {52474#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L290 TraceCheckUtils]: 144: Hoare triple {52474#false} assume 0 == sign_~privkey~1#1; {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L290 TraceCheckUtils]: 145: Hoare triple {52474#false} assume { :end_inline_sign } true; {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L272 TraceCheckUtils]: 146: Hoare triple {52474#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L290 TraceCheckUtils]: 147: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L290 TraceCheckUtils]: 148: Hoare triple {52474#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L272 TraceCheckUtils]: 149: Hoare triple {52474#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {52474#false} is VALID [2022-02-20 17:59:42,384 INFO L290 TraceCheckUtils]: 150: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L290 TraceCheckUtils]: 151: Hoare triple {52474#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L272 TraceCheckUtils]: 152: Hoare triple {52474#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L290 TraceCheckUtils]: 153: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L290 TraceCheckUtils]: 154: Hoare triple {52474#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L290 TraceCheckUtils]: 155: Hoare triple {52474#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L272 TraceCheckUtils]: 156: Hoare triple {52474#false} call setEmailFrom(~msg#1, ~tmp~10#1); {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L290 TraceCheckUtils]: 157: Hoare triple {52474#false} ~handle := #in~handle;~value := #in~value; {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L290 TraceCheckUtils]: 158: Hoare triple {52474#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {52474#false} is VALID [2022-02-20 17:59:42,385 INFO L290 TraceCheckUtils]: 159: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,386 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {52474#false} {52474#false} #1682#return; {52474#false} is VALID [2022-02-20 17:59:42,386 INFO L290 TraceCheckUtils]: 161: Hoare triple {52474#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {52474#false} is VALID [2022-02-20 17:59:42,386 INFO L272 TraceCheckUtils]: 162: Hoare triple {52474#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {52474#false} is VALID [2022-02-20 17:59:42,386 INFO L290 TraceCheckUtils]: 163: Hoare triple {52474#false} ~handle := #in~handle;havoc ~retValue_acc~24; {52474#false} is VALID [2022-02-20 17:59:42,386 INFO L290 TraceCheckUtils]: 164: Hoare triple {52474#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {52474#false} is VALID [2022-02-20 17:59:42,386 INFO L290 TraceCheckUtils]: 165: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,386 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {52474#false} {52474#false} #1684#return; {52474#false} is VALID [2022-02-20 17:59:42,386 INFO L290 TraceCheckUtils]: 167: Hoare triple {52474#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L290 TraceCheckUtils]: 168: Hoare triple {52474#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L272 TraceCheckUtils]: 169: Hoare triple {52474#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L290 TraceCheckUtils]: 170: Hoare triple {52474#false} ~handle := #in~handle;havoc ~retValue_acc~19; {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L290 TraceCheckUtils]: 171: Hoare triple {52474#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L290 TraceCheckUtils]: 172: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {52474#false} {52474#false} #1686#return; {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L290 TraceCheckUtils]: 174: Hoare triple {52474#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L290 TraceCheckUtils]: 175: Hoare triple {52474#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {52474#false} is VALID [2022-02-20 17:59:42,387 INFO L272 TraceCheckUtils]: 176: Hoare triple {52474#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {52474#false} is VALID [2022-02-20 17:59:42,388 INFO L290 TraceCheckUtils]: 177: Hoare triple {52474#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {52474#false} is VALID [2022-02-20 17:59:42,388 INFO L290 TraceCheckUtils]: 178: Hoare triple {52474#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {52474#false} is VALID [2022-02-20 17:59:42,388 INFO L290 TraceCheckUtils]: 179: Hoare triple {52474#false} assume 1 == ~sent_signed~0; {52474#false} is VALID [2022-02-20 17:59:42,388 INFO L272 TraceCheckUtils]: 180: Hoare triple {52474#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {52474#false} is VALID [2022-02-20 17:59:42,388 INFO L290 TraceCheckUtils]: 181: Hoare triple {52474#false} ~handle := #in~handle;havoc ~retValue_acc~18; {52474#false} is VALID [2022-02-20 17:59:42,388 INFO L290 TraceCheckUtils]: 182: Hoare triple {52474#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {52474#false} is VALID [2022-02-20 17:59:42,388 INFO L290 TraceCheckUtils]: 183: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,388 INFO L284 TraceCheckUtils]: 184: Hoare quadruple {52474#false} {52474#false} #1608#return; {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L290 TraceCheckUtils]: 185: Hoare triple {52474#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L272 TraceCheckUtils]: 186: Hoare triple {52474#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L290 TraceCheckUtils]: 187: Hoare triple {52474#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L290 TraceCheckUtils]: 188: Hoare triple {52474#false} assume 1 == ~handle; {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L290 TraceCheckUtils]: 189: Hoare triple {52474#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L290 TraceCheckUtils]: 190: Hoare triple {52474#false} assume true; {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L284 TraceCheckUtils]: 191: Hoare quadruple {52474#false} {52474#false} #1610#return; {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L290 TraceCheckUtils]: 192: Hoare triple {52474#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {52474#false} is VALID [2022-02-20 17:59:42,389 INFO L290 TraceCheckUtils]: 193: Hoare triple {52474#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {52474#false} is VALID [2022-02-20 17:59:42,390 INFO L272 TraceCheckUtils]: 194: Hoare triple {52474#false} call __automaton_fail(); {52474#false} is VALID [2022-02-20 17:59:42,390 INFO L290 TraceCheckUtils]: 195: Hoare triple {52474#false} assume !false; {52474#false} is VALID [2022-02-20 17:59:42,390 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 17:59:42,390 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:42,390 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [603824456] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:42,391 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:42,391 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [12] total 18 [2022-02-20 17:59:42,391 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [840555148] [2022-02-20 17:59:42,391 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:42,392 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 19.666666666666668) internal successors, (118), 8 states have internal predecessors, (118), 4 states have call successors, (32), 2 states have call predecessors, (32), 4 states have return successors, (25), 3 states have call predecessors, (25), 4 states have call successors, (25) Word has length 196 [2022-02-20 17:59:42,392 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:42,392 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 6 states have (on average 19.666666666666668) internal successors, (118), 8 states have internal predecessors, (118), 4 states have call successors, (32), 2 states have call predecessors, (32), 4 states have return successors, (25), 3 states have call predecessors, (25), 4 states have call successors, (25) [2022-02-20 17:59:42,514 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 175 edges. 175 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:42,514 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:59:42,514 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:42,514 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:59:42,515 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=267, Unknown=0, NotChecked=0, Total=306 [2022-02-20 17:59:42,515 INFO L87 Difference]: Start difference. First operand 2595 states and 3839 transitions. Second operand has 8 states, 6 states have (on average 19.666666666666668) internal successors, (118), 8 states have internal predecessors, (118), 4 states have call successors, (32), 2 states have call predecessors, (32), 4 states have return successors, (25), 3 states have call predecessors, (25), 4 states have call successors, (25) [2022-02-20 17:59:46,212 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:46,213 INFO L93 Difference]: Finished difference Result 5067 states and 7542 transitions. [2022-02-20 17:59:46,213 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 17:59:46,214 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 19.666666666666668) internal successors, (118), 8 states have internal predecessors, (118), 4 states have call successors, (32), 2 states have call predecessors, (32), 4 states have return successors, (25), 3 states have call predecessors, (25), 4 states have call successors, (25) Word has length 196 [2022-02-20 17:59:46,214 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:46,214 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 19.666666666666668) internal successors, (118), 8 states have internal predecessors, (118), 4 states have call successors, (32), 2 states have call predecessors, (32), 4 states have return successors, (25), 3 states have call predecessors, (25), 4 states have call successors, (25) [2022-02-20 17:59:46,226 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1663 transitions. [2022-02-20 17:59:46,226 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 19.666666666666668) internal successors, (118), 8 states have internal predecessors, (118), 4 states have call successors, (32), 2 states have call predecessors, (32), 4 states have return successors, (25), 3 states have call predecessors, (25), 4 states have call successors, (25) [2022-02-20 17:59:46,240 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1663 transitions. [2022-02-20 17:59:46,241 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 1663 transitions. [2022-02-20 17:59:47,272 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1663 edges. 