./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec4_product24.cil.c --full-output -ea --architecture 32bit


--------------------------------------------------------------------------------


Checking for ERROR reachability
Using default analysis
Version 03d7b7b3
Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec4_product24.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) )

 --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash cc83a32f8f5c6143265231752530a7f576faa355052cdad9509cfbce0d0adeb3
--- Real Ultimate output ---
This is Ultimate 0.2.2-dev-03d7b7b
[2022-02-20 17:59:20,153 INFO  L177        SettingsManager]: Resetting all preferences to default values...
[2022-02-20 17:59:20,159 INFO  L181        SettingsManager]: Resetting UltimateCore preferences to default values
[2022-02-20 17:59:20,193 INFO  L184        SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring...
[2022-02-20 17:59:20,197 INFO  L181        SettingsManager]: Resetting Boogie Preprocessor preferences to default values
[2022-02-20 17:59:20,198 INFO  L181        SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values
[2022-02-20 17:59:20,199 INFO  L181        SettingsManager]: Resetting Abstract Interpretation preferences to default values
[2022-02-20 17:59:20,202 INFO  L181        SettingsManager]: Resetting LassoRanker preferences to default values
[2022-02-20 17:59:20,203 INFO  L181        SettingsManager]: Resetting Reaching Definitions preferences to default values
[2022-02-20 17:59:20,205 INFO  L181        SettingsManager]: Resetting SyntaxChecker preferences to default values
[2022-02-20 17:59:20,205 INFO  L181        SettingsManager]: Resetting Sifa preferences to default values
[2022-02-20 17:59:20,207 INFO  L184        SettingsManager]: Büchi Program Product provides no preferences, ignoring...
[2022-02-20 17:59:20,208 INFO  L181        SettingsManager]: Resetting LTL2Aut preferences to default values
[2022-02-20 17:59:20,210 INFO  L181        SettingsManager]: Resetting PEA to Boogie preferences to default values
[2022-02-20 17:59:20,211 INFO  L181        SettingsManager]: Resetting BlockEncodingV2 preferences to default values
[2022-02-20 17:59:20,212 INFO  L181        SettingsManager]: Resetting ChcToBoogie preferences to default values
[2022-02-20 17:59:20,213 INFO  L181        SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values
[2022-02-20 17:59:20,217 INFO  L181        SettingsManager]: Resetting BuchiAutomizer preferences to default values
[2022-02-20 17:59:20,218 INFO  L181        SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values
[2022-02-20 17:59:20,222 INFO  L181        SettingsManager]: Resetting CodeCheck preferences to default values
[2022-02-20 17:59:20,223 INFO  L181        SettingsManager]: Resetting InvariantSynthesis preferences to default values
[2022-02-20 17:59:20,226 INFO  L181        SettingsManager]: Resetting RCFGBuilder preferences to default values
[2022-02-20 17:59:20,226 INFO  L181        SettingsManager]: Resetting Referee preferences to default values
[2022-02-20 17:59:20,227 INFO  L181        SettingsManager]: Resetting TraceAbstraction preferences to default values
[2022-02-20 17:59:20,228 INFO  L184        SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring...
[2022-02-20 17:59:20,229 INFO  L184        SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring...
[2022-02-20 17:59:20,230 INFO  L181        SettingsManager]: Resetting TreeAutomizer preferences to default values
[2022-02-20 17:59:20,230 INFO  L181        SettingsManager]: Resetting IcfgToChc preferences to default values
[2022-02-20 17:59:20,231 INFO  L181        SettingsManager]: Resetting IcfgTransformer preferences to default values
[2022-02-20 17:59:20,232 INFO  L184        SettingsManager]: ReqToTest provides no preferences, ignoring...
[2022-02-20 17:59:20,232 INFO  L181        SettingsManager]: Resetting Boogie Printer preferences to default values
[2022-02-20 17:59:20,233 INFO  L181        SettingsManager]: Resetting ChcSmtPrinter preferences to default values
[2022-02-20 17:59:20,233 INFO  L181        SettingsManager]: Resetting ReqPrinter preferences to default values
[2022-02-20 17:59:20,234 INFO  L181        SettingsManager]: Resetting Witness Printer preferences to default values
[2022-02-20 17:59:20,235 INFO  L184        SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring...
[2022-02-20 17:59:20,235 INFO  L181        SettingsManager]: Resetting CDTParser preferences to default values
[2022-02-20 17:59:20,236 INFO  L184        SettingsManager]: AutomataScriptParser provides no preferences, ignoring...
[2022-02-20 17:59:20,236 INFO  L184        SettingsManager]: ReqParser provides no preferences, ignoring...
[2022-02-20 17:59:20,237 INFO  L181        SettingsManager]: Resetting SmtParser preferences to default values
[2022-02-20 17:59:20,237 INFO  L181        SettingsManager]: Resetting Witness Parser preferences to default values
[2022-02-20 17:59:20,237 INFO  L188        SettingsManager]: Finished resetting all preferences to default values...
[2022-02-20 17:59:20,238 INFO  L101        SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf
[2022-02-20 17:59:20,256 INFO  L113        SettingsManager]: Loading preferences was successful
[2022-02-20 17:59:20,256 INFO  L115        SettingsManager]: Preferences different from defaults after loading the file:
[2022-02-20 17:59:20,257 INFO  L136        SettingsManager]: Preferences of UltimateCore differ from their defaults:
[2022-02-20 17:59:20,257 INFO  L138        SettingsManager]:  * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR;
[2022-02-20 17:59:20,257 INFO  L136        SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults:
[2022-02-20 17:59:20,257 INFO  L138        SettingsManager]:  * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS
[2022-02-20 17:59:20,258 INFO  L136        SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults:
[2022-02-20 17:59:20,258 INFO  L138        SettingsManager]:  * Create parallel compositions if possible=false
[2022-02-20 17:59:20,258 INFO  L138        SettingsManager]:  * Use SBE=true
[2022-02-20 17:59:20,258 INFO  L136        SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults:
[2022-02-20 17:59:20,259 INFO  L138        SettingsManager]:  * sizeof long=4
[2022-02-20 17:59:20,259 INFO  L138        SettingsManager]:  * Overapproximate operations on floating types=true
[2022-02-20 17:59:20,259 INFO  L138        SettingsManager]:  * sizeof POINTER=4
[2022-02-20 17:59:20,259 INFO  L138        SettingsManager]:  * Check division by zero=IGNORE
[2022-02-20 17:59:20,259 INFO  L138        SettingsManager]:  * Pointer to allocated memory at dereference=IGNORE
[2022-02-20 17:59:20,259 INFO  L138        SettingsManager]:  * If two pointers are subtracted or compared they have the same base address=IGNORE
[2022-02-20 17:59:20,259 INFO  L138        SettingsManager]:  * Check array bounds for arrays that are off heap=IGNORE
[2022-02-20 17:59:20,260 INFO  L138        SettingsManager]:  * sizeof long double=12
[2022-02-20 17:59:20,263 INFO  L138        SettingsManager]:  * Check if freed pointer was valid=false
[2022-02-20 17:59:20,263 INFO  L138        SettingsManager]:  * Use constant arrays=true
[2022-02-20 17:59:20,263 INFO  L138        SettingsManager]:  * Pointer base address is valid at dereference=IGNORE
[2022-02-20 17:59:20,264 INFO  L136        SettingsManager]: Preferences of RCFGBuilder differ from their defaults:
[2022-02-20 17:59:20,264 INFO  L138        SettingsManager]:  * Size of a code block=SequenceOfStatements
[2022-02-20 17:59:20,264 INFO  L138        SettingsManager]:  * SMT solver=External_DefaultMode
[2022-02-20 17:59:20,264 INFO  L138        SettingsManager]:  * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000
[2022-02-20 17:59:20,264 INFO  L136        SettingsManager]: Preferences of TraceAbstraction differ from their defaults:
[2022-02-20 17:59:20,264 INFO  L138        SettingsManager]:  * Compute Interpolants along a Counterexample=FPandBP
[2022-02-20 17:59:20,265 INFO  L138        SettingsManager]:  * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles
[2022-02-20 17:59:20,265 INFO  L138        SettingsManager]:  * Trace refinement strategy=CAMEL
[2022-02-20 17:59:20,265 INFO  L138        SettingsManager]:  * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in
[2022-02-20 17:59:20,265 INFO  L138        SettingsManager]:  * Large block encoding in concurrent analysis=OFF
[2022-02-20 17:59:20,265 INFO  L138        SettingsManager]:  * Automaton type used in concurrency analysis=PETRI_NET
[2022-02-20 17:59:20,265 INFO  L138        SettingsManager]:  * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true
[2022-02-20 17:59:20,266 INFO  L138        SettingsManager]:  * SMT solver=External_ModelsAndUnsatCoreMode
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) )


Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit
Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> cc83a32f8f5c6143265231752530a7f576faa355052cdad9509cfbce0d0adeb3
[2022-02-20 17:59:20,443 INFO  L75    nceAwareModelManager]: Repository-Root is: /tmp
[2022-02-20 17:59:20,461 INFO  L261   ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized
[2022-02-20 17:59:20,463 INFO  L217   ainManager$Toolchain]: [Toolchain 1]: Toolchain selected.
[2022-02-20 17:59:20,464 INFO  L271        PluginConnector]: Initializing CDTParser...
[2022-02-20 17:59:20,464 INFO  L275        PluginConnector]: CDTParser initialized
[2022-02-20 17:59:20,465 INFO  L432   ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec4_product24.cil.c
[2022-02-20 17:59:20,508 INFO  L220              CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/621058438/5097fda6e25d44ceadf7aabb3fe84d73/FLAGd0fec0238
[2022-02-20 17:59:20,969 INFO  L306              CDTParser]: Found 1 translation units.
[2022-02-20 17:59:20,970 INFO  L160              CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product24.cil.c
[2022-02-20 17:59:20,990 INFO  L349              CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/621058438/5097fda6e25d44ceadf7aabb3fe84d73/FLAGd0fec0238
[2022-02-20 17:59:21,288 INFO  L357              CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/621058438/5097fda6e25d44ceadf7aabb3fe84d73
[2022-02-20 17:59:21,290 INFO  L299   ainManager$Toolchain]: ####################### [Toolchain 1] #######################
[2022-02-20 17:59:21,291 INFO  L131        ToolchainWalker]: Walking toolchain with 6 elements.
[2022-02-20 17:59:21,292 INFO  L113        PluginConnector]: ------------------------CACSL2BoogieTranslator----------------------------
[2022-02-20 17:59:21,292 INFO  L271        PluginConnector]: Initializing CACSL2BoogieTranslator...
[2022-02-20 17:59:21,295 INFO  L275        PluginConnector]: CACSL2BoogieTranslator initialized
[2022-02-20 17:59:21,297 INFO  L185        PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:21,297 INFO  L205        PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@57f41f9d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21, skipping insertion in model container
[2022-02-20 17:59:21,298 INFO  L185        PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:21,304 INFO  L145         MainTranslator]: Starting translation in SV-COMP mode 
[2022-02-20 17:59:21,356 INFO  L178         MainTranslator]: Built tables and reachable declarations
[2022-02-20 17:59:21,655 WARN  L230   ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product24.cil.c[33676,33689]
[2022-02-20 17:59:21,809 INFO  L210          PostProcessor]: Analyzing one entry point: main
[2022-02-20 17:59:21,821 INFO  L203         MainTranslator]: Completed pre-run
[2022-02-20 17:59:21,863 WARN  L230   ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_product24.cil.c[33676,33689]
[2022-02-20 17:59:21,926 INFO  L210          PostProcessor]: Analyzing one entry point: main
[2022-02-20 17:59:21,953 INFO  L208         MainTranslator]: Completed translation
[2022-02-20 17:59:21,954 INFO  L202        PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21 WrapperNode
[2022-02-20 17:59:21,954 INFO  L132        PluginConnector]: ------------------------ END CACSL2BoogieTranslator----------------------------
[2022-02-20 17:59:21,955 INFO  L113        PluginConnector]: ------------------------Boogie Procedure Inliner----------------------------
[2022-02-20 17:59:21,955 INFO  L271        PluginConnector]: Initializing Boogie Procedure Inliner...
[2022-02-20 17:59:21,955 INFO  L275        PluginConnector]: Boogie Procedure Inliner initialized
[2022-02-20 17:59:21,960 INFO  L185        PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:21,990 INFO  L185        PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,045 INFO  L137                Inliner]: procedures = 130, calls = 209, calls flagged for inlining = 63, calls inlined = 58, statements flattened = 1034
[2022-02-20 17:59:22,046 INFO  L132        PluginConnector]: ------------------------ END Boogie Procedure Inliner----------------------------
[2022-02-20 17:59:22,046 INFO  L113        PluginConnector]: ------------------------Boogie Preprocessor----------------------------
[2022-02-20 17:59:22,047 INFO  L271        PluginConnector]: Initializing Boogie Preprocessor...
[2022-02-20 17:59:22,047 INFO  L275        PluginConnector]: Boogie Preprocessor initialized
[2022-02-20 17:59:22,053 INFO  L185        PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,054 INFO  L185        PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,058 INFO  L185        PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,058 INFO  L185        PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,071 INFO  L185        PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,078 INFO  L185        PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,081 INFO  L185        PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,087 INFO  L132        PluginConnector]: ------------------------ END Boogie Preprocessor----------------------------
[2022-02-20 17:59:22,088 INFO  L113        PluginConnector]: ------------------------RCFGBuilder----------------------------
[2022-02-20 17:59:22,088 INFO  L271        PluginConnector]: Initializing RCFGBuilder...
[2022-02-20 17:59:22,088 INFO  L275        PluginConnector]: RCFGBuilder initialized
[2022-02-20 17:59:22,089 INFO  L185        PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (1/1) ...
[2022-02-20 17:59:22,103 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000
[2022-02-20 17:59:22,118 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 17:59:22,131 INFO  L229       MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null)
[2022-02-20 17:59:22,161 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process
[2022-02-20 17:59:22,173 INFO  L130     BoogieDeclarations]: Found specification of procedure getClientPrivateKey
[2022-02-20 17:59:22,173 INFO  L138     BoogieDeclarations]: Found implementation of procedure getClientPrivateKey
[2022-02-20 17:59:22,173 INFO  L130     BoogieDeclarations]: Found specification of procedure getEmailTo
[2022-02-20 17:59:22,173 INFO  L138     BoogieDeclarations]: Found implementation of procedure getEmailTo
[2022-02-20 17:59:22,174 INFO  L130     BoogieDeclarations]: Found specification of procedure setEmailFrom
[2022-02-20 17:59:22,174 INFO  L138     BoogieDeclarations]: Found implementation of procedure setEmailFrom
[2022-02-20 17:59:22,174 INFO  L130     BoogieDeclarations]: Found specification of procedure isReadable
[2022-02-20 17:59:22,174 INFO  L138     BoogieDeclarations]: Found implementation of procedure isReadable
[2022-02-20 17:59:22,175 INFO  L130     BoogieDeclarations]: Found specification of procedure createClientKeyringEntry
[2022-02-20 17:59:22,175 INFO  L138     BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry
[2022-02-20 17:59:22,175 INFO  L130     BoogieDeclarations]: Found specification of procedure getEmailSignKey
[2022-02-20 17:59:22,175 INFO  L138     BoogieDeclarations]: Found implementation of procedure getEmailSignKey
[2022-02-20 17:59:22,176 INFO  L130     BoogieDeclarations]: Found specification of procedure chuckKeyAdd
[2022-02-20 17:59:22,176 INFO  L138     BoogieDeclarations]: Found implementation of procedure chuckKeyAdd
[2022-02-20 17:59:22,176 INFO  L130     BoogieDeclarations]: Found specification of procedure puts
[2022-02-20 17:59:22,176 INFO  L130     BoogieDeclarations]: Found specification of procedure getEmailFrom
[2022-02-20 17:59:22,176 INFO  L138     BoogieDeclarations]: Found implementation of procedure getEmailFrom
[2022-02-20 17:59:22,176 INFO  L130     BoogieDeclarations]: Found specification of procedure queue
[2022-02-20 17:59:22,177 INFO  L138     BoogieDeclarations]: Found implementation of procedure queue
[2022-02-20 17:59:22,177 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientId
[2022-02-20 17:59:22,177 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientId
[2022-02-20 17:59:22,177 INFO  L130     BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit
[2022-02-20 17:59:22,177 INFO  L130     BoogieDeclarations]: Found specification of procedure isSigned
[2022-02-20 17:59:22,177 INFO  L138     BoogieDeclarations]: Found implementation of procedure isSigned
[2022-02-20 17:59:22,177 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientKeyringUser
[2022-02-20 17:59:22,177 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientKeyringUser
[2022-02-20 17:59:22,178 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey
[2022-02-20 17:59:22,178 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey
[2022-02-20 17:59:22,178 INFO  L130     BoogieDeclarations]: Found specification of procedure outgoing
[2022-02-20 17:59:22,178 INFO  L138     BoogieDeclarations]: Found implementation of procedure outgoing
[2022-02-20 17:59:22,178 INFO  L130     BoogieDeclarations]: Found specification of procedure sendEmail
[2022-02-20 17:59:22,178 INFO  L138     BoogieDeclarations]: Found implementation of procedure sendEmail
[2022-02-20 17:59:22,178 INFO  L130     BoogieDeclarations]: Found specification of procedure setClientPrivateKey
[2022-02-20 17:59:22,178 INFO  L138     BoogieDeclarations]: Found implementation of procedure setClientPrivateKey
[2022-02-20 17:59:22,178 INFO  L130     BoogieDeclarations]: Found specification of procedure setEmailTo
[2022-02-20 17:59:22,179 INFO  L138     BoogieDeclarations]: Found implementation of procedure setEmailTo
[2022-02-20 17:59:22,179 INFO  L130     BoogieDeclarations]: Found specification of procedure write~init~int
[2022-02-20 17:59:22,179 INFO  L130     BoogieDeclarations]: Found specification of procedure generateKeyPair
[2022-02-20 17:59:22,179 INFO  L138     BoogieDeclarations]: Found implementation of procedure generateKeyPair
[2022-02-20 17:59:22,179 INFO  L130     BoogieDeclarations]: Found specification of procedure ULTIMATE.start
[2022-02-20 17:59:22,179 INFO  L138     BoogieDeclarations]: Found implementation of procedure ULTIMATE.start
[2022-02-20 17:59:22,418 INFO  L234             CfgBuilder]: Building ICFG
[2022-02-20 17:59:22,420 INFO  L260             CfgBuilder]: Building CFG for each procedure with an implementation
[2022-02-20 17:59:23,210 INFO  L275             CfgBuilder]: Performing block encoding
[2022-02-20 17:59:23,228 INFO  L294             CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start)
[2022-02-20 17:59:23,228 INFO  L299             CfgBuilder]: Removed 1 assume(true) statements.
[2022-02-20 17:59:23,230 INFO  L202        PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:23 BoogieIcfgContainer
[2022-02-20 17:59:23,230 INFO  L132        PluginConnector]: ------------------------ END RCFGBuilder----------------------------
[2022-02-20 17:59:23,232 INFO  L113        PluginConnector]: ------------------------TraceAbstraction----------------------------
[2022-02-20 17:59:23,232 INFO  L271        PluginConnector]: Initializing TraceAbstraction...
[2022-02-20 17:59:23,234 INFO  L275        PluginConnector]: TraceAbstraction initialized
[2022-02-20 17:59:23,235 INFO  L185        PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:59:21" (1/3) ...
[2022-02-20 17:59:23,235 INFO  L205        PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@775a7b3e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:23, skipping insertion in model container
[2022-02-20 17:59:23,236 INFO  L185        PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:59:21" (2/3) ...
[2022-02-20 17:59:23,236 INFO  L205        PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@775a7b3e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:59:23, skipping insertion in model container
[2022-02-20 17:59:23,236 INFO  L185        PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:59:23" (3/3) ...
[2022-02-20 17:59:23,237 INFO  L111   eAbstractionObserver]: Analyzing ICFG email_spec4_product24.cil.c
[2022-02-20 17:59:23,241 INFO  L205   ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION
[2022-02-20 17:59:23,242 INFO  L164   ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations.
[2022-02-20 17:59:23,284 INFO  L338      AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ========
[2022-02-20 17:59:23,291 INFO  L339      AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR
[2022-02-20 17:59:23,292 INFO  L340      AbstractCegarLoop]: Starting to check reachability of 1 error locations.
[2022-02-20 17:59:23,326 INFO  L276                IsEmpty]: Start isEmpty. Operand  has 327 states, 259 states have (on average 1.528957528957529) internal successors, (396), 261 states have internal predecessors, (396), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (48), 48 states have call predecessors, (48), 48 states have call successors, (48)
[2022-02-20 17:59:23,344 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 93
[2022-02-20 17:59:23,345 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:23,345 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:23,346 INFO  L402      AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:23,349 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:23,350 INFO  L85        PathProgramCache]: Analyzing trace with hash -487814917, now seen corresponding path program 1 times
[2022-02-20 17:59:23,357 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:23,358 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1882916578]
[2022-02-20 17:59:23,358 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:23,359 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:23,503 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,618 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:23,621 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,639 INFO  L290        TraceCheckUtils]: 0: Hoare triple {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,639 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,640 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,640 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {330#true} #1007#return; {330#true} is VALID
[2022-02-20 17:59:23,646 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:23,650 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,662 INFO  L290        TraceCheckUtils]: 0: Hoare triple {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,663 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,663 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,663 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {330#true} #1009#return; {330#true} is VALID
[2022-02-20 17:59:23,664 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:23,670 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,690 INFO  L290        TraceCheckUtils]: 0: Hoare triple {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {383#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:23,690 INFO  L290        TraceCheckUtils]: 1: Hoare triple {383#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {384#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:23,691 INFO  L290        TraceCheckUtils]: 2: Hoare triple {384#(= |setClientId_#in~handle| 1)} assume true; {384#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:23,692 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {384#(= |setClientId_#in~handle| 1)} {340#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1011#return; {331#false} is VALID
[2022-02-20 17:59:23,692 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24
[2022-02-20 17:59:23,695 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,706 INFO  L290        TraceCheckUtils]: 0: Hoare triple {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,706 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,706 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,707 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #1013#return; {331#false} is VALID
[2022-02-20 17:59:23,707 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30
[2022-02-20 17:59:23,710 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,712 INFO  L290        TraceCheckUtils]: 0: Hoare triple {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,712 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,713 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,713 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #1015#return; {331#false} is VALID
[2022-02-20 17:59:23,713 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36
[2022-02-20 17:59:23,715 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,718 INFO  L290        TraceCheckUtils]: 0: Hoare triple {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,718 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,718 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,719 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #1017#return; {331#false} is VALID
[2022-02-20 17:59:23,725 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47
[2022-02-20 17:59:23,726 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,730 INFO  L290        TraceCheckUtils]: 0: Hoare triple {385#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,730 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,730 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,731 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #1001#return; {331#false} is VALID
[2022-02-20 17:59:23,738 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52
[2022-02-20 17:59:23,739 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,742 INFO  L290        TraceCheckUtils]: 0: Hoare triple {386#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,742 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,743 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,743 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #1003#return; {331#false} is VALID
[2022-02-20 17:59:23,743 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61
[2022-02-20 17:59:23,744 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,748 INFO  L290        TraceCheckUtils]: 0: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~9; {330#true} is VALID
[2022-02-20 17:59:23,748 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {330#true} is VALID
[2022-02-20 17:59:23,749 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,749 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #955#return; {331#false} is VALID
[2022-02-20 17:59:23,749 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71
[2022-02-20 17:59:23,750 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,753 INFO  L290        TraceCheckUtils]: 0: Hoare triple {385#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,753 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,753 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,754 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #957#return; {331#false} is VALID
[2022-02-20 17:59:23,754 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77
[2022-02-20 17:59:23,755 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,758 INFO  L290        TraceCheckUtils]: 0: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~31; {330#true} is VALID
[2022-02-20 17:59:23,758 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {330#true} is VALID
[2022-02-20 17:59:23,758 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,758 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #959#return; {331#false} is VALID
[2022-02-20 17:59:23,759 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84
[2022-02-20 17:59:23,760 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:23,767 INFO  L290        TraceCheckUtils]: 0: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~9; {330#true} is VALID
[2022-02-20 17:59:23,767 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {330#true} is VALID
[2022-02-20 17:59:23,767 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,767 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {330#true} {331#false} #961#return; {331#false} is VALID
[2022-02-20 17:59:23,768 INFO  L290        TraceCheckUtils]: 0: Hoare triple {330#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {330#true} is VALID
[2022-02-20 17:59:23,769 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {330#true} is VALID
[2022-02-20 17:59:23,769 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {330#true} is VALID
[2022-02-20 17:59:23,769 INFO  L290        TraceCheckUtils]: 3: Hoare triple {330#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {330#true} is VALID
[2022-02-20 17:59:23,769 INFO  L290        TraceCheckUtils]: 4: Hoare triple {330#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {330#true} is VALID
[2022-02-20 17:59:23,769 INFO  L290        TraceCheckUtils]: 5: Hoare triple {330#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {330#true} is VALID
[2022-02-20 17:59:23,773 INFO  L272        TraceCheckUtils]: 6: Hoare triple {330#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:23,774 INFO  L290        TraceCheckUtils]: 7: Hoare triple {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,774 INFO  L290        TraceCheckUtils]: 8: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,774 INFO  L290        TraceCheckUtils]: 9: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,774 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {330#true} {330#true} #1007#return; {330#true} is VALID
[2022-02-20 17:59:23,774 INFO  L290        TraceCheckUtils]: 11: Hoare triple {330#true} assume { :end_inline_setup_bob__wrappee__Base } true; {330#true} is VALID
[2022-02-20 17:59:23,778 INFO  L272        TraceCheckUtils]: 12: Hoare triple {330#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:23,778 INFO  L290        TraceCheckUtils]: 13: Hoare triple {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,778 INFO  L290        TraceCheckUtils]: 14: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,779 INFO  L290        TraceCheckUtils]: 15: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,779 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {330#true} {330#true} #1009#return; {330#true} is VALID
[2022-02-20 17:59:23,779 INFO  L290        TraceCheckUtils]: 17: Hoare triple {330#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {340#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID
[2022-02-20 17:59:23,780 INFO  L272        TraceCheckUtils]: 18: Hoare triple {340#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:23,781 INFO  L290        TraceCheckUtils]: 19: Hoare triple {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {383#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:23,781 INFO  L290        TraceCheckUtils]: 20: Hoare triple {383#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {384#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:23,782 INFO  L290        TraceCheckUtils]: 21: Hoare triple {384#(= |setClientId_#in~handle| 1)} assume true; {384#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:23,782 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {384#(= |setClientId_#in~handle| 1)} {340#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1011#return; {331#false} is VALID
[2022-02-20 17:59:23,783 INFO  L290        TraceCheckUtils]: 23: Hoare triple {331#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {331#false} is VALID
[2022-02-20 17:59:23,783 INFO  L272        TraceCheckUtils]: 24: Hoare triple {331#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:23,783 INFO  L290        TraceCheckUtils]: 25: Hoare triple {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,783 INFO  L290        TraceCheckUtils]: 26: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,783 INFO  L290        TraceCheckUtils]: 27: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,784 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {330#true} {331#false} #1013#return; {331#false} is VALID
[2022-02-20 17:59:23,784 INFO  L290        TraceCheckUtils]: 29: Hoare triple {331#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {331#false} is VALID
[2022-02-20 17:59:23,785 INFO  L272        TraceCheckUtils]: 30: Hoare triple {331#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:23,785 INFO  L290        TraceCheckUtils]: 31: Hoare triple {381#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,786 INFO  L290        TraceCheckUtils]: 32: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,786 INFO  L290        TraceCheckUtils]: 33: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,786 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {330#true} {331#false} #1015#return; {331#false} is VALID
[2022-02-20 17:59:23,786 INFO  L290        TraceCheckUtils]: 35: Hoare triple {331#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {331#false} is VALID
[2022-02-20 17:59:23,787 INFO  L272        TraceCheckUtils]: 36: Hoare triple {331#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:23,787 INFO  L290        TraceCheckUtils]: 37: Hoare triple {382#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,787 INFO  L290        TraceCheckUtils]: 38: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,788 INFO  L290        TraceCheckUtils]: 39: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,788 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {330#true} {331#false} #1017#return; {331#false} is VALID
[2022-02-20 17:59:23,788 INFO  L290        TraceCheckUtils]: 41: Hoare triple {331#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {331#false} is VALID
[2022-02-20 17:59:23,788 INFO  L290        TraceCheckUtils]: 42: Hoare triple {331#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {331#false} is VALID
[2022-02-20 17:59:23,789 INFO  L290        TraceCheckUtils]: 43: Hoare triple {331#false} assume false; {331#false} is VALID
[2022-02-20 17:59:23,790 INFO  L290        TraceCheckUtils]: 44: Hoare triple {331#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {331#false} is VALID
[2022-02-20 17:59:23,790 INFO  L272        TraceCheckUtils]: 45: Hoare triple {331#false} call sendEmail(~bob~0, ~rjh~0); {331#false} is VALID
[2022-02-20 17:59:23,790 INFO  L290        TraceCheckUtils]: 46: Hoare triple {331#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {331#false} is VALID
[2022-02-20 17:59:23,791 INFO  L272        TraceCheckUtils]: 47: Hoare triple {331#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {385#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:23,791 INFO  L290        TraceCheckUtils]: 48: Hoare triple {385#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,791 INFO  L290        TraceCheckUtils]: 49: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,791 INFO  L290        TraceCheckUtils]: 50: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,791 INFO  L284        TraceCheckUtils]: 51: Hoare quadruple {330#true} {331#false} #1001#return; {331#false} is VALID
[2022-02-20 17:59:23,792 INFO  L272        TraceCheckUtils]: 52: Hoare triple {331#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {386#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:23,792 INFO  L290        TraceCheckUtils]: 53: Hoare triple {386#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,792 INFO  L290        TraceCheckUtils]: 54: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,793 INFO  L290        TraceCheckUtils]: 55: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,793 INFO  L284        TraceCheckUtils]: 56: Hoare quadruple {330#true} {331#false} #1003#return; {331#false} is VALID
[2022-02-20 17:59:23,793 INFO  L290        TraceCheckUtils]: 57: Hoare triple {331#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {331#false} is VALID
[2022-02-20 17:59:23,793 INFO  L290        TraceCheckUtils]: 58: Hoare triple {331#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {331#false} is VALID
[2022-02-20 17:59:23,793 INFO  L272        TraceCheckUtils]: 59: Hoare triple {331#false} call outgoing(~sender#1, ~email~0#1); {331#false} is VALID
[2022-02-20 17:59:23,794 INFO  L290        TraceCheckUtils]: 60: Hoare triple {331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {331#false} is VALID
[2022-02-20 17:59:23,794 INFO  L272        TraceCheckUtils]: 61: Hoare triple {331#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {330#true} is VALID
[2022-02-20 17:59:23,794 INFO  L290        TraceCheckUtils]: 62: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~9; {330#true} is VALID
[2022-02-20 17:59:23,794 INFO  L290        TraceCheckUtils]: 63: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {330#true} is VALID
[2022-02-20 17:59:23,795 INFO  L290        TraceCheckUtils]: 64: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,795 INFO  L284        TraceCheckUtils]: 65: Hoare quadruple {330#true} {331#false} #955#return; {331#false} is VALID
[2022-02-20 17:59:23,795 INFO  L290        TraceCheckUtils]: 66: Hoare triple {331#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {331#false} is VALID
[2022-02-20 17:59:23,795 INFO  L290        TraceCheckUtils]: 67: Hoare triple {331#false} assume 0 == sign_~privkey~0#1; {331#false} is VALID
[2022-02-20 17:59:23,795 INFO  L290        TraceCheckUtils]: 68: Hoare triple {331#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {331#false} is VALID
[2022-02-20 17:59:23,796 INFO  L290        TraceCheckUtils]: 69: Hoare triple {331#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {331#false} is VALID
[2022-02-20 17:59:23,796 INFO  L290        TraceCheckUtils]: 70: Hoare triple {331#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {331#false} is VALID
[2022-02-20 17:59:23,796 INFO  L272        TraceCheckUtils]: 71: Hoare triple {331#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {385#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:23,796 INFO  L290        TraceCheckUtils]: 72: Hoare triple {385#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:23,797 INFO  L290        TraceCheckUtils]: 73: Hoare triple {330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:23,797 INFO  L290        TraceCheckUtils]: 74: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,797 INFO  L284        TraceCheckUtils]: 75: Hoare quadruple {330#true} {331#false} #957#return; {331#false} is VALID
[2022-02-20 17:59:23,797 INFO  L290        TraceCheckUtils]: 76: Hoare triple {331#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {331#false} is VALID
[2022-02-20 17:59:23,798 INFO  L272        TraceCheckUtils]: 77: Hoare triple {331#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {330#true} is VALID
[2022-02-20 17:59:23,798 INFO  L290        TraceCheckUtils]: 78: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~31; {330#true} is VALID
[2022-02-20 17:59:23,798 INFO  L290        TraceCheckUtils]: 79: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {330#true} is VALID
[2022-02-20 17:59:23,798 INFO  L290        TraceCheckUtils]: 80: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,799 INFO  L284        TraceCheckUtils]: 81: Hoare quadruple {330#true} {331#false} #959#return; {331#false} is VALID
[2022-02-20 17:59:23,799 INFO  L290        TraceCheckUtils]: 82: Hoare triple {331#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {331#false} is VALID
[2022-02-20 17:59:23,799 INFO  L290        TraceCheckUtils]: 83: Hoare triple {331#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {331#false} is VALID
[2022-02-20 17:59:23,799 INFO  L272        TraceCheckUtils]: 84: Hoare triple {331#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {330#true} is VALID
[2022-02-20 17:59:23,800 INFO  L290        TraceCheckUtils]: 85: Hoare triple {330#true} ~handle := #in~handle;havoc ~retValue_acc~9; {330#true} is VALID
[2022-02-20 17:59:23,800 INFO  L290        TraceCheckUtils]: 86: Hoare triple {330#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {330#true} is VALID
[2022-02-20 17:59:23,800 INFO  L290        TraceCheckUtils]: 87: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:23,800 INFO  L284        TraceCheckUtils]: 88: Hoare quadruple {330#true} {331#false} #961#return; {331#false} is VALID
[2022-02-20 17:59:23,801 INFO  L290        TraceCheckUtils]: 89: Hoare triple {331#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {331#false} is VALID
[2022-02-20 17:59:23,801 INFO  L290        TraceCheckUtils]: 90: Hoare triple {331#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {331#false} is VALID
[2022-02-20 17:59:23,801 INFO  L290        TraceCheckUtils]: 91: Hoare triple {331#false} assume !false; {331#false} is VALID
[2022-02-20 17:59:23,802 INFO  L134       CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked.