1663 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:47,560 INFO L225 Difference]: With dead ends: 5067 [2022-02-20 17:59:47,560 INFO L226 Difference]: Without dead ends: 2603 [2022-02-20 17:59:47,564 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 254 GetRequests, 235 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=51, Invalid=369, Unknown=0, NotChecked=0, Total=420 [2022-02-20 17:59:47,564 INFO L933 BasicCegarLoop]: 851 mSDtfsCounter, 363 mSDsluCounter, 4697 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 44 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 365 SdHoareTripleChecker+Valid, 5548 SdHoareTripleChecker+Invalid, 119 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 44 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:47,565 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [365 Valid, 5548 Invalid, 119 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [44 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 17:59:47,567 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2603 states. [2022-02-20 17:59:47,978 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2603 to 2603. [2022-02-20 17:59:47,978 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:47,982 INFO L82 GeneralOperation]: Start isEquivalent. First operand 2603 states. Second operand has 2603 states, 2009 states have (on average 1.4708810353409656) internal successors, (2955), 2038 states have internal predecessors, (2955), 420 states have call successors, (420), 170 states have call predecessors, (420), 173 states have return successors, (476), 414 states have call predecessors, (476), 414 states have call successors, (476) [2022-02-20 17:59:47,984 INFO L74 IsIncluded]: Start isIncluded. First operand 2603 states. Second operand has 2603 states, 2009 states have (on average 1.4708810353409656) internal successors, (2955), 2038 states have internal predecessors, (2955), 420 states have call successors, (420), 170 states have call predecessors, (420), 173 states have return successors, (476), 414 states have call predecessors, (476), 414 states have call successors, (476) [2022-02-20 17:59:47,986 INFO L87 Difference]: Start difference. First operand 2603 states. Second operand has 2603 states, 2009 states have (on average 1.4708810353409656) internal successors, (2955), 2038 states have internal predecessors, (2955), 420 states have call successors, (420), 170 states have call predecessors, (420), 173 states have return successors, (476), 414 states have call predecessors, (476), 414 states have call successors, (476) [2022-02-20 17:59:48,170 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:48,171 INFO L93 Difference]: Finished difference Result 2603 states and 3851 transitions. [2022-02-20 17:59:48,171 INFO L276 IsEmpty]: Start isEmpty. Operand 2603 states and 3851 transitions. [2022-02-20 17:59:48,175 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:48,176 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:48,212 INFO L74 IsIncluded]: Start isIncluded. First operand has 2603 states, 2009 states have (on average 1.4708810353409656) internal successors, (2955), 2038 states have internal predecessors, (2955), 420 states have call successors, (420), 170 states have call predecessors, (420), 173 states have return successors, (476), 414 states have call predecessors, (476), 414 states have call successors, (476) Second operand 2603 states. [2022-02-20 17:59:48,215 INFO L87 Difference]: Start difference. First operand has 2603 states, 2009 states have (on average 1.4708810353409656) internal successors, (2955), 2038 states have internal predecessors, (2955), 420 states have call successors, (420), 170 states have call predecessors, (420), 173 states have return successors, (476), 414 states have call predecessors, (476), 414 states have call successors, (476) Second operand 2603 states. [2022-02-20 17:59:48,400 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:48,400 INFO L93 Difference]: Finished difference Result 2603 states and 3851 transitions. [2022-02-20 17:59:48,400 INFO L276 IsEmpty]: Start isEmpty. Operand 2603 states and 3851 transitions. [2022-02-20 17:59:48,405 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:48,405 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:48,405 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:48,405 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:48,409 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2603 states, 2009 states have (on average 1.4708810353409656) internal successors, (2955), 2038 states have internal predecessors, (2955), 420 states have call successors, (420), 170 states have call predecessors, (420), 173 states have return successors, (476), 414 states have call predecessors, (476), 414 states have call successors, (476) [2022-02-20 17:59:48,677 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2603 states to 2603 states and 3851 transitions. [2022-02-20 17:59:48,678 INFO L78 Accepts]: Start accepts. Automaton has 2603 states and 3851 transitions. Word has length 196 [2022-02-20 17:59:48,678 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:48,678 INFO L470 AbstractCegarLoop]: Abstraction has 2603 states and 3851 transitions. [2022-02-20 17:59:48,678 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 19.666666666666668) internal successors, (118), 8 states have internal predecessors, (118), 4 states have call successors, (32), 2 states have call predecessors, (32), 4 states have return successors, (25), 3 states have call predecessors, (25), 4 states have call successors, (25) [2022-02-20 17:59:48,679 INFO L276 IsEmpty]: Start isEmpty. Operand 2603 states and 3851 transitions. [2022-02-20 17:59:48,683 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 198 [2022-02-20 17:59:48,683 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:48,684 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:48,704 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:48,902 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-02-20 17:59:48,903 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:48,903 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:48,903 INFO L85 PathProgramCache]: Analyzing trace with hash -2122072, now seen corresponding path program 1 times [2022-02-20 17:59:48,903 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:48,903 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2005948397] [2022-02-20 17:59:48,903 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:48,903 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:48,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,961 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 17:59:48,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:48,965 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:48,965 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {68922#true} {68922#true} #1754#return; {68922#true} is VALID [2022-02-20 17:59:48,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 17:59:48,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:48,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:48,968 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {68922#true} {68922#true} #1756#return; {68922#true} is VALID [2022-02-20 17:59:48,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 17:59:48,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:48,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:48,971 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {68922#true} {68922#true} #1758#return; {68922#true} is VALID [2022-02-20 17:59:48,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:48,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,974 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:48,974 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:48,974 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {68922#true} {68922#true} #1760#return; {68922#true} is VALID [2022-02-20 17:59:48,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 17:59:48,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,984 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:48,984 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:48,984 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {68922#true} {68922#true} #1762#return; {68922#true} is VALID [2022-02-20 17:59:48,984 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 17:59:48,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:48,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:48,987 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {68922#true} {68922#true} #1764#return; {68922#true} is VALID [2022-02-20 17:59:48,988 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 17:59:48,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:48,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:48,991 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {68922#true} {68922#true} #1766#return; {68922#true} is VALID [2022-02-20 17:59:48,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:48,992 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:48,993 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:48,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:48,994 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {68922#true} {68922#true} #1768#return; {68922#true} is VALID [2022-02-20 17:59:48,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:48,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:49,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,002 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68922#true} #1752#return; {68922#true} is VALID [2022-02-20 17:59:49,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {68922#true} is VALID [2022-02-20 17:59:49,003 INFO L272 TraceCheckUtils]: 1: Hoare triple {68922#true} call setClientId(~bob___0, ~bob___0); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,003 INFO L290 TraceCheckUtils]: 2: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,003 INFO L290 TraceCheckUtils]: 3: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,003 INFO L290 TraceCheckUtils]: 4: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,004 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {68922#true} {68922#true} #1752#return; {68922#true} is VALID [2022-02-20 17:59:49,004 INFO L290 TraceCheckUtils]: 6: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,004 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {68922#true} {68922#true} #1770#return; {68922#true} is VALID [2022-02-20 17:59:49,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:49,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,011 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68922#true} #1772#return; {68922#true} is VALID [2022-02-20 17:59:49,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:49,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:49,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {69032#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {69032#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {69032#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {69032#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {69033#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,044 INFO L290 TraceCheckUtils]: 3: Hoare triple {69033#(= 2 |setClientId_#in~handle|)} assume true; {69033#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,044 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {69033#(= 2 |setClientId_#in~handle|)} {69025#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:49,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {69025#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:49,045 INFO L272 TraceCheckUtils]: 1: Hoare triple {69025#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {69032#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,046 INFO L290 TraceCheckUtils]: 3: Hoare triple {69032#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {69032#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,046 INFO L290 TraceCheckUtils]: 4: Hoare triple {69032#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {69033#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,046 INFO L290 TraceCheckUtils]: 5: Hoare triple {69033#(= 2 |setClientId_#in~handle|)} assume true; {69033#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,047 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {69033#(= 2 |setClientId_#in~handle|)} {69025#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:49,047 INFO L290 TraceCheckUtils]: 7: Hoare triple {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:49,047 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {68922#true} #1776#return; {68969#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:49,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:59:49,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,064 INFO L290 TraceCheckUtils]: 0: Hoare triple {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {69034#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:49,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {69034#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {69035#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:49,065 INFO L290 TraceCheckUtils]: 2: Hoare triple {69035#(= |setClientPrivateKey_#in~handle| 1)} assume true; {69035#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:49,066 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {69035#(= |setClientPrivateKey_#in~handle| 1)} {68969#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1778#return; {68923#false} is VALID [2022-02-20 17:59:49,066 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:59:49,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,069 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 17:59:49,070 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,072 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,072 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,072 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68922#true} #1648#return; {68922#true} is VALID [2022-02-20 17:59:49,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {68922#true} is VALID [2022-02-20 17:59:49,073 INFO L272 TraceCheckUtils]: 1: Hoare triple {68922#true} call setClientId(~chuck___0, ~chuck___0); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,073 INFO L290 TraceCheckUtils]: 3: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,073 INFO L290 TraceCheckUtils]: 4: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,073 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {68922#true} {68922#true} #1648#return; {68922#true} is VALID [2022-02-20 17:59:49,073 INFO L290 TraceCheckUtils]: 6: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,073 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {68922#true} {68923#false} #1782#return; {68923#false} is VALID [2022-02-20 17:59:49,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:59:49,076 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,078 INFO L290 TraceCheckUtils]: 0: Hoare triple {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,078 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,078 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68923#false} #1784#return; {68923#false} is VALID [2022-02-20 17:59:49,090 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:59:49,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,092 INFO L290 TraceCheckUtils]: 0: Hoare triple {69040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,093 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68923#false} #1670#return; {68923#false} is VALID [2022-02-20 17:59:49,102 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:59:49,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,104 INFO L290 TraceCheckUtils]: 0: Hoare triple {69041#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,104 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,104 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,104 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68923#false} #1672#return; {68923#false} is VALID [2022-02-20 17:59:49,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2022-02-20 17:59:49,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} ~handle := #in~handle;havoc ~retValue_acc~36; {68922#true} is VALID [2022-02-20 17:59:49,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {68922#true} is VALID [2022-02-20 17:59:49,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,107 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68923#false} #1602#return; {68923#false} is VALID [2022-02-20 17:59:49,107 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 17:59:49,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {69040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,109 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,109 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68923#false} #1682#return; {68923#false} is VALID [2022-02-20 17:59:49,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 17:59:49,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,111 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} ~handle := #in~handle;havoc ~retValue_acc~24; {68922#true} is VALID [2022-02-20 17:59:49,111 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {68922#true} is VALID [2022-02-20 17:59:49,111 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,111 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68923#false} #1684#return; {68923#false} is VALID [2022-02-20 17:59:49,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 170 [2022-02-20 17:59:49,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} ~handle := #in~handle;havoc ~retValue_acc~19; {68922#true} is VALID [2022-02-20 17:59:49,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {68922#true} is VALID [2022-02-20 17:59:49,113 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,113 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68923#false} #1686#return; {68923#false} is VALID [2022-02-20 17:59:49,114 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 181 [2022-02-20 17:59:49,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,115 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} ~handle := #in~handle;havoc ~retValue_acc~18; {68922#true} is VALID [2022-02-20 17:59:49,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {68922#true} is VALID [2022-02-20 17:59:49,115 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,116 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {68922#true} {68923#false} #1608#return; {68923#false} is VALID [2022-02-20 17:59:49,116 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 187 [2022-02-20 17:59:49,116 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,118 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {68922#true} is VALID [2022-02-20 17:59:49,118 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume 1 == ~handle; {68922#true} is VALID [2022-02-20 17:59:49,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {68922#true} is VALID [2022-02-20 17:59:49,118 INFO L290 TraceCheckUtils]: 3: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,118 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {68922#true} {68923#false} #1610#return; {68923#false} is VALID [2022-02-20 17:59:49,118 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {68922#true} is VALID [2022-02-20 17:59:49,118 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {68922#true} is VALID [2022-02-20 17:59:49,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L272 TraceCheckUtils]: 3: Hoare triple {68922#true} call select_features_#t~ret27#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L290 TraceCheckUtils]: 4: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L290 TraceCheckUtils]: 5: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {68922#true} {68922#true} #1754#return; {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L290 TraceCheckUtils]: 7: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L272 TraceCheckUtils]: 8: Hoare triple {68922#true} call select_features_#t~ret28#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L290 TraceCheckUtils]: 9: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L290 TraceCheckUtils]: 10: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,119 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {68922#true} {68922#true} #1756#return; {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L290 TraceCheckUtils]: 12: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L272 TraceCheckUtils]: 13: Hoare triple {68922#true} call select_features_#t~ret29#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L290 TraceCheckUtils]: 14: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L290 TraceCheckUtils]: 15: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {68922#true} {68922#true} #1758#return; {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L290 TraceCheckUtils]: 17: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L272 TraceCheckUtils]: 18: Hoare triple {68922#true} call select_features_#t~ret30#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L290 TraceCheckUtils]: 19: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,120 INFO L290 TraceCheckUtils]: 20: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {68922#true} {68922#true} #1760#return; {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L290 TraceCheckUtils]: 22: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L272 TraceCheckUtils]: 23: Hoare triple {68922#true} call select_features_#t~ret31#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L290 TraceCheckUtils]: 24: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L290 TraceCheckUtils]: 25: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {68922#true} {68922#true} #1762#return; {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L290 