[2022-02-20 17:59:23,802 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:23,803 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1882916578]
[2022-02-20 17:59:23,803 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1882916578] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 17:59:23,803 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [994119196]
[2022-02-20 17:59:23,804 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:23,804 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 17:59:23,804 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 17:59:23,806 INFO  L229       MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 17:59:23,807 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process
[2022-02-20 17:59:24,028 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:24,032 INFO  L263         TraceCheckSpWp]: Trace formula consists of 967 conjuncts, 1 conjunts are in the unsatisfiable core
[2022-02-20 17:59:24,094 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:24,100 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 17:59:24,306 INFO  L290        TraceCheckUtils]: 0: Hoare triple {330#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {330#true} is VALID
[2022-02-20 17:59:24,306 INFO  L290        TraceCheckUtils]: 1: Hoare triple {330#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {330#true} is VALID
[2022-02-20 17:59:24,306 INFO  L290        TraceCheckUtils]: 2: Hoare triple {330#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {330#true} is VALID
[2022-02-20 17:59:24,307 INFO  L290        TraceCheckUtils]: 3: Hoare triple {330#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {330#true} is VALID
[2022-02-20 17:59:24,307 INFO  L290        TraceCheckUtils]: 4: Hoare triple {330#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {330#true} is VALID
[2022-02-20 17:59:24,308 INFO  L290        TraceCheckUtils]: 5: Hoare triple {330#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {330#true} is VALID
[2022-02-20 17:59:24,309 INFO  L272        TraceCheckUtils]: 6: Hoare triple {330#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {330#true} is VALID
[2022-02-20 17:59:24,309 INFO  L290        TraceCheckUtils]: 7: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:24,309 INFO  L290        TraceCheckUtils]: 8: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:24,309 INFO  L290        TraceCheckUtils]: 9: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:24,309 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {330#true} {330#true} #1007#return; {330#true} is VALID
[2022-02-20 17:59:24,309 INFO  L290        TraceCheckUtils]: 11: Hoare triple {330#true} assume { :end_inline_setup_bob__wrappee__Base } true; {330#true} is VALID
[2022-02-20 17:59:24,309 INFO  L272        TraceCheckUtils]: 12: Hoare triple {330#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {330#true} is VALID
[2022-02-20 17:59:24,310 INFO  L290        TraceCheckUtils]: 13: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:24,310 INFO  L290        TraceCheckUtils]: 14: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:24,310 INFO  L290        TraceCheckUtils]: 15: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:24,310 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {330#true} {330#true} #1009#return; {330#true} is VALID
[2022-02-20 17:59:24,310 INFO  L290        TraceCheckUtils]: 17: Hoare triple {330#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {330#true} is VALID
[2022-02-20 17:59:24,310 INFO  L272        TraceCheckUtils]: 18: Hoare triple {330#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {330#true} is VALID
[2022-02-20 17:59:24,310 INFO  L290        TraceCheckUtils]: 19: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:24,311 INFO  L290        TraceCheckUtils]: 20: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:24,311 INFO  L290        TraceCheckUtils]: 21: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:24,311 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {330#true} {330#true} #1011#return; {330#true} is VALID
[2022-02-20 17:59:24,311 INFO  L290        TraceCheckUtils]: 23: Hoare triple {330#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {330#true} is VALID
[2022-02-20 17:59:24,311 INFO  L272        TraceCheckUtils]: 24: Hoare triple {330#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {330#true} is VALID
[2022-02-20 17:59:24,311 INFO  L290        TraceCheckUtils]: 25: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:24,312 INFO  L290        TraceCheckUtils]: 26: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:24,312 INFO  L290        TraceCheckUtils]: 27: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:24,312 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {330#true} {330#true} #1013#return; {330#true} is VALID
[2022-02-20 17:59:24,312 INFO  L290        TraceCheckUtils]: 29: Hoare triple {330#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {330#true} is VALID
[2022-02-20 17:59:24,312 INFO  L272        TraceCheckUtils]: 30: Hoare triple {330#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {330#true} is VALID
[2022-02-20 17:59:24,312 INFO  L290        TraceCheckUtils]: 31: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:24,313 INFO  L290        TraceCheckUtils]: 32: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:24,313 INFO  L290        TraceCheckUtils]: 33: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:24,313 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {330#true} {330#true} #1015#return; {330#true} is VALID
[2022-02-20 17:59:24,313 INFO  L290        TraceCheckUtils]: 35: Hoare triple {330#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {330#true} is VALID
[2022-02-20 17:59:24,313 INFO  L272        TraceCheckUtils]: 36: Hoare triple {330#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {330#true} is VALID
[2022-02-20 17:59:24,313 INFO  L290        TraceCheckUtils]: 37: Hoare triple {330#true} ~handle := #in~handle;~value := #in~value; {330#true} is VALID
[2022-02-20 17:59:24,314 INFO  L290        TraceCheckUtils]: 38: Hoare triple {330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {330#true} is VALID
[2022-02-20 17:59:24,314 INFO  L290        TraceCheckUtils]: 39: Hoare triple {330#true} assume true; {330#true} is VALID
[2022-02-20 17:59:24,314 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {330#true} {330#true} #1017#return; {330#true} is VALID
[2022-02-20 17:59:24,314 INFO  L290        TraceCheckUtils]: 41: Hoare triple {330#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {330#true} is VALID
[2022-02-20 17:59:24,314 INFO  L290        TraceCheckUtils]: 42: Hoare triple {330#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {330#true} is VALID
[2022-02-20 17:59:24,315 INFO  L290        TraceCheckUtils]: 43: Hoare triple {330#true} assume false; {331#false} is VALID
[2022-02-20 17:59:24,315 INFO  L290        TraceCheckUtils]: 44: Hoare triple {331#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {331#false} is VALID
[2022-02-20 17:59:24,315 INFO  L272        TraceCheckUtils]: 45: Hoare triple {331#false} call sendEmail(~bob~0, ~rjh~0); {331#false} is VALID
[2022-02-20 17:59:24,315 INFO  L290        TraceCheckUtils]: 46: Hoare triple {331#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {331#false} is VALID
[2022-02-20 17:59:24,315 INFO  L272        TraceCheckUtils]: 47: Hoare triple {331#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {331#false} is VALID
[2022-02-20 17:59:24,316 INFO  L290        TraceCheckUtils]: 48: Hoare triple {331#false} ~handle := #in~handle;~value := #in~value; {331#false} is VALID
[2022-02-20 17:59:24,316 INFO  L290        TraceCheckUtils]: 49: Hoare triple {331#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {331#false} is VALID
[2022-02-20 17:59:24,316 INFO  L290        TraceCheckUtils]: 50: Hoare triple {331#false} assume true; {331#false} is VALID
[2022-02-20 17:59:24,316 INFO  L284        TraceCheckUtils]: 51: Hoare quadruple {331#false} {331#false} #1001#return; {331#false} is VALID
[2022-02-20 17:59:24,316 INFO  L272        TraceCheckUtils]: 52: Hoare triple {331#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {331#false} is VALID
[2022-02-20 17:59:24,316 INFO  L290        TraceCheckUtils]: 53: Hoare triple {331#false} ~handle := #in~handle;~value := #in~value; {331#false} is VALID
[2022-02-20 17:59:24,317 INFO  L290        TraceCheckUtils]: 54: Hoare triple {331#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {331#false} is VALID
[2022-02-20 17:59:24,317 INFO  L290        TraceCheckUtils]: 55: Hoare triple {331#false} assume true; {331#false} is VALID
[2022-02-20 17:59:24,317 INFO  L284        TraceCheckUtils]: 56: Hoare quadruple {331#false} {331#false} #1003#return; {331#false} is VALID
[2022-02-20 17:59:24,317 INFO  L290        TraceCheckUtils]: 57: Hoare triple {331#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {331#false} is VALID
[2022-02-20 17:59:24,317 INFO  L290        TraceCheckUtils]: 58: Hoare triple {331#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {331#false} is VALID
[2022-02-20 17:59:24,317 INFO  L272        TraceCheckUtils]: 59: Hoare triple {331#false} call outgoing(~sender#1, ~email~0#1); {331#false} is VALID
[2022-02-20 17:59:24,318 INFO  L290        TraceCheckUtils]: 60: Hoare triple {331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {331#false} is VALID
[2022-02-20 17:59:24,318 INFO  L272        TraceCheckUtils]: 61: Hoare triple {331#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {331#false} is VALID
[2022-02-20 17:59:24,318 INFO  L290        TraceCheckUtils]: 62: Hoare triple {331#false} ~handle := #in~handle;havoc ~retValue_acc~9; {331#false} is VALID
[2022-02-20 17:59:24,318 INFO  L290        TraceCheckUtils]: 63: Hoare triple {331#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {331#false} is VALID
[2022-02-20 17:59:24,318 INFO  L290        TraceCheckUtils]: 64: Hoare triple {331#false} assume true; {331#false} is VALID
[2022-02-20 17:59:24,318 INFO  L284        TraceCheckUtils]: 65: Hoare quadruple {331#false} {331#false} #955#return; {331#false} is VALID
[2022-02-20 17:59:24,318 INFO  L290        TraceCheckUtils]: 66: Hoare triple {331#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {331#false} is VALID
[2022-02-20 17:59:24,319 INFO  L290        TraceCheckUtils]: 67: Hoare triple {331#false} assume 0 == sign_~privkey~0#1; {331#false} is VALID
[2022-02-20 17:59:24,319 INFO  L290        TraceCheckUtils]: 68: Hoare triple {331#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {331#false} is VALID
[2022-02-20 17:59:24,319 INFO  L290        TraceCheckUtils]: 69: Hoare triple {331#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {331#false} is VALID
[2022-02-20 17:59:24,319 INFO  L290        TraceCheckUtils]: 70: Hoare triple {331#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {331#false} is VALID
[2022-02-20 17:59:24,319 INFO  L272        TraceCheckUtils]: 71: Hoare triple {331#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {331#false} is VALID
[2022-02-20 17:59:24,320 INFO  L290        TraceCheckUtils]: 72: Hoare triple {331#false} ~handle := #in~handle;~value := #in~value; {331#false} is VALID
[2022-02-20 17:59:24,320 INFO  L290        TraceCheckUtils]: 73: Hoare triple {331#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {331#false} is VALID
[2022-02-20 17:59:24,320 INFO  L290        TraceCheckUtils]: 74: Hoare triple {331#false} assume true; {331#false} is VALID
[2022-02-20 17:59:24,320 INFO  L284        TraceCheckUtils]: 75: Hoare quadruple {331#false} {331#false} #957#return; {331#false} is VALID
[2022-02-20 17:59:24,320 INFO  L290        TraceCheckUtils]: 76: Hoare triple {331#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {331#false} is VALID
[2022-02-20 17:59:24,320 INFO  L272        TraceCheckUtils]: 77: Hoare triple {331#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {331#false} is VALID
[2022-02-20 17:59:24,320 INFO  L290        TraceCheckUtils]: 78: Hoare triple {331#false} ~handle := #in~handle;havoc ~retValue_acc~31; {331#false} is VALID
[2022-02-20 17:59:24,321 INFO  L290        TraceCheckUtils]: 79: Hoare triple {331#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {331#false} is VALID
[2022-02-20 17:59:24,321 INFO  L290        TraceCheckUtils]: 80: Hoare triple {331#false} assume true; {331#false} is VALID
[2022-02-20 17:59:24,321 INFO  L284        TraceCheckUtils]: 81: Hoare quadruple {331#false} {331#false} #959#return; {331#false} is VALID
[2022-02-20 17:59:24,321 INFO  L290        TraceCheckUtils]: 82: Hoare triple {331#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {331#false} is VALID
[2022-02-20 17:59:24,321 INFO  L290        TraceCheckUtils]: 83: Hoare triple {331#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {331#false} is VALID
[2022-02-20 17:59:24,321 INFO  L272        TraceCheckUtils]: 84: Hoare triple {331#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {331#false} is VALID
[2022-02-20 17:59:24,322 INFO  L290        TraceCheckUtils]: 85: Hoare triple {331#false} ~handle := #in~handle;havoc ~retValue_acc~9; {331#false} is VALID
[2022-02-20 17:59:24,322 INFO  L290        TraceCheckUtils]: 86: Hoare triple {331#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {331#false} is VALID
[2022-02-20 17:59:24,322 INFO  L290        TraceCheckUtils]: 87: Hoare triple {331#false} assume true; {331#false} is VALID
[2022-02-20 17:59:24,322 INFO  L284        TraceCheckUtils]: 88: Hoare quadruple {331#false} {331#false} #961#return; {331#false} is VALID
[2022-02-20 17:59:24,322 INFO  L290        TraceCheckUtils]: 89: Hoare triple {331#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {331#false} is VALID
[2022-02-20 17:59:24,322 INFO  L290        TraceCheckUtils]: 90: Hoare triple {331#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {331#false} is VALID
[2022-02-20 17:59:24,322 INFO  L290        TraceCheckUtils]: 91: Hoare triple {331#false} assume !false; {331#false} is VALID
[2022-02-20 17:59:24,323 INFO  L134       CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked.
[2022-02-20 17:59:24,323 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 17:59:24,323 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [994119196] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:24,323 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 17:59:24,324 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9
[2022-02-20 17:59:24,325 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1923528682]
[2022-02-20 17:59:24,326 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:24,329 INFO  L78                 Accepts]: Start accepts. Automaton has  has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 92
[2022-02-20 17:59:24,330 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:24,333 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:24,387 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:24,388 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 2 states
[2022-02-20 17:59:24,388 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:24,400 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants.
[2022-02-20 17:59:24,401 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 17:59:24,404 INFO  L87              Difference]: Start difference. First operand  has 327 states, 259 states have (on average 1.528957528957529) internal successors, (396), 261 states have internal predecessors, (396), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (48), 48 states have call predecessors, (48), 48 states have call successors, (48) Second operand  has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:24,720 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:24,720 INFO  L93              Difference]: Finished difference Result 495 states and 730 transitions.
[2022-02-20 17:59:24,720 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. 
[2022-02-20 17:59:24,721 INFO  L78                 Accepts]: Start accepts. Automaton has  has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 92
[2022-02-20 17:59:24,721 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 17:59:24,722 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:24,748 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 730 transitions.
[2022-02-20 17:59:24,748 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:24,768 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 730 transitions.
[2022-02-20 17:59:24,768 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 730 transitions.
[2022-02-20 17:59:25,246 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 730 edges. 730 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:25,265 INFO  L225             Difference]: With dead ends: 495
[2022-02-20 17:59:25,265 INFO  L226             Difference]: Without dead ends: 320
[2022-02-20 17:59:25,269 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 119 GetRequests, 112 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 17:59:25,271 INFO  L933         BasicCegarLoop]: 488 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 488 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 17:59:25,272 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 488 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 17:59:25,284 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 320 states.
[2022-02-20 17:59:25,304 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 320 to 320.
[2022-02-20 17:59:25,304 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 17:59:25,306 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 320 states. Second operand  has 320 states, 253 states have (on average 1.5217391304347827) internal successors, (385), 254 states have internal predecessors, (385), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47)
[2022-02-20 17:59:25,308 INFO  L74              IsIncluded]: Start isIncluded. First operand 320 states. Second operand  has 320 states, 253 states have (on average 1.5217391304347827) internal successors, (385), 254 states have internal predecessors, (385), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47)
[2022-02-20 17:59:25,312 INFO  L87              Difference]: Start difference. First operand 320 states. Second operand  has 320 states, 253 states have (on average 1.5217391304347827) internal successors, (385), 254 states have internal predecessors, (385), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47)
[2022-02-20 17:59:25,329 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:25,330 INFO  L93              Difference]: Finished difference Result 320 states and 480 transitions.
[2022-02-20 17:59:25,330 INFO  L276                IsEmpty]: Start isEmpty. Operand 320 states and 480 transitions.
[2022-02-20 17:59:25,332 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:25,332 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:25,334 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 320 states, 253 states have (on average 1.5217391304347827) internal successors, (385), 254 states have internal predecessors, (385), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47) Second operand 320 states.
[2022-02-20 17:59:25,336 INFO  L87              Difference]: Start difference. First operand  has 320 states, 253 states have (on average 1.5217391304347827) internal successors, (385), 254 states have internal predecessors, (385), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47) Second operand 320 states.
[2022-02-20 17:59:25,356 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:25,356 INFO  L93              Difference]: Finished difference Result 320 states and 480 transitions.
[2022-02-20 17:59:25,357 INFO  L276                IsEmpty]: Start isEmpty. Operand 320 states and 480 transitions.
[2022-02-20 17:59:25,358 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:25,358 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:25,358 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 17:59:25,358 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 17:59:25,360 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 320 states, 253 states have (on average 1.5217391304347827) internal successors, (385), 254 states have internal predecessors, (385), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47)
[2022-02-20 17:59:25,372 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 320 states to 320 states and 480 transitions.
[2022-02-20 17:59:25,374 INFO  L78                 Accepts]: Start accepts. Automaton has 320 states and 480 transitions. Word has length 92
[2022-02-20 17:59:25,374 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 17:59:25,374 INFO  L470      AbstractCegarLoop]: Abstraction has 320 states and 480 transitions.
[2022-02-20 17:59:25,375 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 2 states, 2 states have (on average 24.0) internal successors, (48), 2 states have internal predecessors, (48), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:25,375 INFO  L276                IsEmpty]: Start isEmpty. Operand 320 states and 480 transitions.
[2022-02-20 17:59:25,378 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 94
[2022-02-20 17:59:25,379 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:25,379 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:25,412 INFO  L540       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0
[2022-02-20 17:59:25,596 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0
[2022-02-20 17:59:25,597 INFO  L402      AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:25,597 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:25,597 INFO  L85        PathProgramCache]: Analyzing trace with hash 742003477, now seen corresponding path program 1 times
[2022-02-20 17:59:25,597 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:25,597 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [785616898]
[2022-02-20 17:59:25,597 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:25,597 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:25,627 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,675 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:25,677 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,683 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,683 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,684 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,684 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2449#true} #1007#return; {2449#true} is VALID
[2022-02-20 17:59:25,688 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:25,690 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,692 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,692 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,692 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,692 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2449#true} #1009#return; {2449#true} is VALID
[2022-02-20 17:59:25,692 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:25,694 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,706 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2502#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:25,706 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2502#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2503#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:25,707 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2503#(= |setClientId_#in~handle| 1)} assume true; {2503#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:25,707 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2503#(= |setClientId_#in~handle| 1)} {2459#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1011#return; {2450#false} is VALID
[2022-02-20 17:59:25,708 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24
[2022-02-20 17:59:25,709 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,712 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,712 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,712 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,712 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #1013#return; {2450#false} is VALID
[2022-02-20 17:59:25,712 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30
[2022-02-20 17:59:25,714 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,716 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,716 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,716 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,716 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #1015#return; {2450#false} is VALID
[2022-02-20 17:59:25,716 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36
[2022-02-20 17:59:25,719 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,721 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,721 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,721 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,721 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #1017#return; {2450#false} is VALID
[2022-02-20 17:59:25,745 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48
[2022-02-20 17:59:25,746 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,748 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2504#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,749 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,749 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,749 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #1001#return; {2450#false} is VALID
[2022-02-20 17:59:25,757 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53
[2022-02-20 17:59:25,758 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,760 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2505#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,760 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,761 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,761 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #1003#return; {2450#false} is VALID
[2022-02-20 17:59:25,761 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62
[2022-02-20 17:59:25,762 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,764 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2449#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2449#true} is VALID
[2022-02-20 17:59:25,764 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2449#true} is VALID
[2022-02-20 17:59:25,764 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,765 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #955#return; {2450#false} is VALID
[2022-02-20 17:59:25,765 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72
[2022-02-20 17:59:25,767 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,769 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2504#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,769 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,769 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,769 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #957#return; {2450#false} is VALID
[2022-02-20 17:59:25,769 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78
[2022-02-20 17:59:25,770 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,772 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2449#true} ~handle := #in~handle;havoc ~retValue_acc~31; {2449#true} is VALID
[2022-02-20 17:59:25,772 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {2449#true} is VALID
[2022-02-20 17:59:25,773 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,773 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #959#return; {2450#false} is VALID
[2022-02-20 17:59:25,773 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85
[2022-02-20 17:59:25,774 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:25,777 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2449#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2449#true} is VALID
[2022-02-20 17:59:25,777 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2449#true} is VALID
[2022-02-20 17:59:25,777 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,777 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {2449#true} {2450#false} #961#return; {2450#false} is VALID
[2022-02-20 17:59:25,778 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2449#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2449#true} is VALID
[2022-02-20 17:59:25,778 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {2449#true} is VALID
[2022-02-20 17:59:25,778 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2449#true} is VALID
[2022-02-20 17:59:25,778 INFO  L290        TraceCheckUtils]: 3: Hoare triple {2449#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {2449#true} is VALID
[2022-02-20 17:59:25,778 INFO  L290        TraceCheckUtils]: 4: Hoare triple {2449#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {2449#true} is VALID
[2022-02-20 17:59:25,778 INFO  L290        TraceCheckUtils]: 5: Hoare triple {2449#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2449#true} is VALID
[2022-02-20 17:59:25,780 INFO  L272        TraceCheckUtils]: 6: Hoare triple {2449#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:25,781 INFO  L290        TraceCheckUtils]: 7: Hoare triple {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,781 INFO  L290        TraceCheckUtils]: 8: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,781 INFO  L290        TraceCheckUtils]: 9: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,781 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {2449#true} {2449#true} #1007#return; {2449#true} is VALID
[2022-02-20 17:59:25,781 INFO  L290        TraceCheckUtils]: 11: Hoare triple {2449#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2449#true} is VALID
[2022-02-20 17:59:25,782 INFO  L272        TraceCheckUtils]: 12: Hoare triple {2449#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:25,782 INFO  L290        TraceCheckUtils]: 13: Hoare triple {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,782 INFO  L290        TraceCheckUtils]: 14: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,782 INFO  L290        TraceCheckUtils]: 15: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,782 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {2449#true} {2449#true} #1009#return; {2449#true} is VALID
[2022-02-20 17:59:25,783 INFO  L290        TraceCheckUtils]: 17: Hoare triple {2449#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2459#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID
[2022-02-20 17:59:25,783 INFO  L272        TraceCheckUtils]: 18: Hoare triple {2459#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:25,783 INFO  L290        TraceCheckUtils]: 19: Hoare triple {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2502#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:25,784 INFO  L290        TraceCheckUtils]: 20: Hoare triple {2502#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2503#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:25,784 INFO  L290        TraceCheckUtils]: 21: Hoare triple {2503#(= |setClientId_#in~handle| 1)} assume true; {2503#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:25,785 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {2503#(= |setClientId_#in~handle| 1)} {2459#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1011#return; {2450#false} is VALID
[2022-02-20 17:59:25,785 INFO  L290        TraceCheckUtils]: 23: Hoare triple {2450#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2450#false} is VALID
[2022-02-20 17:59:25,786 INFO  L272        TraceCheckUtils]: 24: Hoare triple {2450#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:25,786 INFO  L290        TraceCheckUtils]: 25: Hoare triple {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,786 INFO  L290        TraceCheckUtils]: 26: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,786 INFO  L290        TraceCheckUtils]: 27: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,786 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {2449#true} {2450#false} #1013#return; {2450#false} is VALID
[2022-02-20 17:59:25,786 INFO  L290        TraceCheckUtils]: 29: Hoare triple {2450#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2450#false} is VALID
[2022-02-20 17:59:25,786 INFO  L272        TraceCheckUtils]: 30: Hoare triple {2450#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:25,787 INFO  L290        TraceCheckUtils]: 31: Hoare triple {2500#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,787 INFO  L290        TraceCheckUtils]: 32: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,787 INFO  L290        TraceCheckUtils]: 33: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,787 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {2449#true} {2450#false} #1015#return; {2450#false} is VALID
[2022-02-20 17:59:25,787 INFO  L290        TraceCheckUtils]: 35: Hoare triple {2450#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2450#false} is VALID
[2022-02-20 17:59:25,787 INFO  L272        TraceCheckUtils]: 36: Hoare triple {2450#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:25,787 INFO  L290        TraceCheckUtils]: 37: Hoare triple {2501#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,787 INFO  L290        TraceCheckUtils]: 38: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,787 INFO  L290        TraceCheckUtils]: 39: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,788 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {2449#true} {2450#false} #1017#return; {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 41: Hoare triple {2450#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 42: Hoare triple {2450#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 43: Hoare triple {2450#false} assume !false; {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 44: Hoare triple {2450#false} assume !(test_~splverifierCounter~0#1 < 4); {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 45: Hoare triple {2450#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L272        TraceCheckUtils]: 46: Hoare triple {2450#false} call sendEmail(~bob~0, ~rjh~0); {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 47: Hoare triple {2450#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L272        TraceCheckUtils]: 48: Hoare triple {2450#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2504#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 49: Hoare triple {2504#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 50: Hoare triple {2449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 51: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,788 INFO  L284        TraceCheckUtils]: 52: Hoare quadruple {2449#true} {2450#false} #1001#return; {2450#false} is VALID
[2022-02-20 17:59:25,788 INFO  L272        TraceCheckUtils]: 53: Hoare triple {2450#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2505#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 54: Hoare triple {2505#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,788 INFO  L290        TraceCheckUtils]: 55: Hoare triple {2449#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 56: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,789 INFO  L284        TraceCheckUtils]: 57: Hoare quadruple {2449#true} {2450#false} #1003#return; {2450#false} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 58: Hoare triple {2450#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {2450#false} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 59: Hoare triple {2450#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {2450#false} is VALID
[2022-02-20 17:59:25,789 INFO  L272        TraceCheckUtils]: 60: Hoare triple {2450#false} call outgoing(~sender#1, ~email~0#1); {2450#false} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 61: Hoare triple {2450#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {2450#false} is VALID
[2022-02-20 17:59:25,789 INFO  L272        TraceCheckUtils]: 62: Hoare triple {2450#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {2449#true} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 63: Hoare triple {2449#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2449#true} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 64: Hoare triple {2449#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2449#true} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 65: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,789 INFO  L284        TraceCheckUtils]: 66: Hoare quadruple {2449#true} {2450#false} #955#return; {2450#false} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 67: Hoare triple {2450#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {2450#false} is VALID
[2022-02-20 17:59:25,789 INFO  L290        TraceCheckUtils]: 68: Hoare triple {2450#false} assume 0 == sign_~privkey~0#1; {2450#false} is VALID
[2022-02-20 17:59:25,790 INFO  L290        TraceCheckUtils]: 69: Hoare triple {2450#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2450#false} is VALID
[2022-02-20 17:59:25,790 INFO  L290        TraceCheckUtils]: 70: Hoare triple {2450#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2450#false} is VALID
[2022-02-20 17:59:25,790 INFO  L290        TraceCheckUtils]: 71: Hoare triple {2450#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {2450#false} is VALID
[2022-02-20 17:59:25,790 INFO  L272        TraceCheckUtils]: 72: Hoare triple {2450#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {2504#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:25,790 INFO  L290        TraceCheckUtils]: 73: Hoare triple {2504#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:25,790 INFO  L290        TraceCheckUtils]: 74: Hoare triple {2449#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:25,790 INFO  L290        TraceCheckUtils]: 75: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,790 INFO  L284        TraceCheckUtils]: 76: Hoare quadruple {2449#true} {2450#false} #957#return; {2450#false} is VALID
[2022-02-20 17:59:25,791 INFO  L290        TraceCheckUtils]: 77: Hoare triple {2450#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {2450#false} is VALID
[2022-02-20 17:59:25,791 INFO  L272        TraceCheckUtils]: 78: Hoare triple {2450#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {2449#true} is VALID
[2022-02-20 17:59:25,791 INFO  L290        TraceCheckUtils]: 79: Hoare triple {2449#true} ~handle := #in~handle;havoc ~retValue_acc~31; {2449#true} is VALID
[2022-02-20 17:59:25,791 INFO  L290        TraceCheckUtils]: 80: Hoare triple {2449#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {2449#true} is VALID
[2022-02-20 17:59:25,791 INFO  L290        TraceCheckUtils]: 81: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,791 INFO  L284        TraceCheckUtils]: 82: Hoare quadruple {2449#true} {2450#false} #959#return; {2450#false} is VALID
[2022-02-20 17:59:25,791 INFO  L290        TraceCheckUtils]: 83: Hoare triple {2450#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {2450#false} is VALID
[2022-02-20 17:59:25,791 INFO  L290        TraceCheckUtils]: 84: Hoare triple {2450#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {2450#false} is VALID
[2022-02-20 17:59:25,792 INFO  L272        TraceCheckUtils]: 85: Hoare triple {2450#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {2449#true} is VALID
[2022-02-20 17:59:25,792 INFO  L290        TraceCheckUtils]: 86: Hoare triple {2449#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2449#true} is VALID
[2022-02-20 17:59:25,792 INFO  L290        TraceCheckUtils]: 87: Hoare triple {2449#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2449#true} is VALID
[2022-02-20 17:59:25,792 INFO  L290        TraceCheckUtils]: 88: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:25,792 INFO  L284        TraceCheckUtils]: 89: Hoare quadruple {2449#true} {2450#false} #961#return; {2450#false} is VALID
[2022-02-20 17:59:25,792 INFO  L290        TraceCheckUtils]: 90: Hoare triple {2450#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {2450#false} is VALID
[2022-02-20 17:59:25,792 INFO  L290        TraceCheckUtils]: 91: Hoare triple {2450#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {2450#false} is VALID
[2022-02-20 17:59:25,792 INFO  L290        TraceCheckUtils]: 92: Hoare triple {2450#false} assume !false; {2450#false} is VALID
[2022-02-20 17:59:25,793 INFO  L134       CoverageAnalysis]: Checked inductivity of 32 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked.
[2022-02-20 17:59:25,793 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:25,793 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [785616898]
[2022-02-20 17:59:25,793 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [785616898] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 17:59:25,793 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [11585362]
[2022-02-20 17:59:25,793 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:25,794 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 17:59:25,794 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 17:59:25,795 INFO  L229       MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 17:59:25,796 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process
[2022-02-20 17:59:26,035 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:26,038 INFO  L263         TraceCheckSpWp]: Trace formula consists of 968 conjuncts, 2 conjunts are in the unsatisfiable core
[2022-02-20 17:59:26,066 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:26,069 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 17:59:26,234 INFO  L290        TraceCheckUtils]: 0: Hoare triple {2449#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2449#true} is VALID
[2022-02-20 17:59:26,235 INFO  L290        TraceCheckUtils]: 1: Hoare triple {2449#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {2449#true} is VALID
[2022-02-20 17:59:26,235 INFO  L290        TraceCheckUtils]: 2: Hoare triple {2449#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2449#true} is VALID
[2022-02-20 17:59:26,235 INFO  L290        TraceCheckUtils]: 3: Hoare triple {2449#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {2449#true} is VALID
[2022-02-20 17:59:26,235 INFO  L290        TraceCheckUtils]: 4: Hoare triple {2449#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {2449#true} is VALID
[2022-02-20 17:59:26,235 INFO  L290        TraceCheckUtils]: 5: Hoare triple {2449#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2449#true} is VALID
[2022-02-20 17:59:26,235 INFO  L272        TraceCheckUtils]: 6: Hoare triple {2449#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2449#true} is VALID
[2022-02-20 17:59:26,235 INFO  L290        TraceCheckUtils]: 7: Hoare triple {2449#true} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:26,235 INFO  L290        TraceCheckUtils]: 8: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L290        TraceCheckUtils]: 9: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {2449#true} {2449#true} #1007#return; {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L290        TraceCheckUtils]: 11: Hoare triple {2449#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L272        TraceCheckUtils]: 12: Hoare triple {2449#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L290        TraceCheckUtils]: 13: Hoare triple {2449#true} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L290        TraceCheckUtils]: 14: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L290        TraceCheckUtils]: 15: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {2449#true} {2449#true} #1009#return; {2449#true} is VALID
[2022-02-20 17:59:26,236 INFO  L290        TraceCheckUtils]: 17: Hoare triple {2449#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2449#true} is VALID
[2022-02-20 17:59:26,237 INFO  L272        TraceCheckUtils]: 18: Hoare triple {2449#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2449#true} is VALID
[2022-02-20 17:59:26,237 INFO  L290        TraceCheckUtils]: 19: Hoare triple {2449#true} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:26,237 INFO  L290        TraceCheckUtils]: 20: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:26,237 INFO  L290        TraceCheckUtils]: 21: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:26,237 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {2449#true} {2449#true} #1011#return; {2449#true} is VALID
[2022-02-20 17:59:26,237 INFO  L290        TraceCheckUtils]: 23: Hoare triple {2449#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2449#true} is VALID
[2022-02-20 17:59:26,237 INFO  L272        TraceCheckUtils]: 24: Hoare triple {2449#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2449#true} is VALID
[2022-02-20 17:59:26,237 INFO  L290        TraceCheckUtils]: 25: Hoare triple {2449#true} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:26,238 INFO  L290        TraceCheckUtils]: 26: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:26,238 INFO  L290        TraceCheckUtils]: 27: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:26,238 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {2449#true} {2449#true} #1013#return; {2449#true} is VALID
[2022-02-20 17:59:26,238 INFO  L290        TraceCheckUtils]: 29: Hoare triple {2449#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2449#true} is VALID
[2022-02-20 17:59:26,238 INFO  L272        TraceCheckUtils]: 30: Hoare triple {2449#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2449#true} is VALID
[2022-02-20 17:59:26,238 INFO  L290        TraceCheckUtils]: 31: Hoare triple {2449#true} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:26,238 INFO  L290        TraceCheckUtils]: 32: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:26,238 INFO  L290        TraceCheckUtils]: 33: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:26,239 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {2449#true} {2449#true} #1015#return; {2449#true} is VALID
[2022-02-20 17:59:26,239 INFO  L290        TraceCheckUtils]: 35: Hoare triple {2449#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2449#true} is VALID
[2022-02-20 17:59:26,239 INFO  L272        TraceCheckUtils]: 36: Hoare triple {2449#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2449#true} is VALID
[2022-02-20 17:59:26,239 INFO  L290        TraceCheckUtils]: 37: Hoare triple {2449#true} ~handle := #in~handle;~value := #in~value; {2449#true} is VALID
[2022-02-20 17:59:26,239 INFO  L290        TraceCheckUtils]: 38: Hoare triple {2449#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2449#true} is VALID
[2022-02-20 17:59:26,239 INFO  L290        TraceCheckUtils]: 39: Hoare triple {2449#true} assume true; {2449#true} is VALID
[2022-02-20 17:59:26,239 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {2449#true} {2449#true} #1017#return; {2449#true} is VALID
[2022-02-20 17:59:26,239 INFO  L290        TraceCheckUtils]: 41: Hoare triple {2449#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {2449#true} is VALID
[2022-02-20 17:59:26,240 INFO  L290        TraceCheckUtils]: 42: Hoare triple {2449#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2635#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID
[2022-02-20 17:59:26,240 INFO  L290        TraceCheckUtils]: 43: Hoare triple {2635#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2635#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID
[2022-02-20 17:59:26,241 INFO  L290        TraceCheckUtils]: 44: Hoare triple {2635#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2450#false} is VALID
[2022-02-20 17:59:26,241 INFO  L290        TraceCheckUtils]: 45: Hoare triple {2450#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {2450#false} is VALID
[2022-02-20 17:59:26,241 INFO  L272        TraceCheckUtils]: 46: Hoare triple {2450#false} call sendEmail(~bob~0, ~rjh~0); {2450#false} is VALID
[2022-02-20 17:59:26,241 INFO  L290        TraceCheckUtils]: 47: Hoare triple {2450#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2450#false} is VALID
[2022-02-20 17:59:26,241 INFO  L272        TraceCheckUtils]: 48: Hoare triple {2450#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2450#false} is VALID
[2022-02-20 17:59:26,241 INFO  L290        TraceCheckUtils]: 49: Hoare triple {2450#false} ~handle := #in~handle;~value := #in~value; {2450#false} is VALID
[2022-02-20 17:59:26,241 INFO  L290        TraceCheckUtils]: 50: Hoare triple {2450#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2450#false} is VALID
[2022-02-20 17:59:26,241 INFO  L290        TraceCheckUtils]: 51: Hoare triple {2450#false} assume true; {2450#false} is VALID
[2022-02-20 17:59:26,241 INFO  L284        TraceCheckUtils]: 52: Hoare quadruple {2450#false} {2450#false} #1001#return; {2450#false} is VALID
[2022-02-20 17:59:26,242 INFO  L272        TraceCheckUtils]: 53: Hoare triple {2450#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2450#false} is VALID
[2022-02-20 17:59:26,242 INFO  L290        TraceCheckUtils]: 54: Hoare triple {2450#false} ~handle := #in~handle;~value := #in~value; {2450#false} is VALID
[2022-02-20 17:59:26,242 INFO  L290        TraceCheckUtils]: 55: Hoare triple {2450#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2450#false} is VALID
[2022-02-20 17:59:26,242 INFO  L290        TraceCheckUtils]: 56: Hoare triple {2450#false} assume true; {2450#false} is VALID
[2022-02-20 17:59:26,242 INFO  L284        TraceCheckUtils]: 57: Hoare quadruple {2450#false} {2450#false} #1003#return; {2450#false} is VALID
[2022-02-20 17:59:26,242 INFO  L290        TraceCheckUtils]: 58: Hoare triple {2450#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {2450#false} is VALID
[2022-02-20 17:59:26,242 INFO  L290        TraceCheckUtils]: 59: Hoare triple {2450#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {2450#false} is VALID
[2022-02-20 17:59:26,242 INFO  L272        TraceCheckUtils]: 60: Hoare triple {2450#false} call outgoing(~sender#1, ~email~0#1); {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L290        TraceCheckUtils]: 61: Hoare triple {2450#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L272        TraceCheckUtils]: 62: Hoare triple {2450#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L290        TraceCheckUtils]: 63: Hoare triple {2450#false} ~handle := #in~handle;havoc ~retValue_acc~9; {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L290        TraceCheckUtils]: 64: Hoare triple {2450#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L290        TraceCheckUtils]: 65: Hoare triple {2450#false} assume true; {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L284        TraceCheckUtils]: 66: Hoare quadruple {2450#false} {2450#false} #955#return; {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L290        TraceCheckUtils]: 67: Hoare triple {2450#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L290        TraceCheckUtils]: 68: Hoare triple {2450#false} assume 0 == sign_~privkey~0#1; {2450#false} is VALID
[2022-02-20 17:59:26,243 INFO  L290        TraceCheckUtils]: 69: Hoare triple {2450#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2450#false} is VALID
[2022-02-20 17:59:26,244 INFO  L290        TraceCheckUtils]: 70: Hoare triple {2450#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2450#false} is VALID
[2022-02-20 17:59:26,244 INFO  L290        TraceCheckUtils]: 71: Hoare triple {2450#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {2450#false} is VALID
[2022-02-20 17:59:26,244 INFO  L272        TraceCheckUtils]: 72: Hoare triple {2450#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {2450#false} is VALID
[2022-02-20 17:59:26,244 INFO  L290        TraceCheckUtils]: 73: Hoare triple {2450#false} ~handle := #in~handle;~value := #in~value; {2450#false} is VALID
[2022-02-20 17:59:26,244 INFO  L290        TraceCheckUtils]: 74: Hoare triple {2450#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2450#false} is VALID
[2022-02-20 17:59:26,244 INFO  L290        TraceCheckUtils]: 75: Hoare triple {2450#false} assume true; {2450#false} is VALID
[2022-02-20 17:59:26,244 INFO  L284        TraceCheckUtils]: 76: Hoare quadruple {2450#false} {2450#false} #957#return; {2450#false} is VALID
[2022-02-20 17:59:26,244 INFO  L290        TraceCheckUtils]: 77: Hoare triple {2450#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L272        TraceCheckUtils]: 78: Hoare triple {2450#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L290        TraceCheckUtils]: 79: Hoare triple {2450#false} ~handle := #in~handle;havoc ~retValue_acc~31; {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L290        TraceCheckUtils]: 80: Hoare triple {2450#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L290        TraceCheckUtils]: 81: Hoare triple {2450#false} assume true; {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L284        TraceCheckUtils]: 82: Hoare quadruple {2450#false} {2450#false} #959#return; {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L290        TraceCheckUtils]: 83: Hoare triple {2450#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L290        TraceCheckUtils]: 84: Hoare triple {2450#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L272        TraceCheckUtils]: 85: Hoare triple {2450#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {2450#false} is VALID
[2022-02-20 17:59:26,245 INFO  L290        TraceCheckUtils]: 86: Hoare triple {2450#false} ~handle := #in~handle;havoc ~retValue_acc~9; {2450#false} is VALID
[2022-02-20 17:59:26,246 INFO  L290        TraceCheckUtils]: 87: Hoare triple {2450#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2450#false} is VALID
[2022-02-20 17:59:26,246 INFO  L290        TraceCheckUtils]: 88: Hoare triple {2450#false} assume true; {2450#false} is VALID
[2022-02-20 17:59:26,246 INFO  L284        TraceCheckUtils]: 89: Hoare quadruple {2450#false} {2450#false} #961#return; {2450#false} is VALID
[2022-02-20 17:59:26,246 INFO  L290        TraceCheckUtils]: 90: Hoare triple {2450#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {2450#false} is VALID
[2022-02-20 17:59:26,246 INFO  L290        TraceCheckUtils]: 91: Hoare triple {2450#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {2450#false} is VALID
[2022-02-20 17:59:26,246 INFO  L290        TraceCheckUtils]: 92: Hoare triple {2450#false} assume !false; {2450#false} is VALID
[2022-02-20 17:59:26,246 INFO  L134       CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked.
[2022-02-20 17:59:26,247 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 17:59:26,247 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [11585362] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:26,247 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 17:59:26,247 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10
[2022-02-20 17:59:26,247 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1150733119]
[2022-02-20 17:59:26,247 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:26,248 INFO  L78                 Accepts]: Start accepts. Automaton has  has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 93
[2022-02-20 17:59:26,249 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:26,249 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:26,293 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 75 edges. 75 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:26,293 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 3 states
[2022-02-20 17:59:26,294 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:26,294 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants.
[2022-02-20 17:59:26,294 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90
[2022-02-20 17:59:26,294 INFO  L87              Difference]: Start difference. First operand 320 states and 480 transitions. Second operand  has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:26,680 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:26,680 INFO  L93              Difference]: Finished difference Result 485 states and 711 transitions.
[2022-02-20 17:59:26,680 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. 
[2022-02-20 17:59:26,680 INFO  L78                 Accepts]: Start accepts. Automaton has  has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 93
[2022-02-20 17:59:26,681 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 17:59:26,681 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:26,689 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 711 transitions.
[2022-02-20 17:59:26,689 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:26,697 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 711 transitions.
[2022-02-20 17:59:26,697 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 711 transitions.
[2022-02-20 17:59:27,137 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 711 edges. 711 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:27,157 INFO  L225             Difference]: With dead ends: 485
[2022-02-20 17:59:27,157 INFO  L226             Difference]: Without dead ends: 323
[2022-02-20 17:59:27,160 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 120 GetRequests, 112 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90
[2022-02-20 17:59:27,161 INFO  L933         BasicCegarLoop]: 478 mSDtfsCounter, 1 mSDsluCounter, 476 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 954 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 17:59:27,162 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 954 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 17:59:27,164 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 323 states.
[2022-02-20 17:59:27,189 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 323 to 322.
[2022-02-20 17:59:27,191 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 17:59:27,192 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 323 states. Second operand  has 322 states, 255 states have (on average 1.5176470588235293) internal successors, (387), 256 states have internal predecessors, (387), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47)
[2022-02-20 17:59:27,193 INFO  L74              IsIncluded]: Start isIncluded. First operand 323 states. Second operand  has 322 states, 255 states have (on average 1.5176470588235293) internal successors, (387), 256 states have internal predecessors, (387), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47)
[2022-02-20 17:59:27,193 INFO  L87              Difference]: Start difference. First operand 323 states. Second operand  has 322 states, 255 states have (on average 1.5176470588235293) internal successors, (387), 256 states have internal predecessors, (387), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47)
[2022-02-20 17:59:27,206 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:27,206 INFO  L93              Difference]: Finished difference Result 323 states and 483 transitions.
[2022-02-20 17:59:27,206 INFO  L276                IsEmpty]: Start isEmpty. Operand 323 states and 483 transitions.
[2022-02-20 17:59:27,209 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:27,209 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:27,210 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 322 states, 255 states have (on average 1.5176470588235293) internal successors, (387), 256 states have internal predecessors, (387), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47) Second operand 323 states.
[2022-02-20 17:59:27,212 INFO  L87              Difference]: Start difference. First operand  has 322 states, 255 states have (on average 1.5176470588235293) internal successors, (387), 256 states have internal predecessors, (387), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47) Second operand 323 states.
[2022-02-20 17:59:27,226 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:27,227 INFO  L93              Difference]: Finished difference Result 323 states and 483 transitions.
[2022-02-20 17:59:27,227 INFO  L276                IsEmpty]: Start isEmpty. Operand 323 states and 483 transitions.
[2022-02-20 17:59:27,228 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:27,228 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:27,228 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 17:59:27,228 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 17:59:27,229 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 322 states, 255 states have (on average 1.5176470588235293) internal successors, (387), 256 states have internal predecessors, (387), 48 states have call successors, (48), 18 states have call predecessors, (48), 18 states have return successors, (47), 47 states have call predecessors, (47), 47 states have call successors, (47)
[2022-02-20 17:59:27,248 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 322 states to 322 states and 482 transitions.
[2022-02-20 17:59:27,249 INFO  L78                 Accepts]: Start accepts. Automaton has 322 states and 482 transitions. Word has length 93
[2022-02-20 17:59:27,249 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 17:59:27,249 INFO  L470      AbstractCegarLoop]: Abstraction has 322 states and 482 transitions.
[2022-02-20 17:59:27,249 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 3 states, 3 states have (on average 16.333333333333332) internal successors, (49), 3 states have internal predecessors, (49), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:27,249 INFO  L276                IsEmpty]: Start isEmpty. Operand 322 states and 482 transitions.
[2022-02-20 17:59:27,253 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 103
[2022-02-20 17:59:27,253 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:27,253 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:27,275 INFO  L540       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0
[2022-02-20 17:59:27,467 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1
[2022-02-20 17:59:27,468 INFO  L402      AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:27,468 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:27,468 INFO  L85        PathProgramCache]: Analyzing trace with hash 301090512, now seen corresponding path program 1 times
[2022-02-20 17:59:27,468 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:27,468 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1254405009]
[2022-02-20 17:59:27,468 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:27,468 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:27,507 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,550 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:27,551 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,554 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,554 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,554 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,554 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4565#true} #1007#return; {4565#true} is VALID
[2022-02-20 17:59:27,559 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:27,560 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,562 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,562 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,562 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,562 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4565#true} #1009#return; {4565#true} is VALID
[2022-02-20 17:59:27,563 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:27,564 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,580 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4618#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:27,580 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4618#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4619#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:27,580 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4619#(= |setClientId_#in~handle| 1)} assume true; {4619#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:27,581 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4619#(= |setClientId_#in~handle| 1)} {4575#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1011#return; {4566#false} is VALID
[2022-02-20 17:59:27,581 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24
[2022-02-20 17:59:27,582 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,584 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,584 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,584 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,585 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #1013#return; {4566#false} is VALID
[2022-02-20 17:59:27,585 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30
[2022-02-20 17:59:27,586 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,589 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,589 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,589 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,590 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #1015#return; {4566#false} is VALID
[2022-02-20 17:59:27,590 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36
[2022-02-20 17:59:27,592 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,594 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,594 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,594 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,594 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #1017#return; {4566#false} is VALID
[2022-02-20 17:59:27,601 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57
[2022-02-20 17:59:27,602 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,605 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4620#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,605 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,605 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,605 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #1001#return; {4566#false} is VALID
[2022-02-20 17:59:27,611 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62
[2022-02-20 17:59:27,613 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,615 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4621#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,615 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,616 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,616 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #1003#return; {4566#false} is VALID
[2022-02-20 17:59:27,616 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71
[2022-02-20 17:59:27,617 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,618 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4565#true} ~handle := #in~handle;havoc ~retValue_acc~9; {4565#true} is VALID
[2022-02-20 17:59:27,618 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4565#true} is VALID
[2022-02-20 17:59:27,618 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,618 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #955#return; {4566#false} is VALID
[2022-02-20 17:59:27,619 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81
[2022-02-20 17:59:27,619 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,621 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4620#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,621 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,621 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,621 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #957#return; {4566#false} is VALID
[2022-02-20 17:59:27,621 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87
[2022-02-20 17:59:27,622 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,624 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4565#true} ~handle := #in~handle;havoc ~retValue_acc~31; {4565#true} is VALID
[2022-02-20 17:59:27,624 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {4565#true} is VALID
[2022-02-20 17:59:27,624 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,624 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #959#return; {4566#false} is VALID
[2022-02-20 17:59:27,624 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94
[2022-02-20 17:59:27,625 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,629 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4565#true} ~handle := #in~handle;havoc ~retValue_acc~9; {4565#true} is VALID
[2022-02-20 17:59:27,629 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4565#true} is VALID
[2022-02-20 17:59:27,629 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,629 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {4565#true} {4566#false} #961#return; {4566#false} is VALID
[2022-02-20 17:59:27,630 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4565#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4565#true} is VALID
[2022-02-20 17:59:27,630 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {4565#true} is VALID
[2022-02-20 17:59:27,630 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4565#true} is VALID
[2022-02-20 17:59:27,630 INFO  L290        TraceCheckUtils]: 3: Hoare triple {4565#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {4565#true} is VALID
[2022-02-20 17:59:27,630 INFO  L290        TraceCheckUtils]: 4: Hoare triple {4565#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {4565#true} is VALID
[2022-02-20 17:59:27,630 INFO  L290        TraceCheckUtils]: 5: Hoare triple {4565#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4565#true} is VALID
[2022-02-20 17:59:27,631 INFO  L272        TraceCheckUtils]: 6: Hoare triple {4565#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:27,631 INFO  L290        TraceCheckUtils]: 7: Hoare triple {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,631 INFO  L290        TraceCheckUtils]: 8: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,631 INFO  L290        TraceCheckUtils]: 9: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,632 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {4565#true} {4565#true} #1007#return; {4565#true} is VALID
[2022-02-20 17:59:27,632 INFO  L290        TraceCheckUtils]: 11: Hoare triple {4565#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4565#true} is VALID
[2022-02-20 17:59:27,632 INFO  L272        TraceCheckUtils]: 12: Hoare triple {4565#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:27,632 INFO  L290        TraceCheckUtils]: 13: Hoare triple {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,632 INFO  L290        TraceCheckUtils]: 14: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,633 INFO  L290        TraceCheckUtils]: 15: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,633 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {4565#true} {4565#true} #1009#return; {4565#true} is VALID
[2022-02-20 17:59:27,634 INFO  L290        TraceCheckUtils]: 17: Hoare triple {4565#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4575#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID
[2022-02-20 17:59:27,634 INFO  L272        TraceCheckUtils]: 18: Hoare triple {4575#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:27,635 INFO  L290        TraceCheckUtils]: 19: Hoare triple {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4618#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:27,635 INFO  L290        TraceCheckUtils]: 20: Hoare triple {4618#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4619#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:27,635 INFO  L290        TraceCheckUtils]: 21: Hoare triple {4619#(= |setClientId_#in~handle| 1)} assume true; {4619#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:27,636 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {4619#(= |setClientId_#in~handle| 1)} {4575#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1011#return; {4566#false} is VALID
[2022-02-20 17:59:27,636 INFO  L290        TraceCheckUtils]: 23: Hoare triple {4566#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4566#false} is VALID
[2022-02-20 17:59:27,636 INFO  L272        TraceCheckUtils]: 24: Hoare triple {4566#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:27,636 INFO  L290        TraceCheckUtils]: 25: Hoare triple {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,636 INFO  L290        TraceCheckUtils]: 26: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,636 INFO  L290        TraceCheckUtils]: 27: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,636 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {4565#true} {4566#false} #1013#return; {4566#false} is VALID
[2022-02-20 17:59:27,636 INFO  L290        TraceCheckUtils]: 29: Hoare triple {4566#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4566#false} is VALID
[2022-02-20 17:59:27,636 INFO  L272        TraceCheckUtils]: 30: Hoare triple {4566#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:27,637 INFO  L290        TraceCheckUtils]: 31: Hoare triple {4616#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,637 INFO  L290        TraceCheckUtils]: 32: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,637 INFO  L290        TraceCheckUtils]: 33: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,637 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {4565#true} {4566#false} #1015#return; {4566#false} is VALID
[2022-02-20 17:59:27,637 INFO  L290        TraceCheckUtils]: 35: Hoare triple {4566#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4566#false} is VALID
[2022-02-20 17:59:27,637 INFO  L272        TraceCheckUtils]: 36: Hoare triple {4566#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:27,637 INFO  L290        TraceCheckUtils]: 37: Hoare triple {4617#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,637 INFO  L290        TraceCheckUtils]: 38: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,637 INFO  L290        TraceCheckUtils]: 39: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,638 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {4565#true} {4566#false} #1017#return; {4566#false} is VALID
[2022-02-20 17:59:27,638 INFO  L290        TraceCheckUtils]: 41: Hoare triple {4566#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {4566#false} is VALID
[2022-02-20 17:59:27,638 INFO  L290        TraceCheckUtils]: 42: Hoare triple {4566#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4566#false} is VALID
[2022-02-20 17:59:27,638 INFO  L290        TraceCheckUtils]: 43: Hoare triple {4566#false} assume !false; {4566#false} is VALID
[2022-02-20 17:59:27,638 INFO  L290        TraceCheckUtils]: 44: Hoare triple {4566#false} assume test_~splverifierCounter~0#1 < 4; {4566#false} is VALID
[2022-02-20 17:59:27,638 INFO  L290        TraceCheckUtils]: 45: Hoare triple {4566#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4566#false} is VALID
[2022-02-20 17:59:27,638 INFO  L290        TraceCheckUtils]: 46: Hoare triple {4566#false} assume !(0 == test_~op1~0#1); {4566#false} is VALID
[2022-02-20 17:59:27,638 INFO  L290        TraceCheckUtils]: 47: Hoare triple {4566#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 48: Hoare triple {4566#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 49: Hoare triple {4566#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 50: Hoare triple {4566#false} assume { :end_inline_setClientAutoResponse } true; {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 51: Hoare triple {4566#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 52: Hoare triple {4566#false} assume !false; {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 53: Hoare triple {4566#false} assume !(test_~splverifierCounter~0#1 < 4); {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 54: Hoare triple {4566#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L272        TraceCheckUtils]: 55: Hoare triple {4566#false} call sendEmail(~bob~0, ~rjh~0); {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 56: Hoare triple {4566#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4566#false} is VALID
[2022-02-20 17:59:27,639 INFO  L272        TraceCheckUtils]: 57: Hoare triple {4566#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4620#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:27,639 INFO  L290        TraceCheckUtils]: 58: Hoare triple {4620#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,640 INFO  L290        TraceCheckUtils]: 59: Hoare triple {4565#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,640 INFO  L290        TraceCheckUtils]: 60: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,640 INFO  L284        TraceCheckUtils]: 61: Hoare quadruple {4565#true} {4566#false} #1001#return; {4566#false} is VALID
[2022-02-20 17:59:27,640 INFO  L272        TraceCheckUtils]: 62: Hoare triple {4566#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4621#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:27,640 INFO  L290        TraceCheckUtils]: 63: Hoare triple {4621#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,640 INFO  L290        TraceCheckUtils]: 64: Hoare triple {4565#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,640 INFO  L290        TraceCheckUtils]: 65: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,640 INFO  L284        TraceCheckUtils]: 66: Hoare quadruple {4565#true} {4566#false} #1003#return; {4566#false} is VALID
[2022-02-20 17:59:27,640 INFO  L290        TraceCheckUtils]: 67: Hoare triple {4566#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {4566#false} is VALID
[2022-02-20 17:59:27,641 INFO  L290        TraceCheckUtils]: 68: Hoare triple {4566#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {4566#false} is VALID
[2022-02-20 17:59:27,641 INFO  L272        TraceCheckUtils]: 69: Hoare triple {4566#false} call outgoing(~sender#1, ~email~0#1); {4566#false} is VALID
[2022-02-20 17:59:27,641 INFO  L290        TraceCheckUtils]: 70: Hoare triple {4566#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {4566#false} is VALID
[2022-02-20 17:59:27,641 INFO  L272        TraceCheckUtils]: 71: Hoare triple {4566#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {4565#true} is VALID
[2022-02-20 17:59:27,641 INFO  L290        TraceCheckUtils]: 72: Hoare triple {4565#true} ~handle := #in~handle;havoc ~retValue_acc~9; {4565#true} is VALID
[2022-02-20 17:59:27,641 INFO  L290        TraceCheckUtils]: 73: Hoare triple {4565#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4565#true} is VALID
[2022-02-20 17:59:27,641 INFO  L290        TraceCheckUtils]: 74: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,641 INFO  L284        TraceCheckUtils]: 75: Hoare quadruple {4565#true} {4566#false} #955#return; {4566#false} is VALID
[2022-02-20 17:59:27,641 INFO  L290        TraceCheckUtils]: 76: Hoare triple {4566#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {4566#false} is VALID
[2022-02-20 17:59:27,642 INFO  L290        TraceCheckUtils]: 77: Hoare triple {4566#false} assume 0 == sign_~privkey~0#1; {4566#false} is VALID
[2022-02-20 17:59:27,642 INFO  L290        TraceCheckUtils]: 78: Hoare triple {4566#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {4566#false} is VALID
[2022-02-20 17:59:27,642 INFO  L290        TraceCheckUtils]: 79: Hoare triple {4566#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {4566#false} is VALID
[2022-02-20 17:59:27,642 INFO  L290        TraceCheckUtils]: 80: Hoare triple {4566#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {4566#false} is VALID
[2022-02-20 17:59:27,642 INFO  L272        TraceCheckUtils]: 81: Hoare triple {4566#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {4620#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:27,642 INFO  L290        TraceCheckUtils]: 82: Hoare triple {4620#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:27,642 INFO  L290        TraceCheckUtils]: 83: Hoare triple {4565#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:27,642 INFO  L290        TraceCheckUtils]: 84: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,642 INFO  L284        TraceCheckUtils]: 85: Hoare quadruple {4565#true} {4566#false} #957#return; {4566#false} is VALID
[2022-02-20 17:59:27,643 INFO  L290        TraceCheckUtils]: 86: Hoare triple {4566#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {4566#false} is VALID
[2022-02-20 17:59:27,643 INFO  L272        TraceCheckUtils]: 87: Hoare triple {4566#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {4565#true} is VALID
[2022-02-20 17:59:27,643 INFO  L290        TraceCheckUtils]: 88: Hoare triple {4565#true} ~handle := #in~handle;havoc ~retValue_acc~31; {4565#true} is VALID
[2022-02-20 17:59:27,643 INFO  L290        TraceCheckUtils]: 89: Hoare triple {4565#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {4565#true} is VALID
[2022-02-20 17:59:27,643 INFO  L290        TraceCheckUtils]: 90: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,643 INFO  L284        TraceCheckUtils]: 91: Hoare quadruple {4565#true} {4566#false} #959#return; {4566#false} is VALID
[2022-02-20 17:59:27,643 INFO  L290        TraceCheckUtils]: 92: Hoare triple {4566#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {4566#false} is VALID
[2022-02-20 17:59:27,643 INFO  L290        TraceCheckUtils]: 93: Hoare triple {4566#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {4566#false} is VALID
[2022-02-20 17:59:27,643 INFO  L272        TraceCheckUtils]: 94: Hoare triple {4566#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {4565#true} is VALID
[2022-02-20 17:59:27,644 INFO  L290        TraceCheckUtils]: 95: Hoare triple {4565#true} ~handle := #in~handle;havoc ~retValue_acc~9; {4565#true} is VALID
[2022-02-20 17:59:27,644 INFO  L290        TraceCheckUtils]: 96: Hoare triple {4565#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4565#true} is VALID
[2022-02-20 17:59:27,644 INFO  L290        TraceCheckUtils]: 97: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:27,644 INFO  L284        TraceCheckUtils]: 98: Hoare quadruple {4565#true} {4566#false} #961#return; {4566#false} is VALID
[2022-02-20 17:59:27,644 INFO  L290        TraceCheckUtils]: 99: Hoare triple {4566#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {4566#false} is VALID
[2022-02-20 17:59:27,644 INFO  L290        TraceCheckUtils]: 100: Hoare triple {4566#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {4566#false} is VALID
[2022-02-20 17:59:27,644 INFO  L290        TraceCheckUtils]: 101: Hoare triple {4566#false} assume !false; {4566#false} is VALID
[2022-02-20 17:59:27,645 INFO  L134       CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked.