TraceCheckUtils]: 27: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L272 TraceCheckUtils]: 28: Hoare triple {68922#true} call select_features_#t~ret32#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,121 INFO L290 TraceCheckUtils]: 29: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L290 TraceCheckUtils]: 30: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {68922#true} {68922#true} #1764#return; {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L290 TraceCheckUtils]: 32: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L272 TraceCheckUtils]: 33: Hoare triple {68922#true} call select_features_#t~ret33#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L290 TraceCheckUtils]: 34: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L290 TraceCheckUtils]: 35: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {68922#true} {68922#true} #1766#return; {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L290 TraceCheckUtils]: 37: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {68922#true} is VALID [2022-02-20 17:59:49,122 INFO L272 TraceCheckUtils]: 38: Hoare triple {68922#true} call select_features_#t~ret34#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L290 TraceCheckUtils]: 39: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L290 TraceCheckUtils]: 40: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {68922#true} {68922#true} #1768#return; {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L290 TraceCheckUtils]: 42: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L290 TraceCheckUtils]: 43: Hoare triple {68922#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L290 TraceCheckUtils]: 44: Hoare triple {68922#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L290 TraceCheckUtils]: 45: Hoare triple {68922#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L290 TraceCheckUtils]: 46: Hoare triple {68922#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {68922#true} is VALID [2022-02-20 17:59:49,123 INFO L290 TraceCheckUtils]: 47: Hoare triple {68922#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 48: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 49: Hoare triple {68922#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 50: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 51: Hoare triple {68922#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 52: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 53: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 54: Hoare triple {68922#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 55: Hoare triple {68922#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {68922#true} is VALID [2022-02-20 17:59:49,124 INFO L290 TraceCheckUtils]: 56: Hoare triple {68922#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {68922#true} is VALID [2022-02-20 17:59:49,125 INFO L290 TraceCheckUtils]: 57: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {68922#true} is VALID [2022-02-20 17:59:49,125 INFO L272 TraceCheckUtils]: 58: Hoare triple {68922#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,125 INFO L290 TraceCheckUtils]: 59: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {68922#true} is VALID [2022-02-20 17:59:49,126 INFO L272 TraceCheckUtils]: 60: Hoare triple {68922#true} call setClientId(~bob___0, ~bob___0); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,126 INFO L290 TraceCheckUtils]: 61: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,126 INFO L290 TraceCheckUtils]: 62: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,126 INFO L290 TraceCheckUtils]: 63: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,126 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {68922#true} {68922#true} #1752#return; {68922#true} is VALID [2022-02-20 17:59:49,126 INFO L290 TraceCheckUtils]: 65: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,126 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {68922#true} {68922#true} #1770#return; {68922#true} is VALID [2022-02-20 17:59:49,127 INFO L272 TraceCheckUtils]: 67: Hoare triple {68922#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:49,127 INFO L290 TraceCheckUtils]: 68: Hoare triple {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,127 INFO L290 TraceCheckUtils]: 69: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,127 INFO L290 TraceCheckUtils]: 70: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,127 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {68922#true} {68922#true} #1772#return; {68922#true} is VALID [2022-02-20 17:59:49,127 INFO L290 TraceCheckUtils]: 72: Hoare triple {68922#true} assume { :end_inline_setup_bob__role__Keys } true; {68922#true} is VALID [2022-02-20 17:59:49,128 INFO L290 TraceCheckUtils]: 73: Hoare triple {68922#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {68922#true} is VALID [2022-02-20 17:59:49,128 INFO L290 TraceCheckUtils]: 74: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {68922#true} is VALID [2022-02-20 17:59:49,128 INFO L272 TraceCheckUtils]: 75: Hoare triple {68922#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,129 INFO L290 TraceCheckUtils]: 76: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {69025#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:49,129 INFO L272 TraceCheckUtils]: 77: Hoare triple {69025#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,129 INFO L290 TraceCheckUtils]: 78: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {69032#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,130 INFO L290 TraceCheckUtils]: 79: Hoare triple {69032#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {69032#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,130 INFO L290 TraceCheckUtils]: 80: Hoare triple {69032#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {69033#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,130 INFO L290 TraceCheckUtils]: 81: Hoare triple {69033#(= 2 |setClientId_#in~handle|)} assume true; {69033#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:49,131 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {69033#(= 2 |setClientId_#in~handle|)} {69025#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1704#return; {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:49,131 INFO L290 TraceCheckUtils]: 83: Hoare triple {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 17:59:49,131 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {69031#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {68922#true} #1776#return; {68969#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 17:59:49,132 INFO L272 TraceCheckUtils]: 85: Hoare triple {68969#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:49,132 INFO L290 TraceCheckUtils]: 86: Hoare triple {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {69034#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:49,133 INFO L290 TraceCheckUtils]: 87: Hoare triple {69034#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {69035#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:49,133 INFO L290 TraceCheckUtils]: 88: Hoare triple {69035#(= |setClientPrivateKey_#in~handle| 1)} assume true; {69035#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:49,133 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {69035#(= |setClientPrivateKey_#in~handle| 1)} {68969#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1778#return; {68923#false} is VALID [2022-02-20 17:59:49,133 INFO L290 TraceCheckUtils]: 90: Hoare triple {68923#false} assume { :end_inline_setup_rjh__role__Keys } true; {68923#false} is VALID [2022-02-20 17:59:49,134 INFO L290 TraceCheckUtils]: 91: Hoare triple {68923#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {68923#false} is VALID [2022-02-20 17:59:49,134 INFO L290 TraceCheckUtils]: 92: Hoare triple {68923#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {68923#false} is VALID [2022-02-20 17:59:49,134 INFO L272 TraceCheckUtils]: 93: Hoare triple {68923#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,134 INFO L290 TraceCheckUtils]: 94: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {68922#true} is VALID [2022-02-20 17:59:49,134 INFO L272 TraceCheckUtils]: 95: Hoare triple {68922#true} call setClientId(~chuck___0, ~chuck___0); {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:49,135 INFO L290 TraceCheckUtils]: 96: Hoare triple {69019#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,135 INFO L290 TraceCheckUtils]: 97: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,135 INFO L290 TraceCheckUtils]: 98: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,135 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {68922#true} {68922#true} #1648#return; {68922#true} is VALID [2022-02-20 17:59:49,135 INFO L290 TraceCheckUtils]: 100: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,135 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {68922#true} {68923#false} #1782#return; {68923#false} is VALID [2022-02-20 17:59:49,135 INFO L272 TraceCheckUtils]: 102: Hoare triple {68923#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:49,135 INFO L290 TraceCheckUtils]: 103: Hoare triple {69024#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,135 INFO L290 TraceCheckUtils]: 104: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,136 INFO L290 TraceCheckUtils]: 105: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,136 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {68922#true} {68923#false} #1784#return; {68923#false} is VALID [2022-02-20 17:59:49,136 INFO L290 TraceCheckUtils]: 107: Hoare triple {68923#false} assume { :end_inline_setup_chuck__role__Keys } true; {68923#false} is VALID [2022-02-20 17:59:49,136 INFO L290 TraceCheckUtils]: 108: Hoare triple {68923#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {68923#false} is VALID [2022-02-20 17:59:49,136 INFO L290 TraceCheckUtils]: 109: Hoare triple {68923#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {68923#false} is VALID [2022-02-20 17:59:49,136 INFO L290 TraceCheckUtils]: 110: Hoare triple {68923#false} assume !false; {68923#false} is VALID [2022-02-20 17:59:49,136 INFO L290 TraceCheckUtils]: 111: Hoare triple {68923#false} assume test_~splverifierCounter~0#1 < 4; {68923#false} is VALID [2022-02-20 17:59:49,136 INFO L290 TraceCheckUtils]: 112: Hoare triple {68923#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {68923#false} is VALID [2022-02-20 17:59:49,136 INFO L290 TraceCheckUtils]: 113: Hoare triple {68923#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L290 TraceCheckUtils]: 114: Hoare triple {68923#false} assume !