[2022-02-20 17:59:27,645 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:27,645 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1254405009]
[2022-02-20 17:59:27,645 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1254405009] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 17:59:27,645 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1506009949]
[2022-02-20 17:59:27,645 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:27,645 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 17:59:27,646 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 17:59:27,657 INFO  L229       MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 17:59:27,658 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process
[2022-02-20 17:59:27,840 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,843 INFO  L263         TraceCheckSpWp]: Trace formula consists of 995 conjuncts, 3 conjunts are in the unsatisfiable core
[2022-02-20 17:59:27,882 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:27,887 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 17:59:28,077 INFO  L290        TraceCheckUtils]: 0: Hoare triple {4565#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4565#true} is VALID
[2022-02-20 17:59:28,077 INFO  L290        TraceCheckUtils]: 1: Hoare triple {4565#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {4565#true} is VALID
[2022-02-20 17:59:28,077 INFO  L290        TraceCheckUtils]: 2: Hoare triple {4565#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4565#true} is VALID
[2022-02-20 17:59:28,077 INFO  L290        TraceCheckUtils]: 3: Hoare triple {4565#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {4565#true} is VALID
[2022-02-20 17:59:28,077 INFO  L290        TraceCheckUtils]: 4: Hoare triple {4565#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {4565#true} is VALID
[2022-02-20 17:59:28,077 INFO  L290        TraceCheckUtils]: 5: Hoare triple {4565#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4565#true} is VALID
[2022-02-20 17:59:28,077 INFO  L272        TraceCheckUtils]: 6: Hoare triple {4565#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4565#true} is VALID
[2022-02-20 17:59:28,077 INFO  L290        TraceCheckUtils]: 7: Hoare triple {4565#true} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 8: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 9: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {4565#true} {4565#true} #1007#return; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 11: Hoare triple {4565#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L272        TraceCheckUtils]: 12: Hoare triple {4565#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 13: Hoare triple {4565#true} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 14: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 15: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {4565#true} {4565#true} #1009#return; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 17: Hoare triple {4565#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L272        TraceCheckUtils]: 18: Hoare triple {4565#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 19: Hoare triple {4565#true} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 20: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 21: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {4565#true} {4565#true} #1011#return; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 23: Hoare triple {4565#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L272        TraceCheckUtils]: 24: Hoare triple {4565#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 25: Hoare triple {4565#true} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:28,078 INFO  L290        TraceCheckUtils]: 26: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 27: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {4565#true} {4565#true} #1013#return; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 29: Hoare triple {4565#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L272        TraceCheckUtils]: 30: Hoare triple {4565#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 31: Hoare triple {4565#true} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 32: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 33: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {4565#true} {4565#true} #1015#return; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 35: Hoare triple {4565#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L272        TraceCheckUtils]: 36: Hoare triple {4565#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 37: Hoare triple {4565#true} ~handle := #in~handle;~value := #in~value; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 38: Hoare triple {4565#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 39: Hoare triple {4565#true} assume true; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {4565#true} {4565#true} #1017#return; {4565#true} is VALID
[2022-02-20 17:59:28,079 INFO  L290        TraceCheckUtils]: 41: Hoare triple {4565#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {4565#true} is VALID
[2022-02-20 17:59:28,080 INFO  L290        TraceCheckUtils]: 42: Hoare triple {4565#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4751#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID
[2022-02-20 17:59:28,080 INFO  L290        TraceCheckUtils]: 43: Hoare triple {4751#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4751#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID
[2022-02-20 17:59:28,080 INFO  L290        TraceCheckUtils]: 44: Hoare triple {4751#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4751#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID
[2022-02-20 17:59:28,080 INFO  L290        TraceCheckUtils]: 45: Hoare triple {4751#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4751#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 46: Hoare triple {4751#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 47: Hoare triple {4566#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 48: Hoare triple {4566#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 49: Hoare triple {4566#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 50: Hoare triple {4566#false} assume { :end_inline_setClientAutoResponse } true; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 51: Hoare triple {4566#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 52: Hoare triple {4566#false} assume !false; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 53: Hoare triple {4566#false} assume !(test_~splverifierCounter~0#1 < 4); {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 54: Hoare triple {4566#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L272        TraceCheckUtils]: 55: Hoare triple {4566#false} call sendEmail(~bob~0, ~rjh~0); {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 56: Hoare triple {4566#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L272        TraceCheckUtils]: 57: Hoare triple {4566#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 58: Hoare triple {4566#false} ~handle := #in~handle;~value := #in~value; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 59: Hoare triple {4566#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L290        TraceCheckUtils]: 60: Hoare triple {4566#false} assume true; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L284        TraceCheckUtils]: 61: Hoare quadruple {4566#false} {4566#false} #1001#return; {4566#false} is VALID
[2022-02-20 17:59:28,081 INFO  L272        TraceCheckUtils]: 62: Hoare triple {4566#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 63: Hoare triple {4566#false} ~handle := #in~handle;~value := #in~value; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 64: Hoare triple {4566#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 65: Hoare triple {4566#false} assume true; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L284        TraceCheckUtils]: 66: Hoare quadruple {4566#false} {4566#false} #1003#return; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 67: Hoare triple {4566#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 68: Hoare triple {4566#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L272        TraceCheckUtils]: 69: Hoare triple {4566#false} call outgoing(~sender#1, ~email~0#1); {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 70: Hoare triple {4566#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L272        TraceCheckUtils]: 71: Hoare triple {4566#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 72: Hoare triple {4566#false} ~handle := #in~handle;havoc ~retValue_acc~9; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 73: Hoare triple {4566#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 74: Hoare triple {4566#false} assume true; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L284        TraceCheckUtils]: 75: Hoare quadruple {4566#false} {4566#false} #955#return; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 76: Hoare triple {4566#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 77: Hoare triple {4566#false} assume 0 == sign_~privkey~0#1; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 78: Hoare triple {4566#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 79: Hoare triple {4566#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 80: Hoare triple {4566#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L272        TraceCheckUtils]: 81: Hoare triple {4566#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 82: Hoare triple {4566#false} ~handle := #in~handle;~value := #in~value; {4566#false} is VALID
[2022-02-20 17:59:28,082 INFO  L290        TraceCheckUtils]: 83: Hoare triple {4566#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 84: Hoare triple {4566#false} assume true; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L284        TraceCheckUtils]: 85: Hoare quadruple {4566#false} {4566#false} #957#return; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 86: Hoare triple {4566#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L272        TraceCheckUtils]: 87: Hoare triple {4566#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 88: Hoare triple {4566#false} ~handle := #in~handle;havoc ~retValue_acc~31; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 89: Hoare triple {4566#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 90: Hoare triple {4566#false} assume true; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L284        TraceCheckUtils]: 91: Hoare quadruple {4566#false} {4566#false} #959#return; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 92: Hoare triple {4566#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 93: Hoare triple {4566#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L272        TraceCheckUtils]: 94: Hoare triple {4566#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 95: Hoare triple {4566#false} ~handle := #in~handle;havoc ~retValue_acc~9; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 96: Hoare triple {4566#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 97: Hoare triple {4566#false} assume true; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L284        TraceCheckUtils]: 98: Hoare quadruple {4566#false} {4566#false} #961#return; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 99: Hoare triple {4566#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 100: Hoare triple {4566#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {4566#false} is VALID
[2022-02-20 17:59:28,083 INFO  L290        TraceCheckUtils]: 101: Hoare triple {4566#false} assume !false; {4566#false} is VALID
[2022-02-20 17:59:28,084 INFO  L134       CoverageAnalysis]: Checked inductivity of 34 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked.
[2022-02-20 17:59:28,084 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 17:59:28,084 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [1506009949] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:28,084 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 17:59:28,084 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10
[2022-02-20 17:59:28,084 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1829434632]
[2022-02-20 17:59:28,084 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:28,084 INFO  L78                 Accepts]: Start accepts. Automaton has  has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 102
[2022-02-20 17:59:28,085 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:28,085 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:28,139 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:28,139 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 3 states
[2022-02-20 17:59:28,139 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:28,139 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants.
[2022-02-20 17:59:28,140 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90
[2022-02-20 17:59:28,140 INFO  L87              Difference]: Start difference. First operand 322 states and 482 transitions. Second operand  has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:28,531 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:28,531 INFO  L93              Difference]: Finished difference Result 679 states and 1031 transitions.
[2022-02-20 17:59:28,532 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. 
[2022-02-20 17:59:28,532 INFO  L78                 Accepts]: Start accepts. Automaton has  has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 102
[2022-02-20 17:59:28,532 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 17:59:28,532 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:28,541 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1029 transitions.
[2022-02-20 17:59:28,542 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:28,549 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1029 transitions.
[2022-02-20 17:59:28,549 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1029 transitions.
[2022-02-20 17:59:29,194 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1029 edges. 1029 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:29,215 INFO  L225             Difference]: With dead ends: 679
[2022-02-20 17:59:29,216 INFO  L226             Difference]: Without dead ends: 384
[2022-02-20 17:59:29,217 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 129 GetRequests, 121 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90
[2022-02-20 17:59:29,219 INFO  L933         BasicCegarLoop]: 498 mSDtfsCounter, 115 mSDsluCounter, 433 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 130 SdHoareTripleChecker+Valid, 931 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 17:59:29,222 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [130 Valid, 931 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 17:59:29,223 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 384 states.
[2022-02-20 17:59:29,236 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 384 to 376.
[2022-02-20 17:59:29,236 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 17:59:29,237 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 384 states. Second operand  has 376 states, 298 states have (on average 1.5335570469798658) internal successors, (457), 299 states have internal predecessors, (457), 59 states have call successors, (59), 18 states have call predecessors, (59), 18 states have return successors, (58), 58 states have call predecessors, (58), 58 states have call successors, (58)
[2022-02-20 17:59:29,237 INFO  L74              IsIncluded]: Start isIncluded. First operand 384 states. Second operand  has 376 states, 298 states have (on average 1.5335570469798658) internal successors, (457), 299 states have internal predecessors, (457), 59 states have call successors, (59), 18 states have call predecessors, (59), 18 states have return successors, (58), 58 states have call predecessors, (58), 58 states have call successors, (58)
[2022-02-20 17:59:29,238 INFO  L87              Difference]: Start difference. First operand 384 states. Second operand  has 376 states, 298 states have (on average 1.5335570469798658) internal successors, (457), 299 states have internal predecessors, (457), 59 states have call successors, (59), 18 states have call predecessors, (59), 18 states have return successors, (58), 58 states have call predecessors, (58), 58 states have call successors, (58)
[2022-02-20 17:59:29,247 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:29,247 INFO  L93              Difference]: Finished difference Result 384 states and 583 transitions.
[2022-02-20 17:59:29,247 INFO  L276                IsEmpty]: Start isEmpty. Operand 384 states and 583 transitions.
[2022-02-20 17:59:29,248 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:29,248 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:29,249 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 376 states, 298 states have (on average 1.5335570469798658) internal successors, (457), 299 states have internal predecessors, (457), 59 states have call successors, (59), 18 states have call predecessors, (59), 18 states have return successors, (58), 58 states have call predecessors, (58), 58 states have call successors, (58) Second operand 384 states.
[2022-02-20 17:59:29,250 INFO  L87              Difference]: Start difference. First operand  has 376 states, 298 states have (on average 1.5335570469798658) internal successors, (457), 299 states have internal predecessors, (457), 59 states have call successors, (59), 18 states have call predecessors, (59), 18 states have return successors, (58), 58 states have call predecessors, (58), 58 states have call successors, (58) Second operand 384 states.
[2022-02-20 17:59:29,258 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:29,259 INFO  L93              Difference]: Finished difference Result 384 states and 583 transitions.
[2022-02-20 17:59:29,259 INFO  L276                IsEmpty]: Start isEmpty. Operand 384 states and 583 transitions.
[2022-02-20 17:59:29,260 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:29,260 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:29,260 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 17:59:29,260 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 17:59:29,261 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 376 states, 298 states have (on average 1.5335570469798658) internal successors, (457), 299 states have internal predecessors, (457), 59 states have call successors, (59), 18 states have call predecessors, (59), 18 states have return successors, (58), 58 states have call predecessors, (58), 58 states have call successors, (58)
[2022-02-20 17:59:29,271 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 376 states to 376 states and 574 transitions.
[2022-02-20 17:59:29,271 INFO  L78                 Accepts]: Start accepts. Automaton has 376 states and 574 transitions. Word has length 102
[2022-02-20 17:59:29,271 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 17:59:29,271 INFO  L470      AbstractCegarLoop]: Abstraction has 376 states and 574 transitions.
[2022-02-20 17:59:29,272 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 3 states, 3 states have (on average 19.333333333333332) internal successors, (58), 3 states have internal predecessors, (58), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)
[2022-02-20 17:59:29,272 INFO  L276                IsEmpty]: Start isEmpty. Operand 376 states and 574 transitions.
[2022-02-20 17:59:29,273 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 104
[2022-02-20 17:59:29,273 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:29,273 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:29,303 INFO  L540       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0
[2022-02-20 17:59:29,490 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 17:59:29,491 INFO  L402      AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:29,491 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:29,491 INFO  L85        PathProgramCache]: Analyzing trace with hash -1534344120, now seen corresponding path program 1 times
[2022-02-20 17:59:29,491 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:29,491 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1075828274]
[2022-02-20 17:59:29,491 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:29,491 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:29,511 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,529 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:29,531 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,538 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,538 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,539 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,539 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7194#true} #1007#return; {7194#true} is VALID
[2022-02-20 17:59:29,543 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:29,545 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,546 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,546 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,547 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,547 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7194#true} #1009#return; {7194#true} is VALID
[2022-02-20 17:59:29,547 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:29,548 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,566 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7247#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:29,566 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7247#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7248#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:29,567 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7248#(= |setClientId_#in~handle| 1)} assume true; {7248#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:29,567 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7248#(= |setClientId_#in~handle| 1)} {7204#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1011#return; {7195#false} is VALID
[2022-02-20 17:59:29,567 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24
[2022-02-20 17:59:29,569 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,570 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,570 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,571 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,571 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #1013#return; {7195#false} is VALID
[2022-02-20 17:59:29,571 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30
[2022-02-20 17:59:29,572 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,573 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,574 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,574 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,574 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #1015#return; {7195#false} is VALID
[2022-02-20 17:59:29,574 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36
[2022-02-20 17:59:29,585 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,592 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,592 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,592 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,592 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #1017#return; {7195#false} is VALID
[2022-02-20 17:59:29,598 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58
[2022-02-20 17:59:29,599 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,604 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,604 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,604 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,604 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #1001#return; {7195#false} is VALID
[2022-02-20 17:59:29,610 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63
[2022-02-20 17:59:29,611 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,628 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,628 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,628 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,628 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #1003#return; {7195#false} is VALID
[2022-02-20 17:59:29,628 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72
[2022-02-20 17:59:29,629 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,631 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7194#true} ~handle := #in~handle;havoc ~retValue_acc~9; {7194#true} is VALID
[2022-02-20 17:59:29,631 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {7194#true} is VALID
[2022-02-20 17:59:29,631 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,631 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #955#return; {7195#false} is VALID
[2022-02-20 17:59:29,631 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82
[2022-02-20 17:59:29,632 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,633 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,634 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,634 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,634 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #957#return; {7195#false} is VALID
[2022-02-20 17:59:29,634 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88
[2022-02-20 17:59:29,635 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,636 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7194#true} ~handle := #in~handle;havoc ~retValue_acc~31; {7194#true} is VALID
[2022-02-20 17:59:29,636 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {7194#true} is VALID
[2022-02-20 17:59:29,636 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,636 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #959#return; {7195#false} is VALID
[2022-02-20 17:59:29,636 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95
[2022-02-20 17:59:29,637 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,638 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7194#true} ~handle := #in~handle;havoc ~retValue_acc~9; {7194#true} is VALID
[2022-02-20 17:59:29,639 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {7194#true} is VALID
[2022-02-20 17:59:29,639 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,639 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {7194#true} {7195#false} #961#return; {7195#false} is VALID
[2022-02-20 17:59:29,639 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7194#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {7194#true} is VALID
[2022-02-20 17:59:29,639 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {7194#true} is VALID
[2022-02-20 17:59:29,639 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7194#true} is VALID
[2022-02-20 17:59:29,639 INFO  L290        TraceCheckUtils]: 3: Hoare triple {7194#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {7194#true} is VALID
[2022-02-20 17:59:29,639 INFO  L290        TraceCheckUtils]: 4: Hoare triple {7194#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {7194#true} is VALID
[2022-02-20 17:59:29,640 INFO  L290        TraceCheckUtils]: 5: Hoare triple {7194#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7194#true} is VALID
[2022-02-20 17:59:29,640 INFO  L272        TraceCheckUtils]: 6: Hoare triple {7194#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:29,640 INFO  L290        TraceCheckUtils]: 7: Hoare triple {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,640 INFO  L290        TraceCheckUtils]: 8: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,641 INFO  L290        TraceCheckUtils]: 9: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,641 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {7194#true} {7194#true} #1007#return; {7194#true} is VALID
[2022-02-20 17:59:29,641 INFO  L290        TraceCheckUtils]: 11: Hoare triple {7194#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7194#true} is VALID
[2022-02-20 17:59:29,641 INFO  L272        TraceCheckUtils]: 12: Hoare triple {7194#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:29,641 INFO  L290        TraceCheckUtils]: 13: Hoare triple {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,641 INFO  L290        TraceCheckUtils]: 14: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,642 INFO  L290        TraceCheckUtils]: 15: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,642 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {7194#true} {7194#true} #1009#return; {7194#true} is VALID
[2022-02-20 17:59:29,642 INFO  L290        TraceCheckUtils]: 17: Hoare triple {7194#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7204#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID
[2022-02-20 17:59:29,643 INFO  L272        TraceCheckUtils]: 18: Hoare triple {7204#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:29,643 INFO  L290        TraceCheckUtils]: 19: Hoare triple {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7247#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:29,643 INFO  L290        TraceCheckUtils]: 20: Hoare triple {7247#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7248#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:29,643 INFO  L290        TraceCheckUtils]: 21: Hoare triple {7248#(= |setClientId_#in~handle| 1)} assume true; {7248#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:29,644 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {7248#(= |setClientId_#in~handle| 1)} {7204#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1011#return; {7195#false} is VALID
[2022-02-20 17:59:29,644 INFO  L290        TraceCheckUtils]: 23: Hoare triple {7195#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7195#false} is VALID
[2022-02-20 17:59:29,644 INFO  L272        TraceCheckUtils]: 24: Hoare triple {7195#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:29,644 INFO  L290        TraceCheckUtils]: 25: Hoare triple {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,644 INFO  L290        TraceCheckUtils]: 26: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,644 INFO  L290        TraceCheckUtils]: 27: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,645 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {7194#true} {7195#false} #1013#return; {7195#false} is VALID
[2022-02-20 17:59:29,645 INFO  L290        TraceCheckUtils]: 29: Hoare triple {7195#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7195#false} is VALID
[2022-02-20 17:59:29,645 INFO  L272        TraceCheckUtils]: 30: Hoare triple {7195#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:29,645 INFO  L290        TraceCheckUtils]: 31: Hoare triple {7245#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,645 INFO  L290        TraceCheckUtils]: 32: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,645 INFO  L290        TraceCheckUtils]: 33: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,645 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {7194#true} {7195#false} #1015#return; {7195#false} is VALID
[2022-02-20 17:59:29,645 INFO  L290        TraceCheckUtils]: 35: Hoare triple {7195#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7195#false} is VALID
[2022-02-20 17:59:29,645 INFO  L272        TraceCheckUtils]: 36: Hoare triple {7195#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 37: Hoare triple {7246#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 38: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 39: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,646 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {7194#true} {7195#false} #1017#return; {7195#false} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 41: Hoare triple {7195#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {7195#false} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 42: Hoare triple {7195#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7195#false} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 43: Hoare triple {7195#false} assume !false; {7195#false} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 44: Hoare triple {7195#false} assume test_~splverifierCounter~0#1 < 4; {7195#false} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 45: Hoare triple {7195#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7195#false} is VALID
[2022-02-20 17:59:29,646 INFO  L290        TraceCheckUtils]: 46: Hoare triple {7195#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 47: Hoare triple {7195#false} assume !(0 != test_~tmp___9~0#1); {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 48: Hoare triple {7195#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 49: Hoare triple {7195#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 50: Hoare triple {7195#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 51: Hoare triple {7195#false} assume { :end_inline_setClientAutoResponse } true; {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 52: Hoare triple {7195#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 53: Hoare triple {7195#false} assume !false; {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 54: Hoare triple {7195#false} assume !(test_~splverifierCounter~0#1 < 4); {7195#false} is VALID
[2022-02-20 17:59:29,647 INFO  L290        TraceCheckUtils]: 55: Hoare triple {7195#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {7195#false} is VALID
[2022-02-20 17:59:29,648 INFO  L272        TraceCheckUtils]: 56: Hoare triple {7195#false} call sendEmail(~bob~0, ~rjh~0); {7195#false} is VALID
[2022-02-20 17:59:29,648 INFO  L290        TraceCheckUtils]: 57: Hoare triple {7195#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7195#false} is VALID
[2022-02-20 17:59:29,648 INFO  L272        TraceCheckUtils]: 58: Hoare triple {7195#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:29,648 INFO  L290        TraceCheckUtils]: 59: Hoare triple {7249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,648 INFO  L290        TraceCheckUtils]: 60: Hoare triple {7194#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,648 INFO  L290        TraceCheckUtils]: 61: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,648 INFO  L284        TraceCheckUtils]: 62: Hoare quadruple {7194#true} {7195#false} #1001#return; {7195#false} is VALID
[2022-02-20 17:59:29,648 INFO  L272        TraceCheckUtils]: 63: Hoare triple {7195#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:29,648 INFO  L290        TraceCheckUtils]: 64: Hoare triple {7250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,649 INFO  L290        TraceCheckUtils]: 65: Hoare triple {7194#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,649 INFO  L290        TraceCheckUtils]: 66: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,649 INFO  L284        TraceCheckUtils]: 67: Hoare quadruple {7194#true} {7195#false} #1003#return; {7195#false} is VALID
[2022-02-20 17:59:29,649 INFO  L290        TraceCheckUtils]: 68: Hoare triple {7195#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {7195#false} is VALID
[2022-02-20 17:59:29,649 INFO  L290        TraceCheckUtils]: 69: Hoare triple {7195#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {7195#false} is VALID
[2022-02-20 17:59:29,649 INFO  L272        TraceCheckUtils]: 70: Hoare triple {7195#false} call outgoing(~sender#1, ~email~0#1); {7195#false} is VALID
[2022-02-20 17:59:29,649 INFO  L290        TraceCheckUtils]: 71: Hoare triple {7195#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {7195#false} is VALID
[2022-02-20 17:59:29,649 INFO  L272        TraceCheckUtils]: 72: Hoare triple {7195#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {7194#true} is VALID
[2022-02-20 17:59:29,649 INFO  L290        TraceCheckUtils]: 73: Hoare triple {7194#true} ~handle := #in~handle;havoc ~retValue_acc~9; {7194#true} is VALID
[2022-02-20 17:59:29,649 INFO  L290        TraceCheckUtils]: 74: Hoare triple {7194#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {7194#true} is VALID
[2022-02-20 17:59:29,650 INFO  L290        TraceCheckUtils]: 75: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,650 INFO  L284        TraceCheckUtils]: 76: Hoare quadruple {7194#true} {7195#false} #955#return; {7195#false} is VALID
[2022-02-20 17:59:29,650 INFO  L290        TraceCheckUtils]: 77: Hoare triple {7195#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {7195#false} is VALID
[2022-02-20 17:59:29,650 INFO  L290        TraceCheckUtils]: 78: Hoare triple {7195#false} assume 0 == sign_~privkey~0#1; {7195#false} is VALID
[2022-02-20 17:59:29,650 INFO  L290        TraceCheckUtils]: 79: Hoare triple {7195#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {7195#false} is VALID
[2022-02-20 17:59:29,650 INFO  L290        TraceCheckUtils]: 80: Hoare triple {7195#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {7195#false} is VALID
[2022-02-20 17:59:29,650 INFO  L290        TraceCheckUtils]: 81: Hoare triple {7195#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {7195#false} is VALID
[2022-02-20 17:59:29,650 INFO  L272        TraceCheckUtils]: 82: Hoare triple {7195#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {7249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:29,650 INFO  L290        TraceCheckUtils]: 83: Hoare triple {7249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:29,651 INFO  L290        TraceCheckUtils]: 84: Hoare triple {7194#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:29,651 INFO  L290        TraceCheckUtils]: 85: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,651 INFO  L284        TraceCheckUtils]: 86: Hoare quadruple {7194#true} {7195#false} #957#return; {7195#false} is VALID
[2022-02-20 17:59:29,651 INFO  L290        TraceCheckUtils]: 87: Hoare triple {7195#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {7195#false} is VALID
[2022-02-20 17:59:29,651 INFO  L272        TraceCheckUtils]: 88: Hoare triple {7195#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {7194#true} is VALID
[2022-02-20 17:59:29,651 INFO  L290        TraceCheckUtils]: 89: Hoare triple {7194#true} ~handle := #in~handle;havoc ~retValue_acc~31; {7194#true} is VALID
[2022-02-20 17:59:29,651 INFO  L290        TraceCheckUtils]: 90: Hoare triple {7194#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {7194#true} is VALID
[2022-02-20 17:59:29,651 INFO  L290        TraceCheckUtils]: 91: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,651 INFO  L284        TraceCheckUtils]: 92: Hoare quadruple {7194#true} {7195#false} #959#return; {7195#false} is VALID
[2022-02-20 17:59:29,652 INFO  L290        TraceCheckUtils]: 93: Hoare triple {7195#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {7195#false} is VALID
[2022-02-20 17:59:29,652 INFO  L290        TraceCheckUtils]: 94: Hoare triple {7195#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {7195#false} is VALID
[2022-02-20 17:59:29,652 INFO  L272        TraceCheckUtils]: 95: Hoare triple {7195#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {7194#true} is VALID
[2022-02-20 17:59:29,652 INFO  L290        TraceCheckUtils]: 96: Hoare triple {7194#true} ~handle := #in~handle;havoc ~retValue_acc~9; {7194#true} is VALID
[2022-02-20 17:59:29,652 INFO  L290        TraceCheckUtils]: 97: Hoare triple {7194#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {7194#true} is VALID
[2022-02-20 17:59:29,652 INFO  L290        TraceCheckUtils]: 98: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:29,652 INFO  L284        TraceCheckUtils]: 99: Hoare quadruple {7194#true} {7195#false} #961#return; {7195#false} is VALID
[2022-02-20 17:59:29,652 INFO  L290        TraceCheckUtils]: 100: Hoare triple {7195#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {7195#false} is VALID
[2022-02-20 17:59:29,652 INFO  L290        TraceCheckUtils]: 101: Hoare triple {7195#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {7195#false} is VALID
[2022-02-20 17:59:29,652 INFO  L290        TraceCheckUtils]: 102: Hoare triple {7195#false} assume !false; {7195#false} is VALID
[2022-02-20 17:59:29,653 INFO  L134       CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked.
[2022-02-20 17:59:29,653 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:29,653 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1075828274]
[2022-02-20 17:59:29,653 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1075828274] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 17:59:29,653 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [321510686]
[2022-02-20 17:59:29,653 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:29,654 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 17:59:29,654 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 17:59:29,655 INFO  L229       MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 17:59:29,656 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process
[2022-02-20 17:59:29,854 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,857 INFO  L263         TraceCheckSpWp]: Trace formula consists of 1002 conjuncts, 8 conjunts are in the unsatisfiable core
[2022-02-20 17:59:29,893 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:29,895 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 17:59:30,131 INFO  L290        TraceCheckUtils]: 0: Hoare triple {7194#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {7194#true} is VALID
[2022-02-20 17:59:30,131 INFO  L290        TraceCheckUtils]: 1: Hoare triple {7194#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {7194#true} is VALID
[2022-02-20 17:59:30,131 INFO  L290        TraceCheckUtils]: 2: Hoare triple {7194#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7194#true} is VALID
[2022-02-20 17:59:30,131 INFO  L290        TraceCheckUtils]: 3: Hoare triple {7194#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {7194#true} is VALID
[2022-02-20 17:59:30,131 INFO  L290        TraceCheckUtils]: 4: Hoare triple {7194#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {7194#true} is VALID
[2022-02-20 17:59:30,131 INFO  L290        TraceCheckUtils]: 5: Hoare triple {7194#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7194#true} is VALID
[2022-02-20 17:59:30,131 INFO  L272        TraceCheckUtils]: 6: Hoare triple {7194#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L290        TraceCheckUtils]: 7: Hoare triple {7194#true} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L290        TraceCheckUtils]: 8: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L290        TraceCheckUtils]: 9: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {7194#true} {7194#true} #1007#return; {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L290        TraceCheckUtils]: 11: Hoare triple {7194#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L272        TraceCheckUtils]: 12: Hoare triple {7194#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L290        TraceCheckUtils]: 13: Hoare triple {7194#true} ~handle := #in~handle;~value := #in~value; {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L290        TraceCheckUtils]: 14: Hoare triple {7194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L290        TraceCheckUtils]: 15: Hoare triple {7194#true} assume true; {7194#true} is VALID
[2022-02-20 17:59:30,132 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {7194#true} {7194#true} #1009#return; {7194#true} is VALID
[2022-02-20 17:59:30,139 INFO  L290        TraceCheckUtils]: 17: Hoare triple {7194#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7305#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID
[2022-02-20 17:59:30,139 INFO  L272        TraceCheckUtils]: 18: Hoare triple {7305#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7194#true} is VALID
[2022-02-20 17:59:30,140 INFO  L290        TraceCheckUtils]: 19: Hoare triple {7194#true} ~handle := #in~handle;~value := #in~value; {7312#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID
[2022-02-20 17:59:30,141 INFO  L290        TraceCheckUtils]: 20: Hoare triple {7312#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7316#(<= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:30,141 INFO  L290        TraceCheckUtils]: 21: Hoare triple {7316#(<= |setClientId_#in~handle| 1)} assume true; {7316#(<= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:30,142 INFO  L284        TraceCheckUtils]: 22: Hoare quadruple {7316#(<= |setClientId_#in~handle| 1)} {7305#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1011#return; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L290        TraceCheckUtils]: 23: Hoare triple {7195#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L272        TraceCheckUtils]: 24: Hoare triple {7195#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L290        TraceCheckUtils]: 25: Hoare triple {7195#false} ~handle := #in~handle;~value := #in~value; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L290        TraceCheckUtils]: 26: Hoare triple {7195#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L290        TraceCheckUtils]: 27: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L284        TraceCheckUtils]: 28: Hoare quadruple {7195#false} {7195#false} #1013#return; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L290        TraceCheckUtils]: 29: Hoare triple {7195#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L272        TraceCheckUtils]: 30: Hoare triple {7195#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L290        TraceCheckUtils]: 31: Hoare triple {7195#false} ~handle := #in~handle;~value := #in~value; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L290        TraceCheckUtils]: 32: Hoare triple {7195#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L290        TraceCheckUtils]: 33: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,142 INFO  L284        TraceCheckUtils]: 34: Hoare quadruple {7195#false} {7195#false} #1015#return; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 35: Hoare triple {7195#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L272        TraceCheckUtils]: 36: Hoare triple {7195#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 37: Hoare triple {7195#false} ~handle := #in~handle;~value := #in~value; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 38: Hoare triple {7195#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 39: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L284        TraceCheckUtils]: 40: Hoare quadruple {7195#false} {7195#false} #1017#return; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 41: Hoare triple {7195#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 42: Hoare triple {7195#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 43: Hoare triple {7195#false} assume !false; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 44: Hoare triple {7195#false} assume test_~splverifierCounter~0#1 < 4; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 45: Hoare triple {7195#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 46: Hoare triple {7195#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 47: Hoare triple {7195#false} assume !(0 != test_~tmp___9~0#1); {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 48: Hoare triple {7195#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 49: Hoare triple {7195#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 50: Hoare triple {7195#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 51: Hoare triple {7195#false} assume { :end_inline_setClientAutoResponse } true; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 52: Hoare triple {7195#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {7195#false} is VALID
[2022-02-20 17:59:30,143 INFO  L290        TraceCheckUtils]: 53: Hoare triple {7195#false} assume !false; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 54: Hoare triple {7195#false} assume !(test_~splverifierCounter~0#1 < 4); {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 55: Hoare triple {7195#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L272        TraceCheckUtils]: 56: Hoare triple {7195#false} call sendEmail(~bob~0, ~rjh~0); {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 57: Hoare triple {7195#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L272        TraceCheckUtils]: 58: Hoare triple {7195#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 59: Hoare triple {7195#false} ~handle := #in~handle;~value := #in~value; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 60: Hoare triple {7195#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 61: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L284        TraceCheckUtils]: 62: Hoare quadruple {7195#false} {7195#false} #1001#return; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L272        TraceCheckUtils]: 63: Hoare triple {7195#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 64: Hoare triple {7195#false} ~handle := #in~handle;~value := #in~value; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 65: Hoare triple {7195#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 66: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L284        TraceCheckUtils]: 67: Hoare quadruple {7195#false} {7195#false} #1003#return; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 68: Hoare triple {7195#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 69: Hoare triple {7195#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L272        TraceCheckUtils]: 70: Hoare triple {7195#false} call outgoing(~sender#1, ~email~0#1); {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 71: Hoare triple {7195#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L272        TraceCheckUtils]: 72: Hoare triple {7195#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 73: Hoare triple {7195#false} ~handle := #in~handle;havoc ~retValue_acc~9; {7195#false} is VALID
[2022-02-20 17:59:30,144 INFO  L290        TraceCheckUtils]: 74: Hoare triple {7195#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 75: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L284        TraceCheckUtils]: 76: Hoare quadruple {7195#false} {7195#false} #955#return; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 77: Hoare triple {7195#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 78: Hoare triple {7195#false} assume 0 == sign_~privkey~0#1; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 79: Hoare triple {7195#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 80: Hoare triple {7195#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 81: Hoare triple {7195#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L272        TraceCheckUtils]: 82: Hoare triple {7195#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 83: Hoare triple {7195#false} ~handle := #in~handle;~value := #in~value; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 84: Hoare triple {7195#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 85: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L284        TraceCheckUtils]: 86: Hoare quadruple {7195#false} {7195#false} #957#return; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 87: Hoare triple {7195#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L272        TraceCheckUtils]: 88: Hoare triple {7195#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 89: Hoare triple {7195#false} ~handle := #in~handle;havoc ~retValue_acc~31; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 90: Hoare triple {7195#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 91: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L284        TraceCheckUtils]: 92: Hoare quadruple {7195#false} {7195#false} #959#return; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 93: Hoare triple {7195#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {7195#false} is VALID
[2022-02-20 17:59:30,145 INFO  L290        TraceCheckUtils]: 94: Hoare triple {7195#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L272        TraceCheckUtils]: 95: Hoare triple {7195#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L290        TraceCheckUtils]: 96: Hoare triple {7195#false} ~handle := #in~handle;havoc ~retValue_acc~9; {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L290        TraceCheckUtils]: 97: Hoare triple {7195#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L290        TraceCheckUtils]: 98: Hoare triple {7195#false} assume true; {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L284        TraceCheckUtils]: 99: Hoare quadruple {7195#false} {7195#false} #961#return; {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L290        TraceCheckUtils]: 100: Hoare triple {7195#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L290        TraceCheckUtils]: 101: Hoare triple {7195#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L290        TraceCheckUtils]: 102: Hoare triple {7195#false} assume !false; {7195#false} is VALID
[2022-02-20 17:59:30,146 INFO  L134       CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked.
[2022-02-20 17:59:30,146 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 17:59:30,146 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [321510686] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:30,146 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 17:59:30,146 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12
[2022-02-20 17:59:30,146 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1197253698]
[2022-02-20 17:59:30,147 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:30,147 INFO  L78                 Accepts]: Start accepts. Automaton has  has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 103
[2022-02-20 17:59:30,147 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:30,147 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:30,222 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:30,223 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 5 states
[2022-02-20 17:59:30,223 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:30,223 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants.
[2022-02-20 17:59:30,223 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132
[2022-02-20 17:59:30,223 INFO  L87              Difference]: Start difference. First operand 376 states and 574 transitions. Second operand  has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:30,998 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:30,998 INFO  L93              Difference]: Finished difference Result 743 states and 1138 transitions.
[2022-02-20 17:59:30,998 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. 
[2022-02-20 17:59:30,999 INFO  L78                 Accepts]: Start accepts. Automaton has  has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 103
[2022-02-20 17:59:30,999 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 17:59:30,999 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:31,005 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 950 transitions.
[2022-02-20 17:59:31,006 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:31,012 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 950 transitions.
[2022-02-20 17:59:31,012 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 950 transitions.
[2022-02-20 17:59:31,565 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 950 edges. 950 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:31,573 INFO  L225             Difference]: With dead ends: 743
[2022-02-20 17:59:31,573 INFO  L226             Difference]: Without dead ends: 378
[2022-02-20 17:59:31,574 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 120 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156
[2022-02-20 17:59:31,575 INFO  L933         BasicCegarLoop]: 471 mSDtfsCounter, 133 mSDsluCounter, 1261 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 153 SdHoareTripleChecker+Valid, 1732 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 17:59:31,575 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [153 Valid, 1732 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 17:59:31,576 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 378 states.
[2022-02-20 17:59:31,621 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 378 to 378.
[2022-02-20 17:59:31,622 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 17:59:31,622 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 378 states. Second operand  has 378 states, 299 states have (on average 1.5317725752508362) internal successors, (458), 301 states have internal predecessors, (458), 59 states have call successors, (59), 18 states have call predecessors, (59), 19 states have return successors, (60), 58 states have call predecessors, (60), 58 states have call successors, (60)
[2022-02-20 17:59:31,623 INFO  L74              IsIncluded]: Start isIncluded. First operand 378 states. Second operand  has 378 states, 299 states have (on average 1.5317725752508362) internal successors, (458), 301 states have internal predecessors, (458), 59 states have call successors, (59), 18 states have call predecessors, (59), 19 states have return successors, (60), 58 states have call predecessors, (60), 58 states have call successors, (60)
[2022-02-20 17:59:31,624 INFO  L87              Difference]: Start difference. First operand 378 states. Second operand  has 378 states, 299 states have (on average 1.5317725752508362) internal successors, (458), 301 states have internal predecessors, (458), 59 states have call successors, (59), 18 states have call predecessors, (59), 19 states have return successors, (60), 58 states have call predecessors, (60), 58 states have call successors, (60)
[2022-02-20 17:59:31,632 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:31,632 INFO  L93              Difference]: Finished difference Result 378 states and 577 transitions.
[2022-02-20 17:59:31,633 INFO  L276                IsEmpty]: Start isEmpty. Operand 378 states and 577 transitions.
[2022-02-20 17:59:31,633 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:31,634 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:31,634 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 378 states, 299 states have (on average 1.5317725752508362) internal successors, (458), 301 states have internal predecessors, (458), 59 states have call successors, (59), 18 states have call predecessors, (59), 19 states have return successors, (60), 58 states have call predecessors, (60), 58 states have call successors, (60) Second operand 378 states.
[2022-02-20 17:59:31,635 INFO  L87              Difference]: Start difference. First operand  has 378 states, 299 states have (on average 1.5317725752508362) internal successors, (458), 301 states have internal predecessors, (458), 59 states have call successors, (59), 18 states have call predecessors, (59), 19 states have return successors, (60), 58 states have call predecessors, (60), 58 states have call successors, (60) Second operand 378 states.
[2022-02-20 17:59:31,644 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:31,644 INFO  L93              Difference]: Finished difference Result 378 states and 577 transitions.
[2022-02-20 17:59:31,644 INFO  L276                IsEmpty]: Start isEmpty. Operand 378 states and 577 transitions.
[2022-02-20 17:59:31,645 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:31,645 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:31,645 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 17:59:31,645 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 17:59:31,647 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 378 states, 299 states have (on average 1.5317725752508362) internal successors, (458), 301 states have internal predecessors, (458), 59 states have call successors, (59), 18 states have call predecessors, (59), 19 states have return successors, (60), 58 states have call predecessors, (60), 58 states have call successors, (60)
[2022-02-20 17:59:31,656 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 378 states to 378 states and 577 transitions.
[2022-02-20 17:59:31,656 INFO  L78                 Accepts]: Start accepts. Automaton has 378 states and 577 transitions. Word has length 103
[2022-02-20 17:59:31,656 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 17:59:31,656 INFO  L470      AbstractCegarLoop]: Abstraction has 378 states and 577 transitions.
[2022-02-20 17:59:31,657 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 5 states, 4 states have (on average 16.75) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:31,657 INFO  L276                IsEmpty]: Start isEmpty. Operand 378 states and 577 transitions.
[2022-02-20 17:59:31,658 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 105
[2022-02-20 17:59:31,658 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:31,658 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:31,680 INFO  L540       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0
[2022-02-20 17:59:31,859 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 17:59:31,859 INFO  L402      AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:31,860 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:31,860 INFO  L85        PathProgramCache]: Analyzing trace with hash -2047083558, now seen corresponding path program 1 times
[2022-02-20 17:59:31,860 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:31,860 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [845155988]
[2022-02-20 17:59:31,860 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:31,860 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:31,890 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,917 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:31,919 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,921 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:31,921 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:31,921 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:31,921 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9919#true} #1007#return; {9919#true} is VALID
[2022-02-20 17:59:31,926 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:31,927 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,929 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:31,929 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:31,929 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:31,929 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9919#true} #1009#return; {9919#true} is VALID
[2022-02-20 17:59:31,929 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:31,931 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,944 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9974#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:31,945 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9974#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {9974#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:31,945 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9974#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9975#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:31,945 INFO  L290        TraceCheckUtils]: 3: Hoare triple {9975#(= 2 |setClientId_#in~handle|)} assume true; {9975#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:31,946 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {9975#(= 2 |setClientId_#in~handle|)} {9929#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1011#return; {9935#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID
[2022-02-20 17:59:31,946 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 17:59:31,948 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,965 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9976#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:31,966 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9976#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9977#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:31,966 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9977#(= |setClientPrivateKey_#in~handle| 1)} assume true; {9977#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:31,966 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9977#(= |setClientPrivateKey_#in~handle| 1)} {9935#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1013#return; {9920#false} is VALID
[2022-02-20 17:59:31,967 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31
[2022-02-20 17:59:31,969 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,971 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:31,971 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:31,971 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:31,971 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9920#false} #1015#return; {9920#false} is VALID
[2022-02-20 17:59:31,972 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37
[2022-02-20 17:59:31,973 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,975 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:31,975 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:31,975 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:31,975 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9920#false} #1017#return; {9920#false} is VALID
[2022-02-20 17:59:31,982 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59
[2022-02-20 17:59:31,983 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,985 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9978#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:31,985 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:31,985 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:31,985 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9920#false} #1001#return; {9920#false} is VALID
[2022-02-20 17:59:31,993 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64
[2022-02-20 17:59:31,995 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:31,998 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9979#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:31,999 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:31,999 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:31,999 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9920#false} #1003#return; {9920#false} is VALID
[2022-02-20 17:59:31,999 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73
[2022-02-20 17:59:32,001 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:32,003 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9919#true} ~handle := #in~handle;havoc ~retValue_acc~9; {9919#true} is VALID
[2022-02-20 17:59:32,003 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {9919#true} is VALID
[2022-02-20 17:59:32,003 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,003 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9920#false} #955#return; {9920#false} is VALID
[2022-02-20 17:59:32,003 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83
[2022-02-20 17:59:32,010 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:32,012 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9978#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,012 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,012 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,012 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9920#false} #957#return; {9920#false} is VALID
[2022-02-20 17:59:32,013 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89
[2022-02-20 17:59:32,013 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:32,016 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9919#true} ~handle := #in~handle;havoc ~retValue_acc~31; {9919#true} is VALID
[2022-02-20 17:59:32,016 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {9919#true} is VALID
[2022-02-20 17:59:32,016 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,016 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9920#false} #959#return; {9920#false} is VALID
[2022-02-20 17:59:32,016 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96
[2022-02-20 17:59:32,017 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:32,019 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9919#true} ~handle := #in~handle;havoc ~retValue_acc~9; {9919#true} is VALID
[2022-02-20 17:59:32,020 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {9919#true} is VALID
[2022-02-20 17:59:32,022 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,022 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {9919#true} {9920#false} #961#return; {9920#false} is VALID
[2022-02-20 17:59:32,022 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9919#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {9919#true} is VALID
[2022-02-20 17:59:32,022 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {9919#true} is VALID
[2022-02-20 17:59:32,022 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9919#true} is VALID
[2022-02-20 17:59:32,022 INFO  L290        TraceCheckUtils]: 3: Hoare triple {9919#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {9919#true} is VALID
[2022-02-20 17:59:32,023 INFO  L290        TraceCheckUtils]: 4: Hoare triple {9919#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {9919#true} is VALID
[2022-02-20 17:59:32,023 INFO  L290        TraceCheckUtils]: 5: Hoare triple {9919#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9919#true} is VALID
[2022-02-20 17:59:32,026 INFO  L272        TraceCheckUtils]: 6: Hoare triple {9919#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:32,026 INFO  L290        TraceCheckUtils]: 7: Hoare triple {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,026 INFO  L290        TraceCheckUtils]: 8: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,026 INFO  L290        TraceCheckUtils]: 9: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,026 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {9919#true} {9919#true} #1007#return; {9919#true} is VALID
[2022-02-20 17:59:32,026 INFO  L290        TraceCheckUtils]: 11: Hoare triple {9919#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9919#true} is VALID
[2022-02-20 17:59:32,027 INFO  L272        TraceCheckUtils]: 12: Hoare triple {9919#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:32,027 INFO  L290        TraceCheckUtils]: 13: Hoare triple {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,027 INFO  L290        TraceCheckUtils]: 14: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,027 INFO  L290        TraceCheckUtils]: 15: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,027 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {9919#true} {9919#true} #1009#return; {9919#true} is VALID
[2022-02-20 17:59:32,027 INFO  L290        TraceCheckUtils]: 17: Hoare triple {9919#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9929#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID
[2022-02-20 17:59:32,028 INFO  L272        TraceCheckUtils]: 18: Hoare triple {9929#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:32,028 INFO  L290        TraceCheckUtils]: 19: Hoare triple {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9974#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:32,028 INFO  L290        TraceCheckUtils]: 20: Hoare triple {9974#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {9974#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:32,029 INFO  L290        TraceCheckUtils]: 21: Hoare triple {9974#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9975#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:32,029 INFO  L290        TraceCheckUtils]: 22: Hoare triple {9975#(= 2 |setClientId_#in~handle|)} assume true; {9975#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:32,029 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {9975#(= 2 |setClientId_#in~handle|)} {9929#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1011#return; {9935#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID
[2022-02-20 17:59:32,030 INFO  L290        TraceCheckUtils]: 24: Hoare triple {9935#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {9935#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID
[2022-02-20 17:59:32,030 INFO  L272        TraceCheckUtils]: 25: Hoare triple {9935#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:32,030 INFO  L290        TraceCheckUtils]: 26: Hoare triple {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9976#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:32,031 INFO  L290        TraceCheckUtils]: 27: Hoare triple {9976#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9977#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:32,031 INFO  L290        TraceCheckUtils]: 28: Hoare triple {9977#(= |setClientPrivateKey_#in~handle| 1)} assume true; {9977#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:32,031 INFO  L284        TraceCheckUtils]: 29: Hoare quadruple {9977#(= |setClientPrivateKey_#in~handle| 1)} {9935#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1013#return; {9920#false} is VALID
[2022-02-20 17:59:32,031 INFO  L290        TraceCheckUtils]: 30: Hoare triple {9920#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L272        TraceCheckUtils]: 31: Hoare triple {9920#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 32: Hoare triple {9972#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 33: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 34: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,032 INFO  L284        TraceCheckUtils]: 35: Hoare quadruple {9919#true} {9920#false} #1015#return; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 36: Hoare triple {9920#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L272        TraceCheckUtils]: 37: Hoare triple {9920#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 38: Hoare triple {9973#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 39: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 40: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,032 INFO  L284        TraceCheckUtils]: 41: Hoare quadruple {9919#true} {9920#false} #1017#return; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 42: Hoare triple {9920#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 43: Hoare triple {9920#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 44: Hoare triple {9920#false} assume !false; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 45: Hoare triple {9920#false} assume test_~splverifierCounter~0#1 < 4; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 46: Hoare triple {9920#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 47: Hoare triple {9920#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 48: Hoare triple {9920#false} assume !(0 != test_~tmp___9~0#1); {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 49: Hoare triple {9920#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 50: Hoare triple {9920#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {9920#false} is VALID
[2022-02-20 17:59:32,032 INFO  L290        TraceCheckUtils]: 51: Hoare triple {9920#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 52: Hoare triple {9920#false} assume { :end_inline_setClientAutoResponse } true; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 53: Hoare triple {9920#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 54: Hoare triple {9920#false} assume !false; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 55: Hoare triple {9920#false} assume !(test_~splverifierCounter~0#1 < 4); {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 56: Hoare triple {9920#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L272        TraceCheckUtils]: 57: Hoare triple {9920#false} call sendEmail(~bob~0, ~rjh~0); {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 58: Hoare triple {9920#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L272        TraceCheckUtils]: 59: Hoare triple {9920#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9978#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 60: Hoare triple {9978#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 61: Hoare triple {9919#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 62: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,033 INFO  L284        TraceCheckUtils]: 63: Hoare quadruple {9919#true} {9920#false} #1001#return; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L272        TraceCheckUtils]: 64: Hoare triple {9920#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9979#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 65: Hoare triple {9979#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 66: Hoare triple {9919#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 67: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,033 INFO  L284        TraceCheckUtils]: 68: Hoare quadruple {9919#true} {9920#false} #1003#return; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 69: Hoare triple {9920#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L290        TraceCheckUtils]: 70: Hoare triple {9920#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {9920#false} is VALID
[2022-02-20 17:59:32,033 INFO  L272        TraceCheckUtils]: 71: Hoare triple {9920#false} call outgoing(~sender#1, ~email~0#1); {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 72: Hoare triple {9920#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L272        TraceCheckUtils]: 73: Hoare triple {9920#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 74: Hoare triple {9919#true} ~handle := #in~handle;havoc ~retValue_acc~9; {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 75: Hoare triple {9919#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 76: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L284        TraceCheckUtils]: 77: Hoare quadruple {9919#true} {9920#false} #955#return; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 78: Hoare triple {9920#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 79: Hoare triple {9920#false} assume 0 == sign_~privkey~0#1; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 80: Hoare triple {9920#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 81: Hoare triple {9920#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 82: Hoare triple {9920#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L272        TraceCheckUtils]: 83: Hoare triple {9920#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {9978#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 84: Hoare triple {9978#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 85: Hoare triple {9919#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 86: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L284        TraceCheckUtils]: 87: Hoare quadruple {9919#true} {9920#false} #957#return; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 88: Hoare triple {9920#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {9920#false} is VALID
[2022-02-20 17:59:32,034 INFO  L272        TraceCheckUtils]: 89: Hoare triple {9920#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 90: Hoare triple {9919#true} ~handle := #in~handle;havoc ~retValue_acc~31; {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 91: Hoare triple {9919#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {9919#true} is VALID
[2022-02-20 17:59:32,034 INFO  L290        TraceCheckUtils]: 92: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,035 INFO  L284        TraceCheckUtils]: 93: Hoare quadruple {9919#true} {9920#false} #959#return; {9920#false} is VALID
[2022-02-20 17:59:32,035 INFO  L290        TraceCheckUtils]: 94: Hoare triple {9920#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {9920#false} is VALID
[2022-02-20 17:59:32,035 INFO  L290        TraceCheckUtils]: 95: Hoare triple {9920#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {9920#false} is VALID
[2022-02-20 17:59:32,035 INFO  L272        TraceCheckUtils]: 96: Hoare triple {9920#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {9919#true} is VALID
[2022-02-20 17:59:32,035 INFO  L290        TraceCheckUtils]: 97: Hoare triple {9919#true} ~handle := #in~handle;havoc ~retValue_acc~9; {9919#true} is VALID
[2022-02-20 17:59:32,035 INFO  L290        TraceCheckUtils]: 98: Hoare triple {9919#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {9919#true} is VALID
[2022-02-20 17:59:32,035 INFO  L290        TraceCheckUtils]: 99: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,035 INFO  L284        TraceCheckUtils]: 100: Hoare quadruple {9919#true} {9920#false} #961#return; {9920#false} is VALID
[2022-02-20 17:59:32,035 INFO  L290        TraceCheckUtils]: 101: Hoare triple {9920#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {9920#false} is VALID
[2022-02-20 17:59:32,035 INFO  L290        TraceCheckUtils]: 102: Hoare triple {9920#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {9920#false} is VALID
[2022-02-20 17:59:32,035 INFO  L290        TraceCheckUtils]: 103: Hoare triple {9920#false} assume !false; {9920#false} is VALID
[2022-02-20 17:59:32,035 INFO  L134       CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked.