(0 != test_~tmp___9~0#1); {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L290 TraceCheckUtils]: 115: Hoare triple {68923#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L290 TraceCheckUtils]: 116: Hoare triple {68923#false} assume 0 != test_~tmp___8~0#1; {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L290 TraceCheckUtils]: 117: Hoare triple {68923#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L290 TraceCheckUtils]: 118: Hoare triple {68923#false} test_~op2~0#1 := 1; {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L290 TraceCheckUtils]: 119: Hoare triple {68923#false} assume !false; {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L290 TraceCheckUtils]: 120: Hoare triple {68923#false} assume !(test_~splverifierCounter~0#1 < 4); {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L290 TraceCheckUtils]: 121: Hoare triple {68923#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {68923#false} is VALID [2022-02-20 17:59:49,137 INFO L272 TraceCheckUtils]: 122: Hoare triple {68923#false} call sendEmail(~bob~0, ~rjh~0); {68923#false} is VALID [2022-02-20 17:59:49,138 INFO L290 TraceCheckUtils]: 123: Hoare triple {68923#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {68923#false} is VALID [2022-02-20 17:59:49,138 INFO L272 TraceCheckUtils]: 124: Hoare triple {68923#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {69040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:49,138 INFO L290 TraceCheckUtils]: 125: Hoare triple {69040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,138 INFO L290 TraceCheckUtils]: 126: Hoare triple {68922#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,138 INFO L290 TraceCheckUtils]: 127: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,138 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {68922#true} {68923#false} #1670#return; {68923#false} is VALID [2022-02-20 17:59:49,138 INFO L272 TraceCheckUtils]: 129: Hoare triple {68923#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {69041#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:49,138 INFO L290 TraceCheckUtils]: 130: Hoare triple {69041#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,138 INFO L290 TraceCheckUtils]: 131: Hoare triple {68922#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,139 INFO L290 TraceCheckUtils]: 132: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,139 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {68922#true} {68923#false} #1672#return; {68923#false} is VALID [2022-02-20 17:59:49,139 INFO L290 TraceCheckUtils]: 134: Hoare triple {68923#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {68923#false} is VALID [2022-02-20 17:59:49,139 INFO L290 TraceCheckUtils]: 135: Hoare triple {68923#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {68923#false} is VALID [2022-02-20 17:59:49,139 INFO L272 TraceCheckUtils]: 136: Hoare triple {68923#false} call outgoing(~sender#1, ~email~0#1); {68923#false} is VALID [2022-02-20 17:59:49,140 INFO L290 TraceCheckUtils]: 137: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,140 INFO L290 TraceCheckUtils]: 138: Hoare triple {68923#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {68923#false} is VALID [2022-02-20 17:59:49,140 INFO L272 TraceCheckUtils]: 139: Hoare triple {68923#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {68922#true} is VALID [2022-02-20 17:59:49,140 INFO L290 TraceCheckUtils]: 140: Hoare triple {68922#true} ~handle := #in~handle;havoc ~retValue_acc~36; {68922#true} is VALID [2022-02-20 17:59:49,140 INFO L290 TraceCheckUtils]: 141: Hoare triple {68922#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {68922#true} is VALID [2022-02-20 17:59:49,140 INFO L290 TraceCheckUtils]: 142: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,140 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {68922#true} {68923#false} #1602#return; {68923#false} is VALID [2022-02-20 17:59:49,140 INFO L290 TraceCheckUtils]: 144: Hoare triple {68923#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L290 TraceCheckUtils]: 145: Hoare triple {68923#false} assume 0 == sign_~privkey~1#1; {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L290 TraceCheckUtils]: 146: Hoare triple {68923#false} assume { :end_inline_sign } true; {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L272 TraceCheckUtils]: 147: Hoare triple {68923#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L290 TraceCheckUtils]: 148: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L290 TraceCheckUtils]: 149: Hoare triple {68923#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L272 TraceCheckUtils]: 150: Hoare triple {68923#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L290 TraceCheckUtils]: 151: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L290 TraceCheckUtils]: 152: Hoare triple {68923#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L272 TraceCheckUtils]: 153: Hoare triple {68923#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,141 INFO L290 TraceCheckUtils]: 154: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {68923#false} is VALID [2022-02-20 17:59:49,142 INFO L290 TraceCheckUtils]: 155: Hoare triple {68923#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {68923#false} is VALID [2022-02-20 17:59:49,142 INFO L290 TraceCheckUtils]: 156: Hoare triple {68923#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {68923#false} is VALID [2022-02-20 17:59:49,142 INFO L272 TraceCheckUtils]: 157: Hoare triple {68923#false} call setEmailFrom(~msg#1, ~tmp~10#1); {69040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:49,142 INFO L290 TraceCheckUtils]: 158: Hoare triple {69040#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,142 INFO L290 TraceCheckUtils]: 159: Hoare triple {68922#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,142 INFO L290 TraceCheckUtils]: 160: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,142 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {68922#true} {68923#false} #1682#return; {68923#false} is VALID [2022-02-20 17:59:49,142 INFO L290 TraceCheckUtils]: 162: Hoare triple {68923#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {68923#false} is VALID [2022-02-20 17:59:49,143 INFO L272 TraceCheckUtils]: 163: Hoare triple {68923#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {68922#true} is VALID [2022-02-20 17:59:49,143 INFO L290 TraceCheckUtils]: 164: Hoare triple {68922#true} ~handle := #in~handle;havoc ~retValue_acc~24; {68922#true} is VALID [2022-02-20 17:59:49,143 INFO L290 TraceCheckUtils]: 165: Hoare triple {68922#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {68922#true} is VALID [2022-02-20 17:59:49,143 INFO L290 TraceCheckUtils]: 166: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,143 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {68922#true} {68923#false} #1684#return; {68923#false} is VALID [2022-02-20 17:59:49,143 INFO L290 TraceCheckUtils]: 168: Hoare triple {68923#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {68923#false} is VALID [2022-02-20 17:59:49,143 INFO L290 TraceCheckUtils]: 169: Hoare triple {68923#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {68923#false} is VALID [2022-02-20 17:59:49,143 INFO L272 TraceCheckUtils]: 170: Hoare triple {68923#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {68922#true} is VALID [2022-02-20 17:59:49,143 INFO L290 TraceCheckUtils]: 171: Hoare triple {68922#true} ~handle := #in~handle;havoc ~retValue_acc~19; {68922#true} is VALID [2022-02-20 17:59:49,144 INFO L290 TraceCheckUtils]: 172: Hoare triple {68922#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {68922#true} is VALID [2022-02-20 17:59:49,144 INFO L290 TraceCheckUtils]: 173: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,144 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {68922#true} {68923#false} #1686#return; {68923#false} is VALID [2022-02-20 17:59:49,144 INFO L290 TraceCheckUtils]: 175: Hoare triple {68923#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,144 INFO L290 TraceCheckUtils]: 176: Hoare triple {68923#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {68923#false} is VALID [2022-02-20 17:59:49,144 INFO L272 TraceCheckUtils]: 177: Hoare triple {68923#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,144 INFO L290 TraceCheckUtils]: 178: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,144 INFO L290 TraceCheckUtils]: 179: Hoare triple {68923#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {68923#false} is VALID [2022-02-20 17:59:49,145 INFO L290 TraceCheckUtils]: 180: Hoare triple {68923#false} assume 1 == ~sent_signed~0; {68923#false} is VALID [2022-02-20 17:59:49,145 INFO L272 TraceCheckUtils]: 181: Hoare triple {68923#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {68922#true} is VALID [2022-02-20 17:59:49,145 INFO L290 TraceCheckUtils]: 182: Hoare triple {68922#true} ~handle := #in~handle;havoc ~retValue_acc~18; {68922#true} is VALID [2022-02-20 17:59:49,145 INFO L290 TraceCheckUtils]: 183: Hoare triple {68922#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {68922#true} is VALID [2022-02-20 17:59:49,145 INFO L290 TraceCheckUtils]: 184: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,145 INFO L284 TraceCheckUtils]: 185: Hoare quadruple {68922#true} {68923#false} #1608#return; {68923#false} is VALID [2022-02-20 17:59:49,145 INFO L290 TraceCheckUtils]: 186: Hoare triple {68923#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {68923#false} is VALID [2022-02-20 17:59:49,145 INFO L272 TraceCheckUtils]: 187: Hoare triple {68923#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {68922#true} is VALID [2022-02-20 17:59:49,145 INFO L290 TraceCheckUtils]: 188: Hoare triple {68922#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {68922#true} is VALID [2022-02-20 17:59:49,145 INFO L290 TraceCheckUtils]: 189: Hoare triple {68922#true} assume 1 == ~handle; {68922#true} is VALID [2022-02-20 17:59:49,146 INFO L290 TraceCheckUtils]: 190: Hoare triple {68922#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {68922#true} is VALID [2022-02-20 17:59:49,146 INFO L290 TraceCheckUtils]: 191: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,146 INFO L284 TraceCheckUtils]: 192: Hoare quadruple {68922#true} {68923#false} #1610#return; {68923#false} is VALID [2022-02-20 17:59:49,146 INFO L290 TraceCheckUtils]: 193: Hoare triple {68923#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {68923#false} is VALID [2022-02-20 17:59:49,146 INFO L290 TraceCheckUtils]: 194: Hoare triple {68923#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {68923#false} is VALID [2022-02-20 17:59:49,146 INFO L272 TraceCheckUtils]: 195: Hoare triple {68923#false} call __automaton_fail(); {68923#false} is VALID [2022-02-20 17:59:49,146 INFO L290 TraceCheckUtils]: 196: Hoare triple {68923#false} assume !false; {68923#false} is VALID [2022-02-20 17:59:49,147 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 102 trivial. 