[2022-02-20 17:59:32,035 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:32,035 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [845155988]
[2022-02-20 17:59:32,035 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [845155988] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 17:59:32,036 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [52587559]
[2022-02-20 17:59:32,036 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:32,036 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 17:59:32,036 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 17:59:32,037 INFO  L229       MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 17:59:32,037 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process
[2022-02-20 17:59:32,217 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:32,220 INFO  L263         TraceCheckSpWp]: Trace formula consists of 1003 conjuncts, 6 conjunts are in the unsatisfiable core
[2022-02-20 17:59:32,280 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:32,284 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 0: Hoare triple {9919#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 1: Hoare triple {9919#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 2: Hoare triple {9919#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 3: Hoare triple {9919#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 4: Hoare triple {9919#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 5: Hoare triple {9919#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L272        TraceCheckUtils]: 6: Hoare triple {9919#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 7: Hoare triple {9919#true} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 8: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 9: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {9919#true} {9919#true} #1007#return; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 11: Hoare triple {9919#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L272        TraceCheckUtils]: 12: Hoare triple {9919#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 13: Hoare triple {9919#true} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 14: Hoare triple {9919#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,540 INFO  L290        TraceCheckUtils]: 15: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,541 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {9919#true} {9919#true} #1009#return; {9919#true} is VALID
[2022-02-20 17:59:32,541 INFO  L290        TraceCheckUtils]: 17: Hoare triple {9919#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10034#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID
[2022-02-20 17:59:32,541 INFO  L272        TraceCheckUtils]: 18: Hoare triple {10034#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9919#true} is VALID
[2022-02-20 17:59:32,541 INFO  L290        TraceCheckUtils]: 19: Hoare triple {9919#true} ~handle := #in~handle;~value := #in~value; {9919#true} is VALID
[2022-02-20 17:59:32,541 INFO  L290        TraceCheckUtils]: 20: Hoare triple {9919#true} assume !(1 == ~handle); {9919#true} is VALID
[2022-02-20 17:59:32,541 INFO  L290        TraceCheckUtils]: 21: Hoare triple {9919#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9919#true} is VALID
[2022-02-20 17:59:32,541 INFO  L290        TraceCheckUtils]: 22: Hoare triple {9919#true} assume true; {9919#true} is VALID
[2022-02-20 17:59:32,542 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {9919#true} {10034#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1011#return; {10034#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID
[2022-02-20 17:59:32,542 INFO  L290        TraceCheckUtils]: 24: Hoare triple {10034#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {10034#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID
[2022-02-20 17:59:32,542 INFO  L272        TraceCheckUtils]: 25: Hoare triple {10034#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9919#true} is VALID
[2022-02-20 17:59:32,542 INFO  L290        TraceCheckUtils]: 26: Hoare triple {9919#true} ~handle := #in~handle;~value := #in~value; {10062#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID
[2022-02-20 17:59:32,543 INFO  L290        TraceCheckUtils]: 27: Hoare triple {10062#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10066#(<= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:32,543 INFO  L290        TraceCheckUtils]: 28: Hoare triple {10066#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {10066#(<= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:32,543 INFO  L284        TraceCheckUtils]: 29: Hoare quadruple {10066#(<= |setClientPrivateKey_#in~handle| 1)} {10034#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1013#return; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 30: Hoare triple {9920#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L272        TraceCheckUtils]: 31: Hoare triple {9920#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 32: Hoare triple {9920#false} ~handle := #in~handle;~value := #in~value; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 33: Hoare triple {9920#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 34: Hoare triple {9920#false} assume true; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L284        TraceCheckUtils]: 35: Hoare quadruple {9920#false} {9920#false} #1015#return; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 36: Hoare triple {9920#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L272        TraceCheckUtils]: 37: Hoare triple {9920#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 38: Hoare triple {9920#false} ~handle := #in~handle;~value := #in~value; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 39: Hoare triple {9920#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 40: Hoare triple {9920#false} assume true; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L284        TraceCheckUtils]: 41: Hoare quadruple {9920#false} {9920#false} #1017#return; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 42: Hoare triple {9920#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 43: Hoare triple {9920#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 44: Hoare triple {9920#false} assume !false; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 45: Hoare triple {9920#false} assume test_~splverifierCounter~0#1 < 4; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 46: Hoare triple {9920#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 47: Hoare triple {9920#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 48: Hoare triple {9920#false} assume !(0 != test_~tmp___9~0#1); {9920#false} is VALID
[2022-02-20 17:59:32,544 INFO  L290        TraceCheckUtils]: 49: Hoare triple {9920#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 50: Hoare triple {9920#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 51: Hoare triple {9920#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 52: Hoare triple {9920#false} assume { :end_inline_setClientAutoResponse } true; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 53: Hoare triple {9920#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 54: Hoare triple {9920#false} assume !false; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 55: Hoare triple {9920#false} assume !(test_~splverifierCounter~0#1 < 4); {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 56: Hoare triple {9920#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L272        TraceCheckUtils]: 57: Hoare triple {9920#false} call sendEmail(~bob~0, ~rjh~0); {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 58: Hoare triple {9920#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L272        TraceCheckUtils]: 59: Hoare triple {9920#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 60: Hoare triple {9920#false} ~handle := #in~handle;~value := #in~value; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 61: Hoare triple {9920#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 62: Hoare triple {9920#false} assume true; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L284        TraceCheckUtils]: 63: Hoare quadruple {9920#false} {9920#false} #1001#return; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L272        TraceCheckUtils]: 64: Hoare triple {9920#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 65: Hoare triple {9920#false} ~handle := #in~handle;~value := #in~value; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 66: Hoare triple {9920#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 67: Hoare triple {9920#false} assume true; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L284        TraceCheckUtils]: 68: Hoare quadruple {9920#false} {9920#false} #1003#return; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 69: Hoare triple {9920#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L290        TraceCheckUtils]: 70: Hoare triple {9920#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {9920#false} is VALID
[2022-02-20 17:59:32,545 INFO  L272        TraceCheckUtils]: 71: Hoare triple {9920#false} call outgoing(~sender#1, ~email~0#1); {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 72: Hoare triple {9920#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L272        TraceCheckUtils]: 73: Hoare triple {9920#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 74: Hoare triple {9920#false} ~handle := #in~handle;havoc ~retValue_acc~9; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 75: Hoare triple {9920#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 76: Hoare triple {9920#false} assume true; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L284        TraceCheckUtils]: 77: Hoare quadruple {9920#false} {9920#false} #955#return; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 78: Hoare triple {9920#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 79: Hoare triple {9920#false} assume 0 == sign_~privkey~0#1; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 80: Hoare triple {9920#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 81: Hoare triple {9920#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 82: Hoare triple {9920#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L272        TraceCheckUtils]: 83: Hoare triple {9920#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 84: Hoare triple {9920#false} ~handle := #in~handle;~value := #in~value; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 85: Hoare triple {9920#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 86: Hoare triple {9920#false} assume true; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L284        TraceCheckUtils]: 87: Hoare quadruple {9920#false} {9920#false} #957#return; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 88: Hoare triple {9920#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L272        TraceCheckUtils]: 89: Hoare triple {9920#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 90: Hoare triple {9920#false} ~handle := #in~handle;havoc ~retValue_acc~31; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 91: Hoare triple {9920#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {9920#false} is VALID
[2022-02-20 17:59:32,546 INFO  L290        TraceCheckUtils]: 92: Hoare triple {9920#false} assume true; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L284        TraceCheckUtils]: 93: Hoare quadruple {9920#false} {9920#false} #959#return; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L290        TraceCheckUtils]: 94: Hoare triple {9920#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L290        TraceCheckUtils]: 95: Hoare triple {9920#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L272        TraceCheckUtils]: 96: Hoare triple {9920#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L290        TraceCheckUtils]: 97: Hoare triple {9920#false} ~handle := #in~handle;havoc ~retValue_acc~9; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L290        TraceCheckUtils]: 98: Hoare triple {9920#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L290        TraceCheckUtils]: 99: Hoare triple {9920#false} assume true; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L284        TraceCheckUtils]: 100: Hoare quadruple {9920#false} {9920#false} #961#return; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L290        TraceCheckUtils]: 101: Hoare triple {9920#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L290        TraceCheckUtils]: 102: Hoare triple {9920#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L290        TraceCheckUtils]: 103: Hoare triple {9920#false} assume !false; {9920#false} is VALID
[2022-02-20 17:59:32,547 INFO  L134       CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked.
[2022-02-20 17:59:32,547 INFO  L324         TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect
[2022-02-20 17:59:32,547 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [52587559] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:32,547 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences.
[2022-02-20 17:59:32,547 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15
[2022-02-20 17:59:32,548 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1721101286]
[2022-02-20 17:59:32,548 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:32,548 INFO  L78                 Accepts]: Start accepts. Automaton has  has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 104
[2022-02-20 17:59:32,548 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:32,548 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:32,614 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:32,614 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 5 states
[2022-02-20 17:59:32,614 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:32,615 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants.
[2022-02-20 17:59:32,615 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210
[2022-02-20 17:59:32,615 INFO  L87              Difference]: Start difference. First operand 378 states and 577 transitions. Second operand  has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:33,425 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:33,425 INFO  L93              Difference]: Finished difference Result 745 states and 1143 transitions.
[2022-02-20 17:59:33,425 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. 
[2022-02-20 17:59:33,425 INFO  L78                 Accepts]: Start accepts. Automaton has  has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 104
[2022-02-20 17:59:33,426 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 17:59:33,426 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:33,433 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 949 transitions.
[2022-02-20 17:59:33,433 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:33,441 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 949 transitions.
[2022-02-20 17:59:33,441 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 949 transitions.
[2022-02-20 17:59:34,033 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 949 edges. 949 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:34,042 INFO  L225             Difference]: With dead ends: 745
[2022-02-20 17:59:34,042 INFO  L226             Difference]: Without dead ends: 380
[2022-02-20 17:59:34,043 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 120 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240
[2022-02-20 17:59:34,043 INFO  L933         BasicCegarLoop]: 469 mSDtfsCounter, 132 mSDsluCounter, 1252 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1721 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time
[2022-02-20 17:59:34,044 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 1721 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time]
[2022-02-20 17:59:34,044 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 380 states.
[2022-02-20 17:59:34,143 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 380 to 380.
[2022-02-20 17:59:34,143 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 17:59:34,144 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 380 states. Second operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65)
[2022-02-20 17:59:34,145 INFO  L74              IsIncluded]: Start isIncluded. First operand 380 states. Second operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65)
[2022-02-20 17:59:34,146 INFO  L87              Difference]: Start difference. First operand 380 states. Second operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65)
[2022-02-20 17:59:34,154 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:34,154 INFO  L93              Difference]: Finished difference Result 380 states and 583 transitions.
[2022-02-20 17:59:34,154 INFO  L276                IsEmpty]: Start isEmpty. Operand 380 states and 583 transitions.
[2022-02-20 17:59:34,155 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:34,155 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:34,156 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65) Second operand 380 states.
[2022-02-20 17:59:34,157 INFO  L87              Difference]: Start difference. First operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65) Second operand 380 states.
[2022-02-20 17:59:34,169 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:34,169 INFO  L93              Difference]: Finished difference Result 380 states and 583 transitions.
[2022-02-20 17:59:34,170 INFO  L276                IsEmpty]: Start isEmpty. Operand 380 states and 583 transitions.
[2022-02-20 17:59:34,170 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:34,171 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:34,171 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 17:59:34,171 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 17:59:34,172 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65)
[2022-02-20 17:59:34,181 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 380 states to 380 states and 583 transitions.
[2022-02-20 17:59:34,181 INFO  L78                 Accepts]: Start accepts. Automaton has 380 states and 583 transitions. Word has length 104
[2022-02-20 17:59:34,181 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 17:59:34,183 INFO  L470      AbstractCegarLoop]: Abstraction has 380 states and 583 transitions.
[2022-02-20 17:59:34,183 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 5 states, 5 states have (on average 13.8) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (14), 2 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:34,183 INFO  L276                IsEmpty]: Start isEmpty. Operand 380 states and 583 transitions.
[2022-02-20 17:59:34,184 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 106
[2022-02-20 17:59:34,184 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:34,184 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:34,219 INFO  L540       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0
[2022-02-20 17:59:34,395 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 17:59:34,395 INFO  L402      AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:34,396 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:34,396 INFO  L85        PathProgramCache]: Analyzing trace with hash -901344032, now seen corresponding path program 1 times
[2022-02-20 17:59:34,396 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:34,396 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [203442878]
[2022-02-20 17:59:34,396 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:34,396 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:34,419 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,443 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:34,445 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,446 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,446 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,446 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,446 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12657#true} #1007#return; {12657#true} is VALID
[2022-02-20 17:59:34,451 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:34,452 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,453 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,453 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,454 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,454 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12657#true} #1009#return; {12657#true} is VALID
[2022-02-20 17:59:34,454 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:34,455 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,456 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,456 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume !(1 == ~handle); {12657#true} is VALID
[2022-02-20 17:59:34,456 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,456 INFO  L290        TraceCheckUtils]: 3: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,457 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {12657#true} {12657#true} #1011#return; {12657#true} is VALID
[2022-02-20 17:59:34,457 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 17:59:34,458 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,460 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,460 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume !(1 == ~handle); {12657#true} is VALID
[2022-02-20 17:59:34,460 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,460 INFO  L290        TraceCheckUtils]: 3: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,460 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {12657#true} {12657#true} #1013#return; {12657#true} is VALID
[2022-02-20 17:59:34,461 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 17:59:34,462 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,473 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12712#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:34,474 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12712#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12713#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:34,474 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12713#(= |setClientId_#in~handle| 1)} assume true; {12713#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:34,474 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12713#(= |setClientId_#in~handle| 1)} {12677#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1015#return; {12658#false} is VALID
[2022-02-20 17:59:34,474 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38
[2022-02-20 17:59:34,475 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,477 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,477 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,477 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,477 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12658#false} #1017#return; {12658#false} is VALID
[2022-02-20 17:59:34,482 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60
[2022-02-20 17:59:34,483 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,485 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12714#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,485 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,485 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,485 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12658#false} #1001#return; {12658#false} is VALID
[2022-02-20 17:59:34,491 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65
[2022-02-20 17:59:34,492 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,499 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12715#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,499 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,499 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,499 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12658#false} #1003#return; {12658#false} is VALID
[2022-02-20 17:59:34,500 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74
[2022-02-20 17:59:34,500 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,502 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12657#true} ~handle := #in~handle;havoc ~retValue_acc~9; {12657#true} is VALID
[2022-02-20 17:59:34,502 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {12657#true} is VALID
[2022-02-20 17:59:34,502 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,502 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12658#false} #955#return; {12658#false} is VALID
[2022-02-20 17:59:34,502 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84
[2022-02-20 17:59:34,503 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,506 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12714#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,506 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,506 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,506 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12658#false} #957#return; {12658#false} is VALID
[2022-02-20 17:59:34,506 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90
[2022-02-20 17:59:34,507 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,508 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12657#true} ~handle := #in~handle;havoc ~retValue_acc~31; {12657#true} is VALID
[2022-02-20 17:59:34,508 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {12657#true} is VALID
[2022-02-20 17:59:34,508 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,508 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12658#false} #959#return; {12658#false} is VALID
[2022-02-20 17:59:34,508 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97
[2022-02-20 17:59:34,509 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:34,510 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12657#true} ~handle := #in~handle;havoc ~retValue_acc~9; {12657#true} is VALID
[2022-02-20 17:59:34,510 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {12657#true} is VALID
[2022-02-20 17:59:34,510 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,510 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {12657#true} {12658#false} #961#return; {12658#false} is VALID
[2022-02-20 17:59:34,511 INFO  L290        TraceCheckUtils]: 0: Hoare triple {12657#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {12657#true} is VALID
[2022-02-20 17:59:34,511 INFO  L290        TraceCheckUtils]: 1: Hoare triple {12657#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {12657#true} is VALID
[2022-02-20 17:59:34,511 INFO  L290        TraceCheckUtils]: 2: Hoare triple {12657#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12657#true} is VALID
[2022-02-20 17:59:34,511 INFO  L290        TraceCheckUtils]: 3: Hoare triple {12657#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {12657#true} is VALID
[2022-02-20 17:59:34,511 INFO  L290        TraceCheckUtils]: 4: Hoare triple {12657#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {12657#true} is VALID
[2022-02-20 17:59:34,511 INFO  L290        TraceCheckUtils]: 5: Hoare triple {12657#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12657#true} is VALID
[2022-02-20 17:59:34,511 INFO  L272        TraceCheckUtils]: 6: Hoare triple {12657#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:34,511 INFO  L290        TraceCheckUtils]: 7: Hoare triple {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L290        TraceCheckUtils]: 8: Hoare triple {12657#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L290        TraceCheckUtils]: 9: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {12657#true} {12657#true} #1007#return; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L290        TraceCheckUtils]: 11: Hoare triple {12657#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L272        TraceCheckUtils]: 12: Hoare triple {12657#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:34,512 INFO  L290        TraceCheckUtils]: 13: Hoare triple {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L290        TraceCheckUtils]: 14: Hoare triple {12657#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L290        TraceCheckUtils]: 15: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {12657#true} {12657#true} #1009#return; {12657#true} is VALID
[2022-02-20 17:59:34,512 INFO  L290        TraceCheckUtils]: 17: Hoare triple {12657#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12657#true} is VALID
[2022-02-20 17:59:34,513 INFO  L272        TraceCheckUtils]: 18: Hoare triple {12657#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:34,513 INFO  L290        TraceCheckUtils]: 19: Hoare triple {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,513 INFO  L290        TraceCheckUtils]: 20: Hoare triple {12657#true} assume !(1 == ~handle); {12657#true} is VALID
[2022-02-20 17:59:34,513 INFO  L290        TraceCheckUtils]: 21: Hoare triple {12657#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,513 INFO  L290        TraceCheckUtils]: 22: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,513 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {12657#true} {12657#true} #1011#return; {12657#true} is VALID
[2022-02-20 17:59:34,513 INFO  L290        TraceCheckUtils]: 24: Hoare triple {12657#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {12657#true} is VALID
[2022-02-20 17:59:34,514 INFO  L272        TraceCheckUtils]: 25: Hoare triple {12657#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:34,514 INFO  L290        TraceCheckUtils]: 26: Hoare triple {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,514 INFO  L290        TraceCheckUtils]: 27: Hoare triple {12657#true} assume !(1 == ~handle); {12657#true} is VALID
[2022-02-20 17:59:34,514 INFO  L290        TraceCheckUtils]: 28: Hoare triple {12657#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,514 INFO  L290        TraceCheckUtils]: 29: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,514 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {12657#true} {12657#true} #1013#return; {12657#true} is VALID
[2022-02-20 17:59:34,515 INFO  L290        TraceCheckUtils]: 31: Hoare triple {12657#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12677#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 17:59:34,515 INFO  L272        TraceCheckUtils]: 32: Hoare triple {12677#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:34,515 INFO  L290        TraceCheckUtils]: 33: Hoare triple {12710#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12712#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:34,516 INFO  L290        TraceCheckUtils]: 34: Hoare triple {12712#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12713#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:34,516 INFO  L290        TraceCheckUtils]: 35: Hoare triple {12713#(= |setClientId_#in~handle| 1)} assume true; {12713#(= |setClientId_#in~handle| 1)} is VALID
[2022-02-20 17:59:34,516 INFO  L284        TraceCheckUtils]: 36: Hoare quadruple {12713#(= |setClientId_#in~handle| 1)} {12677#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1015#return; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 37: Hoare triple {12658#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L272        TraceCheckUtils]: 38: Hoare triple {12658#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 39: Hoare triple {12711#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 40: Hoare triple {12657#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 41: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,517 INFO  L284        TraceCheckUtils]: 42: Hoare quadruple {12657#true} {12658#false} #1017#return; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 43: Hoare triple {12658#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 44: Hoare triple {12658#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 45: Hoare triple {12658#false} assume !false; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 46: Hoare triple {12658#false} assume test_~splverifierCounter~0#1 < 4; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 47: Hoare triple {12658#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 48: Hoare triple {12658#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 49: Hoare triple {12658#false} assume !(0 != test_~tmp___9~0#1); {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 50: Hoare triple {12658#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 51: Hoare triple {12658#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 52: Hoare triple {12658#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 53: Hoare triple {12658#false} assume { :end_inline_setClientAutoResponse } true; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 54: Hoare triple {12658#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 55: Hoare triple {12658#false} assume !false; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 56: Hoare triple {12658#false} assume !(test_~splverifierCounter~0#1 < 4); {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 57: Hoare triple {12658#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L272        TraceCheckUtils]: 58: Hoare triple {12658#false} call sendEmail(~bob~0, ~rjh~0); {12658#false} is VALID
[2022-02-20 17:59:34,517 INFO  L290        TraceCheckUtils]: 59: Hoare triple {12658#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L272        TraceCheckUtils]: 60: Hoare triple {12658#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12714#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 61: Hoare triple {12714#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 62: Hoare triple {12657#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 63: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L284        TraceCheckUtils]: 64: Hoare quadruple {12657#true} {12658#false} #1001#return; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L272        TraceCheckUtils]: 65: Hoare triple {12658#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12715#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 66: Hoare triple {12715#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 67: Hoare triple {12657#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 68: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L284        TraceCheckUtils]: 69: Hoare quadruple {12657#true} {12658#false} #1003#return; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 70: Hoare triple {12658#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 71: Hoare triple {12658#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L272        TraceCheckUtils]: 72: Hoare triple {12658#false} call outgoing(~sender#1, ~email~0#1); {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 73: Hoare triple {12658#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L272        TraceCheckUtils]: 74: Hoare triple {12658#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 75: Hoare triple {12657#true} ~handle := #in~handle;havoc ~retValue_acc~9; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 76: Hoare triple {12657#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 77: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,518 INFO  L284        TraceCheckUtils]: 78: Hoare quadruple {12657#true} {12658#false} #955#return; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 79: Hoare triple {12658#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 80: Hoare triple {12658#false} assume 0 == sign_~privkey~0#1; {12658#false} is VALID
[2022-02-20 17:59:34,518 INFO  L290        TraceCheckUtils]: 81: Hoare triple {12658#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 82: Hoare triple {12658#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 83: Hoare triple {12658#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L272        TraceCheckUtils]: 84: Hoare triple {12658#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {12714#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 85: Hoare triple {12714#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 86: Hoare triple {12657#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 87: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L284        TraceCheckUtils]: 88: Hoare quadruple {12657#true} {12658#false} #957#return; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 89: Hoare triple {12658#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L272        TraceCheckUtils]: 90: Hoare triple {12658#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 91: Hoare triple {12657#true} ~handle := #in~handle;havoc ~retValue_acc~31; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 92: Hoare triple {12657#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 93: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L284        TraceCheckUtils]: 94: Hoare quadruple {12657#true} {12658#false} #959#return; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 95: Hoare triple {12658#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 96: Hoare triple {12658#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L272        TraceCheckUtils]: 97: Hoare triple {12658#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 98: Hoare triple {12657#true} ~handle := #in~handle;havoc ~retValue_acc~9; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 99: Hoare triple {12657#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 100: Hoare triple {12657#true} assume true; {12657#true} is VALID
[2022-02-20 17:59:34,519 INFO  L284        TraceCheckUtils]: 101: Hoare quadruple {12657#true} {12658#false} #961#return; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 102: Hoare triple {12658#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 103: Hoare triple {12658#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {12658#false} is VALID
[2022-02-20 17:59:34,519 INFO  L290        TraceCheckUtils]: 104: Hoare triple {12658#false} assume !false; {12658#false} is VALID
[2022-02-20 17:59:34,520 INFO  L134       CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked.
[2022-02-20 17:59:34,520 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:34,520 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [203442878]
[2022-02-20 17:59:34,520 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [203442878] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:34,520 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 17:59:34,520 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9
[2022-02-20 17:59:34,520 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [678945820]
[2022-02-20 17:59:34,520 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:34,521 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 105
[2022-02-20 17:59:34,521 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:34,521 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:34,572 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 91 edges. 91 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:34,572 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 9 states
[2022-02-20 17:59:34,572 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:34,572 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants.
[2022-02-20 17:59:34,573 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 17:59:34,573 INFO  L87              Difference]: Start difference. First operand 380 states and 583 transitions. Second operand  has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:40,747 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:40,747 INFO  L93              Difference]: Finished difference Result 925 states and 1432 transitions.
[2022-02-20 17:59:40,747 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. 
[2022-02-20 17:59:40,748 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 105
[2022-02-20 17:59:40,748 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 17:59:40,748 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:40,765 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1230 transitions.
[2022-02-20 17:59:40,766 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:40,776 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1230 transitions.
[2022-02-20 17:59:40,776 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1230 transitions.
[2022-02-20 17:59:41,738 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1230 edges. 1230 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:41,756 INFO  L225             Difference]: With dead ends: 925
[2022-02-20 17:59:41,756 INFO  L226             Difference]: Without dead ends: 568
[2022-02-20 17:59:41,757 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272
[2022-02-20 17:59:41,758 INFO  L933         BasicCegarLoop]: 633 mSDtfsCounter, 1166 mSDsluCounter, 863 mSDsCounter, 0 mSdLazyCounter, 2223 mSolverCounterSat, 424 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1183 SdHoareTripleChecker+Valid, 1496 SdHoareTripleChecker+Invalid, 2647 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 424 IncrementalHoareTripleChecker+Valid, 2223 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.8s IncrementalHoareTripleChecker+Time
[2022-02-20 17:59:41,758 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1183 Valid, 1496 Invalid, 2647 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [424 Valid, 2223 Invalid, 0 Unknown, 0 Unchecked, 2.8s Time]
[2022-02-20 17:59:41,759 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 568 states.
[2022-02-20 17:59:41,870 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 568 to 380.
[2022-02-20 17:59:41,871 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 17:59:41,872 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 568 states. Second operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (64), 58 states have call predecessors, (64), 58 states have call successors, (64)
[2022-02-20 17:59:41,873 INFO  L74              IsIncluded]: Start isIncluded. First operand 568 states. Second operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (64), 58 states have call predecessors, (64), 58 states have call successors, (64)
[2022-02-20 17:59:41,874 INFO  L87              Difference]: Start difference. First operand 568 states. Second operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (64), 58 states have call predecessors, (64), 58 states have call successors, (64)
[2022-02-20 17:59:41,892 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:41,893 INFO  L93              Difference]: Finished difference Result 568 states and 880 transitions.
[2022-02-20 17:59:41,893 INFO  L276                IsEmpty]: Start isEmpty. Operand 568 states and 880 transitions.
[2022-02-20 17:59:41,895 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:41,895 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:41,896 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (64), 58 states have call predecessors, (64), 58 states have call successors, (64) Second operand 568 states.
[2022-02-20 17:59:41,897 INFO  L87              Difference]: Start difference. First operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (64), 58 states have call predecessors, (64), 58 states have call successors, (64) Second operand 568 states.
[2022-02-20 17:59:41,913 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:41,914 INFO  L93              Difference]: Finished difference Result 568 states and 880 transitions.
[2022-02-20 17:59:41,914 INFO  L276                IsEmpty]: Start isEmpty. Operand 568 states and 880 transitions.
[2022-02-20 17:59:41,918 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:41,918 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:41,918 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 17:59:41,918 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 17:59:41,919 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 380 states, 300 states have (on average 1.53) internal successors, (459), 303 states have internal predecessors, (459), 59 states have call successors, (59), 18 states have call predecessors, (59), 20 states have return successors, (64), 58 states have call predecessors, (64), 58 states have call successors, (64)
[2022-02-20 17:59:41,930 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 380 states to 380 states and 582 transitions.
[2022-02-20 17:59:41,931 INFO  L78                 Accepts]: Start accepts. Automaton has 380 states and 582 transitions. Word has length 105
[2022-02-20 17:59:41,932 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 17:59:41,932 INFO  L470      AbstractCegarLoop]: Abstraction has 380 states and 582 transitions.
[2022-02-20 17:59:41,932 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:41,932 INFO  L276                IsEmpty]: Start isEmpty. Operand 380 states and 582 transitions.
[2022-02-20 17:59:41,935 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 107
[2022-02-20 17:59:41,935 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:41,935 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:41,935 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5
[2022-02-20 17:59:41,936 INFO  L402      AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:41,936 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:41,936 INFO  L85        PathProgramCache]: Analyzing trace with hash 2004978448, now seen corresponding path program 2 times
[2022-02-20 17:59:41,936 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:41,936 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [502956359]
[2022-02-20 17:59:41,936 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:41,937 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:41,959 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:41,981 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:41,982 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:41,984 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:41,984 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:41,984 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:41,985 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15741#true} #1007#return; {15741#true} is VALID
[2022-02-20 17:59:41,990 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:41,992 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:41,994 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:41,994 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:41,994 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:41,995 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15741#true} #1009#return; {15741#true} is VALID
[2022-02-20 17:59:41,995 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:41,996 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:41,998 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:41,998 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume !(1 == ~handle); {15741#true} is VALID
[2022-02-20 17:59:41,998 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:41,998 INFO  L290        TraceCheckUtils]: 3: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:41,998 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {15741#true} {15741#true} #1011#return; {15741#true} is VALID
[2022-02-20 17:59:41,999 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 17:59:42,000 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,001 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,001 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume !(1 == ~handle); {15741#true} is VALID
[2022-02-20 17:59:42,002 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,002 INFO  L290        TraceCheckUtils]: 3: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,002 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {15741#true} {15741#true} #1013#return; {15741#true} is VALID
[2022-02-20 17:59:42,002 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 17:59:42,004 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,015 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15797#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:42,015 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15797#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15797#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:42,016 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15797#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15798#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:42,016 INFO  L290        TraceCheckUtils]: 3: Hoare triple {15798#(= 2 |setClientId_#in~handle|)} assume true; {15798#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:42,016 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {15798#(= 2 |setClientId_#in~handle|)} {15761#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1015#return; {15742#false} is VALID
[2022-02-20 17:59:42,017 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39
[2022-02-20 17:59:42,018 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,020 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,020 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,020 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,020 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15742#false} #1017#return; {15742#false} is VALID
[2022-02-20 17:59:42,026 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61
[2022-02-20 17:59:42,026 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,028 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,028 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,028 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,029 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15742#false} #1001#return; {15742#false} is VALID
[2022-02-20 17:59:42,035 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66
[2022-02-20 17:59:42,036 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,038 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15800#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,038 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,038 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,038 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15742#false} #1003#return; {15742#false} is VALID
[2022-02-20 17:59:42,039 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75
[2022-02-20 17:59:42,039 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,041 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15741#true} ~handle := #in~handle;havoc ~retValue_acc~9; {15741#true} is VALID
[2022-02-20 17:59:42,041 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {15741#true} is VALID
[2022-02-20 17:59:42,041 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,041 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15742#false} #955#return; {15742#false} is VALID
[2022-02-20 17:59:42,041 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85
[2022-02-20 17:59:42,042 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,044 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,044 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,044 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,045 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15742#false} #957#return; {15742#false} is VALID
[2022-02-20 17:59:42,045 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91
[2022-02-20 17:59:42,045 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,047 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15741#true} ~handle := #in~handle;havoc ~retValue_acc~31; {15741#true} is VALID
[2022-02-20 17:59:42,047 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {15741#true} is VALID
[2022-02-20 17:59:42,047 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,047 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15742#false} #959#return; {15742#false} is VALID
[2022-02-20 17:59:42,047 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98
[2022-02-20 17:59:42,048 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:42,050 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15741#true} ~handle := #in~handle;havoc ~retValue_acc~9; {15741#true} is VALID
[2022-02-20 17:59:42,050 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {15741#true} is VALID
[2022-02-20 17:59:42,050 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,050 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {15741#true} {15742#false} #961#return; {15742#false} is VALID
[2022-02-20 17:59:42,050 INFO  L290        TraceCheckUtils]: 0: Hoare triple {15741#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {15741#true} is VALID
[2022-02-20 17:59:42,051 INFO  L290        TraceCheckUtils]: 1: Hoare triple {15741#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {15741#true} is VALID
[2022-02-20 17:59:42,051 INFO  L290        TraceCheckUtils]: 2: Hoare triple {15741#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15741#true} is VALID
[2022-02-20 17:59:42,051 INFO  L290        TraceCheckUtils]: 3: Hoare triple {15741#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {15741#true} is VALID
[2022-02-20 17:59:42,051 INFO  L290        TraceCheckUtils]: 4: Hoare triple {15741#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {15741#true} is VALID
[2022-02-20 17:59:42,051 INFO  L290        TraceCheckUtils]: 5: Hoare triple {15741#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15741#true} is VALID
[2022-02-20 17:59:42,052 INFO  L272        TraceCheckUtils]: 6: Hoare triple {15741#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:42,052 INFO  L290        TraceCheckUtils]: 7: Hoare triple {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,052 INFO  L290        TraceCheckUtils]: 8: Hoare triple {15741#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,052 INFO  L290        TraceCheckUtils]: 9: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,052 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {15741#true} {15741#true} #1007#return; {15741#true} is VALID
[2022-02-20 17:59:42,052 INFO  L290        TraceCheckUtils]: 11: Hoare triple {15741#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15741#true} is VALID
[2022-02-20 17:59:42,053 INFO  L272        TraceCheckUtils]: 12: Hoare triple {15741#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:42,053 INFO  L290        TraceCheckUtils]: 13: Hoare triple {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,053 INFO  L290        TraceCheckUtils]: 14: Hoare triple {15741#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,053 INFO  L290        TraceCheckUtils]: 15: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,053 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {15741#true} {15741#true} #1009#return; {15741#true} is VALID
[2022-02-20 17:59:42,053 INFO  L290        TraceCheckUtils]: 17: Hoare triple {15741#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15741#true} is VALID
[2022-02-20 17:59:42,054 INFO  L272        TraceCheckUtils]: 18: Hoare triple {15741#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:42,054 INFO  L290        TraceCheckUtils]: 19: Hoare triple {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,054 INFO  L290        TraceCheckUtils]: 20: Hoare triple {15741#true} assume !(1 == ~handle); {15741#true} is VALID
[2022-02-20 17:59:42,054 INFO  L290        TraceCheckUtils]: 21: Hoare triple {15741#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,054 INFO  L290        TraceCheckUtils]: 22: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,054 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {15741#true} {15741#true} #1011#return; {15741#true} is VALID
[2022-02-20 17:59:42,054 INFO  L290        TraceCheckUtils]: 24: Hoare triple {15741#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15741#true} is VALID
[2022-02-20 17:59:42,055 INFO  L272        TraceCheckUtils]: 25: Hoare triple {15741#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:42,055 INFO  L290        TraceCheckUtils]: 26: Hoare triple {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,055 INFO  L290        TraceCheckUtils]: 27: Hoare triple {15741#true} assume !(1 == ~handle); {15741#true} is VALID
[2022-02-20 17:59:42,056 INFO  L290        TraceCheckUtils]: 28: Hoare triple {15741#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,056 INFO  L290        TraceCheckUtils]: 29: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,056 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {15741#true} {15741#true} #1013#return; {15741#true} is VALID
[2022-02-20 17:59:42,056 INFO  L290        TraceCheckUtils]: 31: Hoare triple {15741#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15761#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 17:59:42,057 INFO  L272        TraceCheckUtils]: 32: Hoare triple {15761#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:42,057 INFO  L290        TraceCheckUtils]: 33: Hoare triple {15795#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15797#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:42,058 INFO  L290        TraceCheckUtils]: 34: Hoare triple {15797#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15797#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:42,058 INFO  L290        TraceCheckUtils]: 35: Hoare triple {15797#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15798#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:42,058 INFO  L290        TraceCheckUtils]: 36: Hoare triple {15798#(= 2 |setClientId_#in~handle|)} assume true; {15798#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:42,059 INFO  L284        TraceCheckUtils]: 37: Hoare quadruple {15798#(= 2 |setClientId_#in~handle|)} {15761#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1015#return; {15742#false} is VALID
[2022-02-20 17:59:42,059 INFO  L290        TraceCheckUtils]: 38: Hoare triple {15742#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15742#false} is VALID
[2022-02-20 17:59:42,059 INFO  L272        TraceCheckUtils]: 39: Hoare triple {15742#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:42,059 INFO  L290        TraceCheckUtils]: 40: Hoare triple {15796#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,060 INFO  L290        TraceCheckUtils]: 41: Hoare triple {15741#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,060 INFO  L290        TraceCheckUtils]: 42: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,060 INFO  L284        TraceCheckUtils]: 43: Hoare quadruple {15741#true} {15742#false} #1017#return; {15742#false} is VALID
[2022-02-20 17:59:42,060 INFO  L290        TraceCheckUtils]: 44: Hoare triple {15742#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {15742#false} is VALID
[2022-02-20 17:59:42,060 INFO  L290        TraceCheckUtils]: 45: Hoare triple {15742#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15742#false} is VALID
[2022-02-20 17:59:42,060 INFO  L290        TraceCheckUtils]: 46: Hoare triple {15742#false} assume !false; {15742#false} is VALID
[2022-02-20 17:59:42,060 INFO  L290        TraceCheckUtils]: 47: Hoare triple {15742#false} assume test_~splverifierCounter~0#1 < 4; {15742#false} is VALID
[2022-02-20 17:59:42,060 INFO  L290        TraceCheckUtils]: 48: Hoare triple {15742#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15742#false} is VALID
[2022-02-20 17:59:42,061 INFO  L290        TraceCheckUtils]: 49: Hoare triple {15742#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {15742#false} is VALID
[2022-02-20 17:59:42,061 INFO  L290        TraceCheckUtils]: 50: Hoare triple {15742#false} assume !(0 != test_~tmp___9~0#1); {15742#false} is VALID
[2022-02-20 17:59:42,061 INFO  L290        TraceCheckUtils]: 51: Hoare triple {15742#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {15742#false} is VALID
[2022-02-20 17:59:42,061 INFO  L290        TraceCheckUtils]: 52: Hoare triple {15742#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {15742#false} is VALID
[2022-02-20 17:59:42,061 INFO  L290        TraceCheckUtils]: 53: Hoare triple {15742#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {15742#false} is VALID
[2022-02-20 17:59:42,061 INFO  L290        TraceCheckUtils]: 54: Hoare triple {15742#false} assume { :end_inline_setClientAutoResponse } true; {15742#false} is VALID
[2022-02-20 17:59:42,061 INFO  L290        TraceCheckUtils]: 55: Hoare triple {15742#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {15742#false} is VALID
[2022-02-20 17:59:42,061 INFO  L290        TraceCheckUtils]: 56: Hoare triple {15742#false} assume !false; {15742#false} is VALID
[2022-02-20 17:59:42,062 INFO  L290        TraceCheckUtils]: 57: Hoare triple {15742#false} assume !(test_~splverifierCounter~0#1 < 4); {15742#false} is VALID
[2022-02-20 17:59:42,062 INFO  L290        TraceCheckUtils]: 58: Hoare triple {15742#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {15742#false} is VALID
[2022-02-20 17:59:42,062 INFO  L272        TraceCheckUtils]: 59: Hoare triple {15742#false} call sendEmail(~bob~0, ~rjh~0); {15742#false} is VALID
[2022-02-20 17:59:42,067 INFO  L290        TraceCheckUtils]: 60: Hoare triple {15742#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15742#false} is VALID
[2022-02-20 17:59:42,067 INFO  L272        TraceCheckUtils]: 61: Hoare triple {15742#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:42,068 INFO  L290        TraceCheckUtils]: 62: Hoare triple {15799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,068 INFO  L290        TraceCheckUtils]: 63: Hoare triple {15741#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,068 INFO  L290        TraceCheckUtils]: 64: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,068 INFO  L284        TraceCheckUtils]: 65: Hoare quadruple {15741#true} {15742#false} #1001#return; {15742#false} is VALID
[2022-02-20 17:59:42,068 INFO  L272        TraceCheckUtils]: 66: Hoare triple {15742#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {15800#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:42,068 INFO  L290        TraceCheckUtils]: 67: Hoare triple {15800#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,068 INFO  L290        TraceCheckUtils]: 68: Hoare triple {15741#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,068 INFO  L290        TraceCheckUtils]: 69: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,069 INFO  L284        TraceCheckUtils]: 70: Hoare quadruple {15741#true} {15742#false} #1003#return; {15742#false} is VALID
[2022-02-20 17:59:42,069 INFO  L290        TraceCheckUtils]: 71: Hoare triple {15742#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {15742#false} is VALID
[2022-02-20 17:59:42,069 INFO  L290        TraceCheckUtils]: 72: Hoare triple {15742#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {15742#false} is VALID
[2022-02-20 17:59:42,069 INFO  L272        TraceCheckUtils]: 73: Hoare triple {15742#false} call outgoing(~sender#1, ~email~0#1); {15742#false} is VALID
[2022-02-20 17:59:42,069 INFO  L290        TraceCheckUtils]: 74: Hoare triple {15742#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {15742#false} is VALID
[2022-02-20 17:59:42,069 INFO  L272        TraceCheckUtils]: 75: Hoare triple {15742#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {15741#true} is VALID
[2022-02-20 17:59:42,069 INFO  L290        TraceCheckUtils]: 76: Hoare triple {15741#true} ~handle := #in~handle;havoc ~retValue_acc~9; {15741#true} is VALID
[2022-02-20 17:59:42,070 INFO  L290        TraceCheckUtils]: 77: Hoare triple {15741#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {15741#true} is VALID
[2022-02-20 17:59:42,070 INFO  L290        TraceCheckUtils]: 78: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,070 INFO  L284        TraceCheckUtils]: 79: Hoare quadruple {15741#true} {15742#false} #955#return; {15742#false} is VALID
[2022-02-20 17:59:42,070 INFO  L290        TraceCheckUtils]: 80: Hoare triple {15742#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {15742#false} is VALID
[2022-02-20 17:59:42,070 INFO  L290        TraceCheckUtils]: 81: Hoare triple {15742#false} assume 0 == sign_~privkey~0#1; {15742#false} is VALID
[2022-02-20 17:59:42,070 INFO  L290        TraceCheckUtils]: 82: Hoare triple {15742#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {15742#false} is VALID
[2022-02-20 17:59:42,070 INFO  L290        TraceCheckUtils]: 83: Hoare triple {15742#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {15742#false} is VALID
[2022-02-20 17:59:42,070 INFO  L290        TraceCheckUtils]: 84: Hoare triple {15742#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {15742#false} is VALID
[2022-02-20 17:59:42,071 INFO  L272        TraceCheckUtils]: 85: Hoare triple {15742#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {15799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:42,071 INFO  L290        TraceCheckUtils]: 86: Hoare triple {15799#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15741#true} is VALID
[2022-02-20 17:59:42,071 INFO  L290        TraceCheckUtils]: 87: Hoare triple {15741#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15741#true} is VALID
[2022-02-20 17:59:42,071 INFO  L290        TraceCheckUtils]: 88: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,071 INFO  L284        TraceCheckUtils]: 89: Hoare quadruple {15741#true} {15742#false} #957#return; {15742#false} is VALID
[2022-02-20 17:59:42,071 INFO  L290        TraceCheckUtils]: 90: Hoare triple {15742#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {15742#false} is VALID
[2022-02-20 17:59:42,071 INFO  L272        TraceCheckUtils]: 91: Hoare triple {15742#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {15741#true} is VALID
[2022-02-20 17:59:42,072 INFO  L290        TraceCheckUtils]: 92: Hoare triple {15741#true} ~handle := #in~handle;havoc ~retValue_acc~31; {15741#true} is VALID
[2022-02-20 17:59:42,072 INFO  L290        TraceCheckUtils]: 93: Hoare triple {15741#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {15741#true} is VALID
[2022-02-20 17:59:42,072 INFO  L290        TraceCheckUtils]: 94: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,072 INFO  L284        TraceCheckUtils]: 95: Hoare quadruple {15741#true} {15742#false} #959#return; {15742#false} is VALID
[2022-02-20 17:59:42,072 INFO  L290        TraceCheckUtils]: 96: Hoare triple {15742#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {15742#false} is VALID
[2022-02-20 17:59:42,072 INFO  L290        TraceCheckUtils]: 97: Hoare triple {15742#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {15742#false} is VALID
[2022-02-20 17:59:42,072 INFO  L272        TraceCheckUtils]: 98: Hoare triple {15742#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {15741#true} is VALID
[2022-02-20 17:59:42,073 INFO  L290        TraceCheckUtils]: 99: Hoare triple {15741#true} ~handle := #in~handle;havoc ~retValue_acc~9; {15741#true} is VALID
[2022-02-20 17:59:42,073 INFO  L290        TraceCheckUtils]: 100: Hoare triple {15741#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {15741#true} is VALID
[2022-02-20 17:59:42,073 INFO  L290        TraceCheckUtils]: 101: Hoare triple {15741#true} assume true; {15741#true} is VALID
[2022-02-20 17:59:42,073 INFO  L284        TraceCheckUtils]: 102: Hoare quadruple {15741#true} {15742#false} #961#return; {15742#false} is VALID
[2022-02-20 17:59:42,073 INFO  L290        TraceCheckUtils]: 103: Hoare triple {15742#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {15742#false} is VALID
[2022-02-20 17:59:42,073 INFO  L290        TraceCheckUtils]: 104: Hoare triple {15742#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {15742#false} is VALID
[2022-02-20 17:59:42,073 INFO  L290        TraceCheckUtils]: 105: Hoare triple {15742#false} assume !false; {15742#false} is VALID
[2022-02-20 17:59:42,074 INFO  L134       CoverageAnalysis]: Checked inductivity of 35 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked.
[2022-02-20 17:59:42,074 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:42,074 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [502956359]
[2022-02-20 17:59:42,074 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [502956359] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:42,074 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 17:59:42,074 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9
[2022-02-20 17:59:42,075 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2135079535]
[2022-02-20 17:59:42,075 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:42,076 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106
[2022-02-20 17:59:42,076 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:42,076 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:42,134 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 92 edges. 92 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:42,135 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 9 states
[2022-02-20 17:59:42,135 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:42,135 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants.
[2022-02-20 17:59:42,135 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72
[2022-02-20 17:59:42,135 INFO  L87              Difference]: Start difference. First operand 380 states and 582 transitions. Second operand  has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:47,991 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:47,992 INFO  L93              Difference]: Finished difference Result 927 states and 1435 transitions.
[2022-02-20 17:59:47,992 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. 
[2022-02-20 17:59:47,992 INFO  L78                 Accepts]: Start accepts. Automaton has  has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106
[2022-02-20 17:59:47,993 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 17:59:47,993 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:48,004 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1231 transitions.
[2022-02-20 17:59:48,004 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:48,014 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1231 transitions.
[2022-02-20 17:59:48,014 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1231 transitions.
[2022-02-20 17:59:49,047 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1231 edges. 1231 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:49,073 INFO  L225             Difference]: With dead ends: 927
[2022-02-20 17:59:49,073 INFO  L226             Difference]: Without dead ends: 570
[2022-02-20 17:59:49,075 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272
[2022-02-20 17:59:49,076 INFO  L933         BasicCegarLoop]: 636 mSDtfsCounter, 1160 mSDsluCounter, 863 mSDsCounter, 0 mSdLazyCounter, 2242 mSolverCounterSat, 424 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1177 SdHoareTripleChecker+Valid, 1499 SdHoareTripleChecker+Invalid, 2666 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 424 IncrementalHoareTripleChecker+Valid, 2242 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time
[2022-02-20 17:59:49,076 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1177 Valid, 1499 Invalid, 2666 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [424 Valid, 2242 Invalid, 0 Unknown, 0 Unchecked, 2.6s Time]
[2022-02-20 17:59:49,077 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 570 states.
[2022-02-20 17:59:49,153 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 570 to 382.
[2022-02-20 17:59:49,153 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 17:59:49,154 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 570 states. Second operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (66), 58 states have call predecessors, (66), 58 states have call successors, (66)
[2022-02-20 17:59:49,155 INFO  L74              IsIncluded]: Start isIncluded. First operand 570 states. Second operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (66), 58 states have call predecessors, (66), 58 states have call successors, (66)
[2022-02-20 17:59:49,156 INFO  L87              Difference]: Start difference. First operand 570 states. Second operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (66), 58 states have call predecessors, (66), 58 states have call successors, (66)
[2022-02-20 17:59:49,173 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:49,173 INFO  L93              Difference]: Finished difference Result 570 states and 883 transitions.
[2022-02-20 17:59:49,173 INFO  L276                IsEmpty]: Start isEmpty. Operand 570 states and 883 transitions.
[2022-02-20 17:59:49,176 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:49,176 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:49,177 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (66), 58 states have call predecessors, (66), 58 states have call successors, (66) Second operand 570 states.
[2022-02-20 17:59:49,177 INFO  L87              Difference]: Start difference. First operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (66), 58 states have call predecessors, (66), 58 states have call successors, (66) Second operand 570 states.
[2022-02-20 17:59:49,195 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:49,196 INFO  L93              Difference]: Finished difference Result 570 states and 883 transitions.
[2022-02-20 17:59:49,196 INFO  L276                IsEmpty]: Start isEmpty. Operand 570 states and 883 transitions.
[2022-02-20 17:59:49,198 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:49,198 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:49,198 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 17:59:49,198 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 17:59:49,199 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (66), 58 states have call predecessors, (66), 58 states have call successors, (66)
[2022-02-20 17:59:49,211 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 382 states to 382 states and 585 transitions.
[2022-02-20 17:59:49,211 INFO  L78                 Accepts]: Start accepts. Automaton has 382 states and 585 transitions. Word has length 106
[2022-02-20 17:59:49,211 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 17:59:49,211 INFO  L470      AbstractCegarLoop]: Abstraction has 382 states and 585 transitions.
[2022-02-20 17:59:49,212 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 9 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (14), 6 states have call predecessors, (14), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12)
[2022-02-20 17:59:49,212 INFO  L276                IsEmpty]: Start isEmpty. Operand 382 states and 585 transitions.