0 not checked. [2022-02-20 17:59:49,147 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:49,147 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2005948397] [2022-02-20 17:59:49,147 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2005948397] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:49,147 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [501085581] [2022-02-20 17:59:49,147 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:49,147 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:49,148 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:49,149 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:49,150 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 17:59:49,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,428 INFO L263 TraceCheckSpWp]: Trace formula consists of 1609 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:59:49,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:49,488 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:49,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {68922#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(4, 13);call write~init~int(37, 13, 0, 1);call write~init~int(115, 13, 1, 1);call write~init~int(10, 13, 2, 1);call write~init~int(0, 13, 3, 1);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(21, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(25, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(34, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(20, 30);call #Ultimate.allocInit(22, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(15, 43);call #Ultimate.allocInit(16, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~sent_signed~0 := -1; {68922#true} is VALID [2022-02-20 17:59:49,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {68922#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret111#1, main_~retValue_acc~44#1, main_~tmp~25#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~25#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {68922#true} is VALID [2022-02-20 17:59:49,946 INFO L290 TraceCheckUtils]: 2: Hoare triple {68922#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret27#1, select_features_#t~ret28#1, select_features_#t~ret29#1, select_features_#t~ret30#1, select_features_#t~ret31#1, select_features_#t~ret32#1, select_features_#t~ret33#1, select_features_#t~ret34#1; {68922#true} is VALID [2022-02-20 17:59:49,946 INFO L272 TraceCheckUtils]: 3: Hoare triple {68922#true} call select_features_#t~ret27#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,946 INFO L290 TraceCheckUtils]: 4: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,946 INFO L290 TraceCheckUtils]: 5: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,946 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {68922#true} {68922#true} #1754#return; {68922#true} is VALID [2022-02-20 17:59:49,946 INFO L290 TraceCheckUtils]: 7: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret27#1 && select_features_#t~ret27#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret27#1;havoc select_features_#t~ret27#1; {68922#true} is VALID [2022-02-20 17:59:49,946 INFO L272 TraceCheckUtils]: 8: Hoare triple {68922#true} call select_features_#t~ret28#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L290 TraceCheckUtils]: 9: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L290 TraceCheckUtils]: 10: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {68922#true} {68922#true} #1756#return; {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L290 TraceCheckUtils]: 12: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret28#1 && select_features_#t~ret28#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret28#1;havoc select_features_#t~ret28#1; {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L272 TraceCheckUtils]: 13: Hoare triple {68922#true} call select_features_#t~ret29#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L290 TraceCheckUtils]: 14: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L290 TraceCheckUtils]: 15: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {68922#true} {68922#true} #1758#return; {68922#true} is VALID [2022-02-20 17:59:49,947 INFO L290 TraceCheckUtils]: 17: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret29#1 && select_features_#t~ret29#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret29#1;havoc select_features_#t~ret29#1; {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L272 TraceCheckUtils]: 18: Hoare triple {68922#true} call select_features_#t~ret30#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L290 TraceCheckUtils]: 19: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L290 TraceCheckUtils]: 20: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {68922#true} {68922#true} #1760#return; {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L290 TraceCheckUtils]: 22: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret30#1 && select_features_#t~ret30#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret30#1;havoc select_features_#t~ret30#1; {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L272 TraceCheckUtils]: 23: Hoare triple {68922#true} call select_features_#t~ret31#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L290 TraceCheckUtils]: 24: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L290 TraceCheckUtils]: 25: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,948 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {68922#true} {68922#true} #1762#return; {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L290 TraceCheckUtils]: 27: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret31#1 && select_features_#t~ret31#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret31#1;havoc select_features_#t~ret31#1;~__SELECTED_FEATURE_Sign~0 := 1; {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L272 TraceCheckUtils]: 28: Hoare triple {68922#true} call select_features_#t~ret32#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L290 TraceCheckUtils]: 29: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L290 TraceCheckUtils]: 30: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {68922#true} {68922#true} #1764#return; {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L290 TraceCheckUtils]: 32: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret32#1 && select_features_#t~ret32#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret32#1;havoc select_features_#t~ret32#1; {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L272 TraceCheckUtils]: 33: Hoare triple {68922#true} call select_features_#t~ret33#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L290 TraceCheckUtils]: 34: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,949 INFO L290 TraceCheckUtils]: 35: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {68922#true} {68922#true} #1766#return; {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L290 TraceCheckUtils]: 37: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret33#1 && select_features_#t~ret33#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret33#1;havoc select_features_#t~ret33#1; {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L272 TraceCheckUtils]: 38: Hoare triple {68922#true} call select_features_#t~ret34#1 := select_one(); {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L290 TraceCheckUtils]: 39: Hoare triple {68922#true} havoc ~retValue_acc~5;assume -2147483648 <= #t~nondet26 && #t~nondet26 <= 2147483647;~choice~0 := #t~nondet26;havoc #t~nondet26;~retValue_acc~5 := ~choice~0;#res := ~retValue_acc~5; {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L290 TraceCheckUtils]: 40: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {68922#true} {68922#true} #1768#return; {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L290 TraceCheckUtils]: 42: Hoare triple {68922#true} assume -2147483648 <= select_features_#t~ret34#1 && select_features_#t~ret34#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret34#1;havoc select_features_#t~ret34#1; {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L290 TraceCheckUtils]: 43: Hoare triple {68922#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1, valid_product_~tmp~5#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~tmp~5#1; {68922#true} is VALID [2022-02-20 17:59:49,950 INFO L290 TraceCheckUtils]: 44: Hoare triple {68922#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 45: Hoare triple {68922#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 46: Hoare triple {68922#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 47: Hoare triple {68922#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 48: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 49: Hoare triple {68922#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 50: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 51: Hoare triple {68922#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 52: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {68922#true} is VALID [2022-02-20 17:59:49,951 INFO L290 TraceCheckUtils]: 53: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~5#1 := 1; {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L290 TraceCheckUtils]: 54: Hoare triple {68922#true} valid_product_~retValue_acc~6#1 := valid_product_~tmp~5#1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L290 TraceCheckUtils]: 55: Hoare triple {68922#true} main_#t~ret111#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret111#1 && main_#t~ret111#1 <= 2147483647;main_~tmp~25#1 := main_#t~ret111#1;havoc main_#t~ret111#1; {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L290 TraceCheckUtils]: 56: Hoare triple {68922#true} assume 0 != main_~tmp~25#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet108#1, setup_#t~nondet109#1, setup_#t~nondet110#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L290 TraceCheckUtils]: 57: Hoare triple {68922#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L272 TraceCheckUtils]: 58: Hoare triple {68922#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L290 TraceCheckUtils]: 59: Hoare triple {68922#true} ~bob___0 := #in~bob___0; {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L272 TraceCheckUtils]: 60: Hoare triple {68922#true} call setClientId(~bob___0, ~bob___0); {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L290 TraceCheckUtils]: 61: Hoare triple {68922#true} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,952 INFO L290 TraceCheckUtils]: 62: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,953 INFO L290 TraceCheckUtils]: 63: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,953 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {68922#true} {68922#true} #1752#return; {68922#true} is VALID [2022-02-20 17:59:49,953 INFO L290 TraceCheckUtils]: 65: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,953 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {68922#true} {68922#true} #1770#return; {68922#true} is VALID [2022-02-20 17:59:49,953 INFO L272 TraceCheckUtils]: 67: Hoare triple {68922#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {68922#true} is VALID [2022-02-20 17:59:49,953 INFO L290 TraceCheckUtils]: 68: Hoare triple {68922#true} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,953 INFO L290 TraceCheckUtils]: 69: Hoare triple {68922#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,953 INFO L290 TraceCheckUtils]: 70: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,954 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {68922#true} {68922#true} #1772#return; {68922#true} is VALID [2022-02-20 17:59:49,954 INFO L290 TraceCheckUtils]: 72: Hoare triple {68922#true} assume { :end_inline_setup_bob__role__Keys } true; {68922#true} is VALID [2022-02-20 17:59:49,954 INFO L290 TraceCheckUtils]: 73: Hoare triple {68922#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet108#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {69264#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:59:49,954 INFO L290 TraceCheckUtils]: 74: Hoare triple {69264#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {69268#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 17:59:49,955 INFO L272 TraceCheckUtils]: 75: Hoare triple {69268#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {68922#true} is VALID [2022-02-20 17:59:49,955 INFO L290 TraceCheckUtils]: 76: Hoare triple {68922#true} ~rjh___0 := #in~rjh___0; {68922#true} is VALID [2022-02-20 17:59:49,955 INFO L272 TraceCheckUtils]: 77: Hoare triple {68922#true} call setClientId(~rjh___0, ~rjh___0); {68922#true} is VALID [2022-02-20 17:59:49,955 INFO L290 TraceCheckUtils]: 78: Hoare triple {68922#true} ~handle := #in~handle;~value := #in~value; {68922#true} is VALID [2022-02-20 17:59:49,955 INFO L290 TraceCheckUtils]: 79: Hoare triple {68922#true} assume !(1 == ~handle); {68922#true} is VALID [2022-02-20 17:59:49,955 INFO L290 TraceCheckUtils]: 80: Hoare triple {68922#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {68922#true} is VALID [2022-02-20 17:59:49,955 INFO L290 TraceCheckUtils]: 81: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,955 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {68922#true} {68922#true} #1704#return; {68922#true} is VALID [2022-02-20 17:59:49,956 INFO L290 TraceCheckUtils]: 83: Hoare triple {68922#true} assume true; {68922#true} is VALID [2022-02-20 17:59:49,956 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {68922#true} {69268#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1776#return; {69268#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 17:59:49,956 INFO L272 TraceCheckUtils]: 85: Hoare triple {69268#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {68922#true} is VALID [2022-02-20 17:59:49,957 INFO L290 TraceCheckUtils]: 86: Hoare triple {68922#true} ~handle := #in~handle;~value := #in~value; {69305#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:59:49,957 INFO L290 TraceCheckUtils]: 87: Hoare triple {69305#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {69309#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:49,957 INFO L290 TraceCheckUtils]: 88: Hoare triple {69309#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {69309#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:49,958 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {69309#(<= |setClientPrivateKey_#in~handle| 1)} {69268#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1778#return; {68923#false} is VALID [2022-02-20 17:59:49,958 INFO L290 TraceCheckUtils]: 90: Hoare triple {68923#false} assume { :end_inline_setup_rjh__role__Keys } true; {68923#false} is VALID [2022-02-20 17:59:49,958 INFO L290 TraceCheckUtils]: 91: Hoare triple {68923#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet109#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {68923#false} is VALID [2022-02-20 17:59:49,958 INFO L290 TraceCheckUtils]: 92: Hoare triple {68923#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {68923#false} is VALID [2022-02-20 17:59:49,958 INFO L272 TraceCheckUtils]: 93: Hoare triple {68923#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {68923#false} is VALID [2022-02-20 17:59:49,958 INFO L290 TraceCheckUtils]: 94: Hoare triple {68923#false} ~chuck___0 := #in~chuck___0; {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L272 TraceCheckUtils]: 95: Hoare triple {68923#false} call setClientId(~chuck___0, ~chuck___0); {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L290 TraceCheckUtils]: 96: Hoare triple {68923#false} ~handle := #in~handle;~value := #in~value; {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L290 TraceCheckUtils]: 97: Hoare triple {68923#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L290 TraceCheckUtils]: 98: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {68923#false} {68923#false} #1648#return; {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L290 TraceCheckUtils]: 100: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {68923#false} {68923#false} #1782#return; {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L272 TraceCheckUtils]: 102: Hoare triple {68923#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {68923#false} is VALID [2022-02-20 17:59:49,959 INFO L290 TraceCheckUtils]: 103: Hoare triple {68923#false} ~handle := #in~handle;~value := #in~value; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L290 TraceCheckUtils]: 104: Hoare triple {68923#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L290 TraceCheckUtils]: 105: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {68923#false} {68923#false} #1784#return; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L290 TraceCheckUtils]: 107: Hoare triple {68923#false} assume { :end_inline_setup_chuck__role__Keys } true; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L290 TraceCheckUtils]: 108: Hoare triple {68923#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet110#1; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L290 TraceCheckUtils]: 109: Hoare triple {68923#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L290 TraceCheckUtils]: 110: Hoare triple {68923#false} assume !false; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L290 TraceCheckUtils]: 111: Hoare triple {68923#false} assume test_~splverifierCounter~0#1 < 4; {68923#false} is VALID [2022-02-20 17:59:49,960 INFO L290 TraceCheckUtils]: 112: Hoare triple {68923#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 113: Hoare triple {68923#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 114: Hoare triple {68923#false} assume !(0 != test_~tmp___9~0#1); {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 115: Hoare triple {68923#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 116: Hoare triple {68923#false} assume 0 != test_~tmp___8~0#1; {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 117: Hoare triple {68923#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 118: Hoare triple {68923#false} test_~op2~0#1 := 1; {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 119: Hoare triple {68923#false} assume !false; {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 120: Hoare triple {68923#false} assume !(test_~splverifierCounter~0#1 < 4); {68923#false} is VALID [2022-02-20 17:59:49,961 INFO L290 TraceCheckUtils]: 121: Hoare triple {68923#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret103#1, bobToRjh_#t~ret104#1, bobToRjh_#t~ret105#1, bobToRjh_#t~ret106#1, bobToRjh_~tmp~24#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~24#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret103#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret103#1 && bobToRjh_#t~ret103#1 <= 2147483647;havoc bobToRjh_#t~ret103#1; {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L272 TraceCheckUtils]: 122: Hoare triple {68923#false} call sendEmail(~bob~0, ~rjh~0); {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L290 TraceCheckUtils]: 123: Hoare triple {68923#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L272 TraceCheckUtils]: 124: Hoare triple {68923#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L290 TraceCheckUtils]: 125: Hoare triple {68923#false} ~handle := #in~handle;~value := #in~value; {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L290 TraceCheckUtils]: 126: Hoare triple {68923#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L290 TraceCheckUtils]: 127: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {68923#false} {68923#false} #1670#return; {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L272 TraceCheckUtils]: 129: Hoare triple {68923#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {68923#false} is VALID [2022-02-20 17:59:49,962 INFO L290 TraceCheckUtils]: 130: Hoare triple {68923#false} ~handle := #in~handle;~value := #in~value; {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L290 TraceCheckUtils]: 131: Hoare triple {68923#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L290 TraceCheckUtils]: 132: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {68923#false} {68923#false} #1672#return; {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L290 TraceCheckUtils]: 134: Hoare triple {68923#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L290 TraceCheckUtils]: 135: Hoare triple {68923#false} #t~ret78#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret78#1 && #t~ret78#1 <= 2147483647;~tmp~17#1 := #t~ret78#1;havoc #t~ret78#1;~email~0#1 := ~tmp~17#1; {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L272 TraceCheckUtils]: 136: Hoare triple {68923#false} call outgoing(~sender#1, ~email~0#1); {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L290 TraceCheckUtils]: 137: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L290 TraceCheckUtils]: 138: Hoare triple {68923#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret82#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~19#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~19#1; {68923#false} is VALID [2022-02-20 17:59:49,963 INFO L272 TraceCheckUtils]: 139: Hoare triple {68923#false} call sign_#t~ret82#1 := getClientPrivateKey(sign_~client#1); {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L290 TraceCheckUtils]: 140: Hoare triple {68923#false} ~handle := #in~handle;havoc ~retValue_acc~36; {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L290 TraceCheckUtils]: 141: Hoare triple {68923#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L290 TraceCheckUtils]: 142: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {68923#false} {68923#false} #1602#return; {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L290 TraceCheckUtils]: 144: Hoare triple {68923#false} assume -2147483648 <= sign_#t~ret82#1 && sign_#t~ret82#1 <= 2147483647;sign_~tmp~19#1 := sign_#t~ret82#1;havoc sign_#t~ret82#1;sign_~privkey~1#1 := sign_~tmp~19#1; {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L290 TraceCheckUtils]: 145: Hoare triple {68923#false} assume 0 == sign_~privkey~1#1; {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L290 TraceCheckUtils]: 146: Hoare triple {68923#false} assume { :end_inline_sign } true; {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L272 TraceCheckUtils]: 147: Hoare triple {68923#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,964 INFO L290 TraceCheckUtils]: 148: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L290 TraceCheckUtils]: 149: Hoare triple {68923#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L272 TraceCheckUtils]: 150: Hoare triple {68923#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L290 TraceCheckUtils]: 151: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L290 TraceCheckUtils]: 152: Hoare triple {68923#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L272 TraceCheckUtils]: 153: Hoare triple {68923#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L290 TraceCheckUtils]: 154: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L290 TraceCheckUtils]: 155: Hoare triple {68923#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L290 TraceCheckUtils]: 156: Hoare triple {68923#false} #t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret61#1 && #t~ret61#1 <= 2147483647;~tmp~10#1 := #t~ret61#1;havoc #t~ret61#1; {68923#false} is VALID [2022-02-20 17:59:49,965 INFO L272 TraceCheckUtils]: 157: Hoare triple {68923#false} call setEmailFrom(~msg#1, ~tmp~10#1); {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L290 TraceCheckUtils]: 158: Hoare triple {68923#false} ~handle := #in~handle;~value := #in~value; {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L290 TraceCheckUtils]: 159: Hoare triple {68923#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L290 TraceCheckUtils]: 160: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {68923#false} {68923#false} #1682#return; {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L290 TraceCheckUtils]: 162: Hoare triple {68923#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1, __utac_acc__SignVerify_spec__1_#t~ret124#1, __utac_acc__SignVerify_spec__1_#t~nondet125#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret123#1 && __utac_acc__SignVerify_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret123#1; {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L272 TraceCheckUtils]: 163: Hoare triple {68923#false} call __utac_acc__SignVerify_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L290 TraceCheckUtils]: 164: Hoare triple {68923#false} ~handle := #in~handle;havoc ~retValue_acc~24; {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L290 TraceCheckUtils]: 165: Hoare triple {68923#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~24; {68923#false} is VALID [2022-02-20 17:59:49,966 INFO L290 TraceCheckUtils]: 166: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {68923#false} {68923#false} #1684#return; {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L290 TraceCheckUtils]: 168: Hoare triple {68923#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret124#1 && __utac_acc__SignVerify_spec__1_#t~ret124#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret124#1;havoc __utac_acc__SignVerify_spec__1_#t~ret124#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet125#1; {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L290 TraceCheckUtils]: 169: Hoare triple {68923#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret59#1 := puts(26, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L272 TraceCheckUtils]: 170: Hoare triple {68923#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L290 TraceCheckUtils]: 171: Hoare triple {68923#false} ~handle := #in~handle;havoc ~retValue_acc~19; {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L290 TraceCheckUtils]: 172: Hoare triple {68923#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_email_to0~0;#res := ~retValue_acc~19; {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L290 TraceCheckUtils]: 173: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {68923#false} {68923#false} #1686#return; {68923#false} is VALID [2022-02-20 17:59:49,967 INFO L290 TraceCheckUtils]: 175: Hoare triple {68923#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,968 INFO L290 TraceCheckUtils]: 176: Hoare triple {68923#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {68923#false} is VALID [2022-02-20 17:59:49,968 INFO L272 TraceCheckUtils]: 177: Hoare triple {68923#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,968 INFO L290 TraceCheckUtils]: 178: Hoare triple {68923#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {68923#false} is VALID [2022-02-20 17:59:49,968 INFO L290 TraceCheckUtils]: 179: Hoare triple {68923#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret84#1, verify_#t~ret85#1, verify_#t~ret86#1, verify_#t~ret87#1, verify_#t~ret88#1, verify_#t~ret89#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~20#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~20#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1, __utac_acc__SignVerify_spec__2_#t~nondet127#1, __utac_acc__SignVerify_spec__2_#t~ret128#1, __utac_acc__SignVerify_spec__2_#t~ret129#1, __utac_acc__SignVerify_spec__2_#t~ret130#1, __utac_acc__SignVerify_spec__2_#t~ret131#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~27#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~27#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret126#1 := puts(43, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret126#1 && __utac_acc__SignVerify_spec__2_#t~ret126#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret126#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 44, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet127#1; {68923#false} is VALID [2022-02-20 17:59:49,968 INFO L290 TraceCheckUtils]: 180: Hoare triple {68923#false} assume 1 == ~sent_signed~0; {68923#false} is VALID [2022-02-20 17:59:49,968 INFO L272 TraceCheckUtils]: 181: Hoare triple {68923#false} call __utac_acc__SignVerify_spec__2_#t~ret128#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {68923#false} is VALID [2022-02-20 17:59:49,968 INFO L290 TraceCheckUtils]: 182: Hoare triple {68923#false} ~handle := #in~handle;havoc ~retValue_acc~18; {68923#false} is VALID [2022-02-20 17:59:49,968 INFO L290 TraceCheckUtils]: 183: Hoare triple {68923#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_from0~0;#res := ~retValue_acc~18; {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L290 TraceCheckUtils]: 184: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L284 TraceCheckUtils]: 185: Hoare quadruple {68923#false} {68923#false} #1608#return; {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L290 TraceCheckUtils]: 186: Hoare triple {68923#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret128#1 && __utac_acc__SignVerify_spec__2_#t~ret128#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~27#1 := __utac_acc__SignVerify_spec__2_#t~ret128#1;havoc __utac_acc__SignVerify_spec__2_#t~ret128#1; {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L272 TraceCheckUtils]: 187: Hoare triple {68923#false} call __utac_acc__SignVerify_spec__2_#t~ret129#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~27#1); {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L290 TraceCheckUtils]: 188: Hoare triple {68923#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L290 TraceCheckUtils]: 189: Hoare triple {68923#false} assume 1 == ~handle; {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L290 TraceCheckUtils]: 190: Hoare triple {68923#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L290 TraceCheckUtils]: 191: Hoare triple {68923#false} assume true; {68923#false} is VALID [2022-02-20 17:59:49,969 INFO L284 TraceCheckUtils]: 192: Hoare quadruple {68923#false} {68923#false} #1610#return; {68923#false} is VALID [2022-02-20 17:59:49,970 INFO L290 TraceCheckUtils]: 193: Hoare triple {68923#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret129#1 && __utac_acc__SignVerify_spec__2_#t~ret129#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret129#1;havoc __utac_acc__SignVerify_spec__2_#t~ret129#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {68923#false} is VALID [2022-02-20 17:59:49,970 INFO L290 TraceCheckUtils]: 194: Hoare triple {68923#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {68923#false} is VALID [2022-02-20 17:59:49,970 INFO L272 TraceCheckUtils]: 195: Hoare triple {68923#false} call __automaton_fail(); {68923#false} is VALID [2022-02-20 17:59:49,970 INFO L290 TraceCheckUtils]: 196: Hoare triple {68923#false} assume !false; {68923#false} is VALID [2022-02-20 17:59:49,970 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 17:59:49,970 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:59:49,970 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [501085581] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:49,971 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:59:49,971 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [13] total 17 [2022-02-20 17:59:49,971 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [862693168] [2022-02-20 17:59:49,971 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:49,971 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 24.0) internal successors, (120), 6 states have internal predecessors, (120), 3 states have call successors, (32), 2 states have call predecessors, (32), 3 states have return successors, (25), 3 states have call predecessors, (25), 3 states have call successors, (25) Word has length 197 [2022-02-20 17:59:49,972 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:49,972 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 24.0) internal successors, (120), 6 states have internal predecessors, (120), 3 states have call successors, (32), 2 states have call predecessors, (32), 3 states have return successors, (25), 3 states have call predecessors, (25), 3 states have call successors, (25) [2022-02-20 17:59:50,083 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 177 edges. 177 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:50,083 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:59:50,084 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:50,084 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:59:50,084 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=238, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:50,084 INFO L87 Difference]: Start difference. First operand 2603 states and 3851 transitions. Second operand has 6 states, 5 states have (on average 24.0) internal successors, (120), 6 states have internal predecessors, (120), 3 states have call successors, (32), 2 states have call predecessors, (32), 3 states have return successors, (25), 3 states have call predecessors, (25), 3 states have call successors, (25)