[2022-02-20 17:59:49,213 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 108
[2022-02-20 17:59:49,213 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:49,213 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:49,213 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6
[2022-02-20 17:59:49,213 INFO  L402      AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:49,214 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:49,214 INFO  L85        PathProgramCache]: Analyzing trace with hash -511714523, now seen corresponding path program 1 times
[2022-02-20 17:59:49,214 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:49,214 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1021493939]
[2022-02-20 17:59:49,214 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:49,214 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:49,237 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,267 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:49,268 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,271 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,272 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,272 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,272 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18834#true} {18834#true} #1007#return; {18834#true} is VALID
[2022-02-20 17:59:49,277 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:49,278 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,279 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,280 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,280 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,280 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18834#true} {18834#true} #1009#return; {18834#true} is VALID
[2022-02-20 17:59:49,280 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:49,281 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,282 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,282 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume !(1 == ~handle); {18834#true} is VALID
[2022-02-20 17:59:49,283 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,283 INFO  L290        TraceCheckUtils]: 3: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,283 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {18834#true} {18834#true} #1011#return; {18834#true} is VALID
[2022-02-20 17:59:49,283 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 17:59:49,284 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,285 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,285 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume !(1 == ~handle); {18834#true} is VALID
[2022-02-20 17:59:49,285 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,286 INFO  L290        TraceCheckUtils]: 3: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,286 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {18834#true} {18834#true} #1013#return; {18834#true} is VALID
[2022-02-20 17:59:49,286 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 17:59:49,292 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,307 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18892#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,308 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18892#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18892#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,308 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18892#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {18892#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,308 INFO  L290        TraceCheckUtils]: 3: Hoare triple {18892#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18893#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,309 INFO  L290        TraceCheckUtils]: 4: Hoare triple {18893#(= 3 |setClientId_#in~handle|)} assume true; {18893#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,309 INFO  L284        TraceCheckUtils]: 5: Hoare quadruple {18893#(= 3 |setClientId_#in~handle|)} {18854#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1015#return; {18861#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID
[2022-02-20 17:59:49,309 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40
[2022-02-20 17:59:49,311 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,328 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18894#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:49,328 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18894#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18895#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:49,328 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18895#(= |setClientPrivateKey_#in~handle| 1)} assume true; {18895#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:49,329 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18895#(= |setClientPrivateKey_#in~handle| 1)} {18861#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1017#return; {18835#false} is VALID
[2022-02-20 17:59:49,335 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62
[2022-02-20 17:59:49,336 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,338 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18896#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,339 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,339 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,339 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18834#true} {18835#false} #1001#return; {18835#false} is VALID
[2022-02-20 17:59:49,346 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67
[2022-02-20 17:59:49,346 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,348 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18897#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,348 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,348 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,348 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18834#true} {18835#false} #1003#return; {18835#false} is VALID
[2022-02-20 17:59:49,348 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76
[2022-02-20 17:59:49,349 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,350 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18834#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18834#true} is VALID
[2022-02-20 17:59:49,350 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18834#true} is VALID
[2022-02-20 17:59:49,350 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,350 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18834#true} {18835#false} #955#return; {18835#false} is VALID
[2022-02-20 17:59:49,350 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86
[2022-02-20 17:59:49,351 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,353 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18896#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,353 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,353 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,353 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18834#true} {18835#false} #957#return; {18835#false} is VALID
[2022-02-20 17:59:49,353 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92
[2022-02-20 17:59:49,354 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,356 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18834#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18834#true} is VALID
[2022-02-20 17:59:49,356 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {18834#true} is VALID
[2022-02-20 17:59:49,356 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,356 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18834#true} {18835#false} #959#return; {18835#false} is VALID
[2022-02-20 17:59:49,357 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99
[2022-02-20 17:59:49,357 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:49,359 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18834#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18834#true} is VALID
[2022-02-20 17:59:49,359 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18834#true} is VALID
[2022-02-20 17:59:49,359 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,359 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {18834#true} {18835#false} #961#return; {18835#false} is VALID
[2022-02-20 17:59:49,359 INFO  L290        TraceCheckUtils]: 0: Hoare triple {18834#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {18834#true} is VALID
[2022-02-20 17:59:49,359 INFO  L290        TraceCheckUtils]: 1: Hoare triple {18834#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {18834#true} is VALID
[2022-02-20 17:59:49,359 INFO  L290        TraceCheckUtils]: 2: Hoare triple {18834#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18834#true} is VALID
[2022-02-20 17:59:49,360 INFO  L290        TraceCheckUtils]: 3: Hoare triple {18834#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {18834#true} is VALID
[2022-02-20 17:59:49,360 INFO  L290        TraceCheckUtils]: 4: Hoare triple {18834#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {18834#true} is VALID
[2022-02-20 17:59:49,360 INFO  L290        TraceCheckUtils]: 5: Hoare triple {18834#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18834#true} is VALID
[2022-02-20 17:59:49,360 INFO  L272        TraceCheckUtils]: 6: Hoare triple {18834#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:49,360 INFO  L290        TraceCheckUtils]: 7: Hoare triple {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,360 INFO  L290        TraceCheckUtils]: 8: Hoare triple {18834#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,361 INFO  L290        TraceCheckUtils]: 9: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,361 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {18834#true} {18834#true} #1007#return; {18834#true} is VALID
[2022-02-20 17:59:49,361 INFO  L290        TraceCheckUtils]: 11: Hoare triple {18834#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18834#true} is VALID
[2022-02-20 17:59:49,361 INFO  L272        TraceCheckUtils]: 12: Hoare triple {18834#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:49,361 INFO  L290        TraceCheckUtils]: 13: Hoare triple {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,362 INFO  L290        TraceCheckUtils]: 14: Hoare triple {18834#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,362 INFO  L290        TraceCheckUtils]: 15: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,362 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {18834#true} {18834#true} #1009#return; {18834#true} is VALID
[2022-02-20 17:59:49,362 INFO  L290        TraceCheckUtils]: 17: Hoare triple {18834#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18834#true} is VALID
[2022-02-20 17:59:49,362 INFO  L272        TraceCheckUtils]: 18: Hoare triple {18834#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:49,362 INFO  L290        TraceCheckUtils]: 19: Hoare triple {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,362 INFO  L290        TraceCheckUtils]: 20: Hoare triple {18834#true} assume !(1 == ~handle); {18834#true} is VALID
[2022-02-20 17:59:49,363 INFO  L290        TraceCheckUtils]: 21: Hoare triple {18834#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,363 INFO  L290        TraceCheckUtils]: 22: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,363 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {18834#true} {18834#true} #1011#return; {18834#true} is VALID
[2022-02-20 17:59:49,363 INFO  L290        TraceCheckUtils]: 24: Hoare triple {18834#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18834#true} is VALID
[2022-02-20 17:59:49,363 INFO  L272        TraceCheckUtils]: 25: Hoare triple {18834#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:49,364 INFO  L290        TraceCheckUtils]: 26: Hoare triple {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,364 INFO  L290        TraceCheckUtils]: 27: Hoare triple {18834#true} assume !(1 == ~handle); {18834#true} is VALID
[2022-02-20 17:59:49,364 INFO  L290        TraceCheckUtils]: 28: Hoare triple {18834#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,364 INFO  L290        TraceCheckUtils]: 29: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,364 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {18834#true} {18834#true} #1013#return; {18834#true} is VALID
[2022-02-20 17:59:49,364 INFO  L290        TraceCheckUtils]: 31: Hoare triple {18834#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18854#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 17:59:49,365 INFO  L272        TraceCheckUtils]: 32: Hoare triple {18854#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:49,365 INFO  L290        TraceCheckUtils]: 33: Hoare triple {18890#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18892#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,365 INFO  L290        TraceCheckUtils]: 34: Hoare triple {18892#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18892#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,366 INFO  L290        TraceCheckUtils]: 35: Hoare triple {18892#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {18892#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,366 INFO  L290        TraceCheckUtils]: 36: Hoare triple {18892#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18893#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,366 INFO  L290        TraceCheckUtils]: 37: Hoare triple {18893#(= 3 |setClientId_#in~handle|)} assume true; {18893#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:49,367 INFO  L284        TraceCheckUtils]: 38: Hoare quadruple {18893#(= 3 |setClientId_#in~handle|)} {18854#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1015#return; {18861#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID
[2022-02-20 17:59:49,367 INFO  L290        TraceCheckUtils]: 39: Hoare triple {18861#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {18861#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID
[2022-02-20 17:59:49,367 INFO  L272        TraceCheckUtils]: 40: Hoare triple {18861#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:49,368 INFO  L290        TraceCheckUtils]: 41: Hoare triple {18891#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18894#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:49,368 INFO  L290        TraceCheckUtils]: 42: Hoare triple {18894#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18895#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:49,368 INFO  L290        TraceCheckUtils]: 43: Hoare triple {18895#(= |setClientPrivateKey_#in~handle| 1)} assume true; {18895#(= |setClientPrivateKey_#in~handle| 1)} is VALID
[2022-02-20 17:59:49,369 INFO  L284        TraceCheckUtils]: 44: Hoare quadruple {18895#(= |setClientPrivateKey_#in~handle| 1)} {18861#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1017#return; {18835#false} is VALID
[2022-02-20 17:59:49,369 INFO  L290        TraceCheckUtils]: 45: Hoare triple {18835#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {18835#false} is VALID
[2022-02-20 17:59:49,369 INFO  L290        TraceCheckUtils]: 46: Hoare triple {18835#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18835#false} is VALID
[2022-02-20 17:59:49,369 INFO  L290        TraceCheckUtils]: 47: Hoare triple {18835#false} assume !false; {18835#false} is VALID
[2022-02-20 17:59:49,369 INFO  L290        TraceCheckUtils]: 48: Hoare triple {18835#false} assume test_~splverifierCounter~0#1 < 4; {18835#false} is VALID
[2022-02-20 17:59:49,369 INFO  L290        TraceCheckUtils]: 49: Hoare triple {18835#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18835#false} is VALID
[2022-02-20 17:59:49,369 INFO  L290        TraceCheckUtils]: 50: Hoare triple {18835#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {18835#false} is VALID
[2022-02-20 17:59:49,369 INFO  L290        TraceCheckUtils]: 51: Hoare triple {18835#false} assume !(0 != test_~tmp___9~0#1); {18835#false} is VALID
[2022-02-20 17:59:49,369 INFO  L290        TraceCheckUtils]: 52: Hoare triple {18835#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L290        TraceCheckUtils]: 53: Hoare triple {18835#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L290        TraceCheckUtils]: 54: Hoare triple {18835#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L290        TraceCheckUtils]: 55: Hoare triple {18835#false} assume { :end_inline_setClientAutoResponse } true; {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L290        TraceCheckUtils]: 56: Hoare triple {18835#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L290        TraceCheckUtils]: 57: Hoare triple {18835#false} assume !false; {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L290        TraceCheckUtils]: 58: Hoare triple {18835#false} assume !(test_~splverifierCounter~0#1 < 4); {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L290        TraceCheckUtils]: 59: Hoare triple {18835#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L272        TraceCheckUtils]: 60: Hoare triple {18835#false} call sendEmail(~bob~0, ~rjh~0); {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L290        TraceCheckUtils]: 61: Hoare triple {18835#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18835#false} is VALID
[2022-02-20 17:59:49,370 INFO  L272        TraceCheckUtils]: 62: Hoare triple {18835#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18896#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:49,371 INFO  L290        TraceCheckUtils]: 63: Hoare triple {18896#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,371 INFO  L290        TraceCheckUtils]: 64: Hoare triple {18834#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,371 INFO  L290        TraceCheckUtils]: 65: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,371 INFO  L284        TraceCheckUtils]: 66: Hoare quadruple {18834#true} {18835#false} #1001#return; {18835#false} is VALID
[2022-02-20 17:59:49,371 INFO  L272        TraceCheckUtils]: 67: Hoare triple {18835#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18897#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:49,371 INFO  L290        TraceCheckUtils]: 68: Hoare triple {18897#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,371 INFO  L290        TraceCheckUtils]: 69: Hoare triple {18834#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,371 INFO  L290        TraceCheckUtils]: 70: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,371 INFO  L284        TraceCheckUtils]: 71: Hoare quadruple {18834#true} {18835#false} #1003#return; {18835#false} is VALID
[2022-02-20 17:59:49,372 INFO  L290        TraceCheckUtils]: 72: Hoare triple {18835#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {18835#false} is VALID
[2022-02-20 17:59:49,372 INFO  L290        TraceCheckUtils]: 73: Hoare triple {18835#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {18835#false} is VALID
[2022-02-20 17:59:49,372 INFO  L272        TraceCheckUtils]: 74: Hoare triple {18835#false} call outgoing(~sender#1, ~email~0#1); {18835#false} is VALID
[2022-02-20 17:59:49,372 INFO  L290        TraceCheckUtils]: 75: Hoare triple {18835#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {18835#false} is VALID
[2022-02-20 17:59:49,372 INFO  L272        TraceCheckUtils]: 76: Hoare triple {18835#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {18834#true} is VALID
[2022-02-20 17:59:49,372 INFO  L290        TraceCheckUtils]: 77: Hoare triple {18834#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18834#true} is VALID
[2022-02-20 17:59:49,372 INFO  L290        TraceCheckUtils]: 78: Hoare triple {18834#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18834#true} is VALID
[2022-02-20 17:59:49,372 INFO  L290        TraceCheckUtils]: 79: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,372 INFO  L284        TraceCheckUtils]: 80: Hoare quadruple {18834#true} {18835#false} #955#return; {18835#false} is VALID
[2022-02-20 17:59:49,372 INFO  L290        TraceCheckUtils]: 81: Hoare triple {18835#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {18835#false} is VALID
[2022-02-20 17:59:49,373 INFO  L290        TraceCheckUtils]: 82: Hoare triple {18835#false} assume 0 == sign_~privkey~0#1; {18835#false} is VALID
[2022-02-20 17:59:49,373 INFO  L290        TraceCheckUtils]: 83: Hoare triple {18835#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {18835#false} is VALID
[2022-02-20 17:59:49,373 INFO  L290        TraceCheckUtils]: 84: Hoare triple {18835#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {18835#false} is VALID
[2022-02-20 17:59:49,373 INFO  L290        TraceCheckUtils]: 85: Hoare triple {18835#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {18835#false} is VALID
[2022-02-20 17:59:49,373 INFO  L272        TraceCheckUtils]: 86: Hoare triple {18835#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {18896#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:49,373 INFO  L290        TraceCheckUtils]: 87: Hoare triple {18896#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18834#true} is VALID
[2022-02-20 17:59:49,373 INFO  L290        TraceCheckUtils]: 88: Hoare triple {18834#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18834#true} is VALID
[2022-02-20 17:59:49,373 INFO  L290        TraceCheckUtils]: 89: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,373 INFO  L284        TraceCheckUtils]: 90: Hoare quadruple {18834#true} {18835#false} #957#return; {18835#false} is VALID
[2022-02-20 17:59:49,374 INFO  L290        TraceCheckUtils]: 91: Hoare triple {18835#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {18835#false} is VALID
[2022-02-20 17:59:49,374 INFO  L272        TraceCheckUtils]: 92: Hoare triple {18835#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {18834#true} is VALID
[2022-02-20 17:59:49,374 INFO  L290        TraceCheckUtils]: 93: Hoare triple {18834#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18834#true} is VALID
[2022-02-20 17:59:49,374 INFO  L290        TraceCheckUtils]: 94: Hoare triple {18834#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {18834#true} is VALID
[2022-02-20 17:59:49,374 INFO  L290        TraceCheckUtils]: 95: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,374 INFO  L284        TraceCheckUtils]: 96: Hoare quadruple {18834#true} {18835#false} #959#return; {18835#false} is VALID
[2022-02-20 17:59:49,374 INFO  L290        TraceCheckUtils]: 97: Hoare triple {18835#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {18835#false} is VALID
[2022-02-20 17:59:49,374 INFO  L290        TraceCheckUtils]: 98: Hoare triple {18835#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {18835#false} is VALID
[2022-02-20 17:59:49,374 INFO  L272        TraceCheckUtils]: 99: Hoare triple {18835#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {18834#true} is VALID
[2022-02-20 17:59:49,374 INFO  L290        TraceCheckUtils]: 100: Hoare triple {18834#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18834#true} is VALID
[2022-02-20 17:59:49,375 INFO  L290        TraceCheckUtils]: 101: Hoare triple {18834#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18834#true} is VALID
[2022-02-20 17:59:49,375 INFO  L290        TraceCheckUtils]: 102: Hoare triple {18834#true} assume true; {18834#true} is VALID
[2022-02-20 17:59:49,375 INFO  L284        TraceCheckUtils]: 103: Hoare quadruple {18834#true} {18835#false} #961#return; {18835#false} is VALID
[2022-02-20 17:59:49,375 INFO  L290        TraceCheckUtils]: 104: Hoare triple {18835#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {18835#false} is VALID
[2022-02-20 17:59:49,375 INFO  L290        TraceCheckUtils]: 105: Hoare triple {18835#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {18835#false} is VALID
[2022-02-20 17:59:49,375 INFO  L290        TraceCheckUtils]: 106: Hoare triple {18835#false} assume !false; {18835#false} is VALID
[2022-02-20 17:59:49,375 INFO  L134       CoverageAnalysis]: Checked inductivity of 35 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked.
[2022-02-20 17:59:49,376 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:49,376 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1021493939]
[2022-02-20 17:59:49,376 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1021493939] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:49,376 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 17:59:49,376 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12
[2022-02-20 17:59:49,376 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1590264861]
[2022-02-20 17:59:49,376 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:49,377 INFO  L78                 Accepts]: Start accepts. Automaton has  has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 107
[2022-02-20 17:59:49,377 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:49,377 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 17:59:49,429 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:49,429 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 12 states
[2022-02-20 17:59:49,430 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:49,430 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants.
[2022-02-20 17:59:49,430 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132
[2022-02-20 17:59:49,431 INFO  L87              Difference]: Start difference. First operand 382 states and 585 transitions. Second operand  has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 17:59:58,278 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:58,278 INFO  L93              Difference]: Finished difference Result 925 states and 1430 transitions.
[2022-02-20 17:59:58,278 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. 
[2022-02-20 17:59:58,278 INFO  L78                 Accepts]: Start accepts. Automaton has  has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 107
[2022-02-20 17:59:58,279 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 17:59:58,279 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 17:59:58,287 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1232 transitions.
[2022-02-20 17:59:58,287 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 17:59:58,295 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1232 transitions.
[2022-02-20 17:59:58,295 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1232 transitions.
[2022-02-20 17:59:59,245 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1232 edges. 1232 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:59,261 INFO  L225             Difference]: With dead ends: 925
[2022-02-20 17:59:59,261 INFO  L226             Difference]: Without dead ends: 570
[2022-02-20 17:59:59,262 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552
[2022-02-20 17:59:59,263 INFO  L933         BasicCegarLoop]: 622 mSDtfsCounter, 1280 mSDsluCounter, 1196 mSDsCounter, 0 mSdLazyCounter, 3983 mSolverCounterSat, 476 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1280 SdHoareTripleChecker+Valid, 1818 SdHoareTripleChecker+Invalid, 4459 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 476 IncrementalHoareTripleChecker+Valid, 3983 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.2s IncrementalHoareTripleChecker+Time
[2022-02-20 17:59:59,263 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1280 Valid, 1818 Invalid, 4459 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [476 Valid, 3983 Invalid, 0 Unknown, 0 Unchecked, 4.2s Time]
[2022-02-20 17:59:59,264 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 570 states.
[2022-02-20 17:59:59,354 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 570 to 382.
[2022-02-20 17:59:59,354 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 17:59:59,360 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 570 states. Second operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65)
[2022-02-20 17:59:59,362 INFO  L74              IsIncluded]: Start isIncluded. First operand 570 states. Second operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65)
[2022-02-20 17:59:59,364 INFO  L87              Difference]: Start difference. First operand 570 states. Second operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65)
[2022-02-20 17:59:59,378 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:59,378 INFO  L93              Difference]: Finished difference Result 570 states and 882 transitions.
[2022-02-20 17:59:59,378 INFO  L276                IsEmpty]: Start isEmpty. Operand 570 states and 882 transitions.
[2022-02-20 17:59:59,386 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:59,386 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:59,388 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65) Second operand 570 states.
[2022-02-20 17:59:59,389 INFO  L87              Difference]: Start difference. First operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65) Second operand 570 states.
[2022-02-20 17:59:59,404 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 17:59:59,404 INFO  L93              Difference]: Finished difference Result 570 states and 882 transitions.
[2022-02-20 17:59:59,404 INFO  L276                IsEmpty]: Start isEmpty. Operand 570 states and 882 transitions.
[2022-02-20 17:59:59,406 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 17:59:59,407 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 17:59:59,407 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 17:59:59,407 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 17:59:59,407 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 382 states, 301 states have (on average 1.5282392026578073) internal successors, (460), 305 states have internal predecessors, (460), 59 states have call successors, (59), 18 states have call predecessors, (59), 21 states have return successors, (65), 58 states have call predecessors, (65), 58 states have call successors, (65)
[2022-02-20 17:59:59,416 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 382 states to 382 states and 584 transitions.
[2022-02-20 17:59:59,416 INFO  L78                 Accepts]: Start accepts. Automaton has 382 states and 584 transitions. Word has length 107
[2022-02-20 17:59:59,416 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 17:59:59,416 INFO  L470      AbstractCegarLoop]: Abstraction has 382 states and 584 transitions.
[2022-02-20 17:59:59,416 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 17:59:59,417 INFO  L276                IsEmpty]: Start isEmpty. Operand 382 states and 584 transitions.
[2022-02-20 17:59:59,418 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 109
[2022-02-20 17:59:59,418 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 17:59:59,418 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 17:59:59,418 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7
[2022-02-20 17:59:59,418 INFO  L402      AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 17:59:59,418 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 17:59:59,419 INFO  L85        PathProgramCache]: Analyzing trace with hash -398431873, now seen corresponding path program 2 times
[2022-02-20 17:59:59,419 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 17:59:59,419 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1326883788]
[2022-02-20 17:59:59,419 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 17:59:59,419 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 17:59:59,444 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,472 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 17:59:59,474 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,476 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,476 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,476 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,476 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21936#true} {21936#true} #1007#return; {21936#true} is VALID
[2022-02-20 17:59:59,482 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 17:59:59,484 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,485 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,486 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,486 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,486 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21936#true} {21936#true} #1009#return; {21936#true} is VALID
[2022-02-20 17:59:59,486 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 17:59:59,487 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,489 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,489 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume !(1 == ~handle); {21936#true} is VALID
[2022-02-20 17:59:59,489 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,489 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,490 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {21936#true} {21936#true} #1011#return; {21936#true} is VALID
[2022-02-20 17:59:59,490 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 17:59:59,492 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,493 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,494 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume !(1 == ~handle); {21936#true} is VALID
[2022-02-20 17:59:59,494 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,494 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,494 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {21936#true} {21936#true} #1013#return; {21936#true} is VALID
[2022-02-20 17:59:59,495 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 17:59:59,497 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,510 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21995#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,510 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21995#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21995#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,511 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21995#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21995#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,511 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21995#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21996#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,511 INFO  L290        TraceCheckUtils]: 4: Hoare triple {21996#(= 3 |setClientId_#in~handle|)} assume true; {21996#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,512 INFO  L284        TraceCheckUtils]: 5: Hoare quadruple {21996#(= 3 |setClientId_#in~handle|)} {21956#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1015#return; {21963#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID
[2022-02-20 17:59:59,512 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40
[2022-02-20 17:59:59,514 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,533 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21997#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:59,533 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21997#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {21997#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:59,534 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21997#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21998#(= 2 |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:59,534 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21998#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {21998#(= 2 |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:59,534 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {21998#(= 2 |setClientPrivateKey_#in~handle|)} {21963#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1017#return; {21937#false} is VALID
[2022-02-20 17:59:59,541 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63
[2022-02-20 17:59:59,541 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,543 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21999#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,543 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,543 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,543 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21936#true} {21937#false} #1001#return; {21937#false} is VALID
[2022-02-20 17:59:59,550 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68
[2022-02-20 17:59:59,550 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,553 INFO  L290        TraceCheckUtils]: 0: Hoare triple {22000#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,553 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,553 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,553 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21936#true} {21937#false} #1003#return; {21937#false} is VALID
[2022-02-20 17:59:59,553 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77
[2022-02-20 17:59:59,554 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,555 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21936#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21936#true} is VALID
[2022-02-20 17:59:59,555 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21936#true} is VALID
[2022-02-20 17:59:59,555 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,555 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21936#true} {21937#false} #955#return; {21937#false} is VALID
[2022-02-20 17:59:59,555 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87
[2022-02-20 17:59:59,556 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,558 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21999#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,558 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,558 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,558 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21936#true} {21937#false} #957#return; {21937#false} is VALID
[2022-02-20 17:59:59,558 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93
[2022-02-20 17:59:59,559 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,561 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21936#true} ~handle := #in~handle;havoc ~retValue_acc~31; {21936#true} is VALID
[2022-02-20 17:59:59,561 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {21936#true} is VALID
[2022-02-20 17:59:59,561 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,561 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21936#true} {21937#false} #959#return; {21937#false} is VALID
[2022-02-20 17:59:59,561 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100
[2022-02-20 17:59:59,562 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 17:59:59,563 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21936#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21936#true} is VALID
[2022-02-20 17:59:59,564 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21936#true} is VALID
[2022-02-20 17:59:59,564 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,564 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {21936#true} {21937#false} #961#return; {21937#false} is VALID
[2022-02-20 17:59:59,564 INFO  L290        TraceCheckUtils]: 0: Hoare triple {21936#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {21936#true} is VALID
[2022-02-20 17:59:59,564 INFO  L290        TraceCheckUtils]: 1: Hoare triple {21936#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {21936#true} is VALID
[2022-02-20 17:59:59,564 INFO  L290        TraceCheckUtils]: 2: Hoare triple {21936#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21936#true} is VALID
[2022-02-20 17:59:59,564 INFO  L290        TraceCheckUtils]: 3: Hoare triple {21936#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {21936#true} is VALID
[2022-02-20 17:59:59,564 INFO  L290        TraceCheckUtils]: 4: Hoare triple {21936#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {21936#true} is VALID
[2022-02-20 17:59:59,564 INFO  L290        TraceCheckUtils]: 5: Hoare triple {21936#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21936#true} is VALID
[2022-02-20 17:59:59,565 INFO  L272        TraceCheckUtils]: 6: Hoare triple {21936#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:59,565 INFO  L290        TraceCheckUtils]: 7: Hoare triple {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,565 INFO  L290        TraceCheckUtils]: 8: Hoare triple {21936#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,565 INFO  L290        TraceCheckUtils]: 9: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,565 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {21936#true} {21936#true} #1007#return; {21936#true} is VALID
[2022-02-20 17:59:59,565 INFO  L290        TraceCheckUtils]: 11: Hoare triple {21936#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21936#true} is VALID
[2022-02-20 17:59:59,566 INFO  L272        TraceCheckUtils]: 12: Hoare triple {21936#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:59,566 INFO  L290        TraceCheckUtils]: 13: Hoare triple {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,566 INFO  L290        TraceCheckUtils]: 14: Hoare triple {21936#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,566 INFO  L290        TraceCheckUtils]: 15: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,566 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {21936#true} {21936#true} #1009#return; {21936#true} is VALID
[2022-02-20 17:59:59,566 INFO  L290        TraceCheckUtils]: 17: Hoare triple {21936#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21936#true} is VALID
[2022-02-20 17:59:59,566 INFO  L272        TraceCheckUtils]: 18: Hoare triple {21936#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:59,567 INFO  L290        TraceCheckUtils]: 19: Hoare triple {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,567 INFO  L290        TraceCheckUtils]: 20: Hoare triple {21936#true} assume !(1 == ~handle); {21936#true} is VALID
[2022-02-20 17:59:59,567 INFO  L290        TraceCheckUtils]: 21: Hoare triple {21936#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,567 INFO  L290        TraceCheckUtils]: 22: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,567 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {21936#true} {21936#true} #1011#return; {21936#true} is VALID
[2022-02-20 17:59:59,567 INFO  L290        TraceCheckUtils]: 24: Hoare triple {21936#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21936#true} is VALID
[2022-02-20 17:59:59,568 INFO  L272        TraceCheckUtils]: 25: Hoare triple {21936#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:59,568 INFO  L290        TraceCheckUtils]: 26: Hoare triple {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,568 INFO  L290        TraceCheckUtils]: 27: Hoare triple {21936#true} assume !(1 == ~handle); {21936#true} is VALID
[2022-02-20 17:59:59,568 INFO  L290        TraceCheckUtils]: 28: Hoare triple {21936#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,568 INFO  L290        TraceCheckUtils]: 29: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,568 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {21936#true} {21936#true} #1013#return; {21936#true} is VALID
[2022-02-20 17:59:59,569 INFO  L290        TraceCheckUtils]: 31: Hoare triple {21936#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21956#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID
[2022-02-20 17:59:59,569 INFO  L272        TraceCheckUtils]: 32: Hoare triple {21956#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 17:59:59,569 INFO  L290        TraceCheckUtils]: 33: Hoare triple {21993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21995#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,570 INFO  L290        TraceCheckUtils]: 34: Hoare triple {21995#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21995#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,570 INFO  L290        TraceCheckUtils]: 35: Hoare triple {21995#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21995#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,570 INFO  L290        TraceCheckUtils]: 36: Hoare triple {21995#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21996#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,570 INFO  L290        TraceCheckUtils]: 37: Hoare triple {21996#(= 3 |setClientId_#in~handle|)} assume true; {21996#(= 3 |setClientId_#in~handle|)} is VALID
[2022-02-20 17:59:59,571 INFO  L284        TraceCheckUtils]: 38: Hoare quadruple {21996#(= 3 |setClientId_#in~handle|)} {21956#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1015#return; {21963#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID
[2022-02-20 17:59:59,571 INFO  L290        TraceCheckUtils]: 39: Hoare triple {21963#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21963#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID
[2022-02-20 17:59:59,572 INFO  L272        TraceCheckUtils]: 40: Hoare triple {21963#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 17:59:59,572 INFO  L290        TraceCheckUtils]: 41: Hoare triple {21994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21997#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:59,572 INFO  L290        TraceCheckUtils]: 42: Hoare triple {21997#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {21997#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:59,572 INFO  L290        TraceCheckUtils]: 43: Hoare triple {21997#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21998#(= 2 |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:59,573 INFO  L290        TraceCheckUtils]: 44: Hoare triple {21998#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {21998#(= 2 |setClientPrivateKey_#in~handle|)} is VALID
[2022-02-20 17:59:59,573 INFO  L284        TraceCheckUtils]: 45: Hoare quadruple {21998#(= 2 |setClientPrivateKey_#in~handle|)} {21963#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1017#return; {21937#false} is VALID
[2022-02-20 17:59:59,573 INFO  L290        TraceCheckUtils]: 46: Hoare triple {21937#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {21937#false} is VALID
[2022-02-20 17:59:59,573 INFO  L290        TraceCheckUtils]: 47: Hoare triple {21937#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21937#false} is VALID
[2022-02-20 17:59:59,573 INFO  L290        TraceCheckUtils]: 48: Hoare triple {21937#false} assume !false; {21937#false} is VALID
[2022-02-20 17:59:59,573 INFO  L290        TraceCheckUtils]: 49: Hoare triple {21937#false} assume test_~splverifierCounter~0#1 < 4; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 50: Hoare triple {21937#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 51: Hoare triple {21937#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 52: Hoare triple {21937#false} assume !(0 != test_~tmp___9~0#1); {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 53: Hoare triple {21937#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 54: Hoare triple {21937#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 55: Hoare triple {21937#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 56: Hoare triple {21937#false} assume { :end_inline_setClientAutoResponse } true; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 57: Hoare triple {21937#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 58: Hoare triple {21937#false} assume !false; {21937#false} is VALID
[2022-02-20 17:59:59,574 INFO  L290        TraceCheckUtils]: 59: Hoare triple {21937#false} assume !(test_~splverifierCounter~0#1 < 4); {21937#false} is VALID
[2022-02-20 17:59:59,575 INFO  L290        TraceCheckUtils]: 60: Hoare triple {21937#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {21937#false} is VALID
[2022-02-20 17:59:59,575 INFO  L272        TraceCheckUtils]: 61: Hoare triple {21937#false} call sendEmail(~bob~0, ~rjh~0); {21937#false} is VALID
[2022-02-20 17:59:59,575 INFO  L290        TraceCheckUtils]: 62: Hoare triple {21937#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21937#false} is VALID
[2022-02-20 17:59:59,575 INFO  L272        TraceCheckUtils]: 63: Hoare triple {21937#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21999#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:59,575 INFO  L290        TraceCheckUtils]: 64: Hoare triple {21999#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,575 INFO  L290        TraceCheckUtils]: 65: Hoare triple {21936#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,575 INFO  L290        TraceCheckUtils]: 66: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,575 INFO  L284        TraceCheckUtils]: 67: Hoare quadruple {21936#true} {21937#false} #1001#return; {21937#false} is VALID
[2022-02-20 17:59:59,575 INFO  L272        TraceCheckUtils]: 68: Hoare triple {21937#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22000#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 17:59:59,575 INFO  L290        TraceCheckUtils]: 69: Hoare triple {22000#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,576 INFO  L290        TraceCheckUtils]: 70: Hoare triple {21936#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,576 INFO  L290        TraceCheckUtils]: 71: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,576 INFO  L284        TraceCheckUtils]: 72: Hoare quadruple {21936#true} {21937#false} #1003#return; {21937#false} is VALID
[2022-02-20 17:59:59,576 INFO  L290        TraceCheckUtils]: 73: Hoare triple {21937#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {21937#false} is VALID
[2022-02-20 17:59:59,576 INFO  L290        TraceCheckUtils]: 74: Hoare triple {21937#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {21937#false} is VALID
[2022-02-20 17:59:59,576 INFO  L272        TraceCheckUtils]: 75: Hoare triple {21937#false} call outgoing(~sender#1, ~email~0#1); {21937#false} is VALID
[2022-02-20 17:59:59,576 INFO  L290        TraceCheckUtils]: 76: Hoare triple {21937#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {21937#false} is VALID
[2022-02-20 17:59:59,576 INFO  L272        TraceCheckUtils]: 77: Hoare triple {21937#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {21936#true} is VALID
[2022-02-20 17:59:59,576 INFO  L290        TraceCheckUtils]: 78: Hoare triple {21936#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21936#true} is VALID
[2022-02-20 17:59:59,577 INFO  L290        TraceCheckUtils]: 79: Hoare triple {21936#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21936#true} is VALID
[2022-02-20 17:59:59,577 INFO  L290        TraceCheckUtils]: 80: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,577 INFO  L284        TraceCheckUtils]: 81: Hoare quadruple {21936#true} {21937#false} #955#return; {21937#false} is VALID
[2022-02-20 17:59:59,577 INFO  L290        TraceCheckUtils]: 82: Hoare triple {21937#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {21937#false} is VALID
[2022-02-20 17:59:59,577 INFO  L290        TraceCheckUtils]: 83: Hoare triple {21937#false} assume 0 == sign_~privkey~0#1; {21937#false} is VALID
[2022-02-20 17:59:59,577 INFO  L290        TraceCheckUtils]: 84: Hoare triple {21937#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {21937#false} is VALID
[2022-02-20 17:59:59,577 INFO  L290        TraceCheckUtils]: 85: Hoare triple {21937#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {21937#false} is VALID
[2022-02-20 17:59:59,577 INFO  L290        TraceCheckUtils]: 86: Hoare triple {21937#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {21937#false} is VALID
[2022-02-20 17:59:59,577 INFO  L272        TraceCheckUtils]: 87: Hoare triple {21937#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {21999#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 17:59:59,577 INFO  L290        TraceCheckUtils]: 88: Hoare triple {21999#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21936#true} is VALID
[2022-02-20 17:59:59,578 INFO  L290        TraceCheckUtils]: 89: Hoare triple {21936#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21936#true} is VALID
[2022-02-20 17:59:59,578 INFO  L290        TraceCheckUtils]: 90: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,578 INFO  L284        TraceCheckUtils]: 91: Hoare quadruple {21936#true} {21937#false} #957#return; {21937#false} is VALID
[2022-02-20 17:59:59,578 INFO  L290        TraceCheckUtils]: 92: Hoare triple {21937#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {21937#false} is VALID
[2022-02-20 17:59:59,578 INFO  L272        TraceCheckUtils]: 93: Hoare triple {21937#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {21936#true} is VALID
[2022-02-20 17:59:59,578 INFO  L290        TraceCheckUtils]: 94: Hoare triple {21936#true} ~handle := #in~handle;havoc ~retValue_acc~31; {21936#true} is VALID
[2022-02-20 17:59:59,578 INFO  L290        TraceCheckUtils]: 95: Hoare triple {21936#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {21936#true} is VALID
[2022-02-20 17:59:59,578 INFO  L290        TraceCheckUtils]: 96: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,578 INFO  L284        TraceCheckUtils]: 97: Hoare quadruple {21936#true} {21937#false} #959#return; {21937#false} is VALID
[2022-02-20 17:59:59,579 INFO  L290        TraceCheckUtils]: 98: Hoare triple {21937#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {21937#false} is VALID
[2022-02-20 17:59:59,579 INFO  L290        TraceCheckUtils]: 99: Hoare triple {21937#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {21937#false} is VALID
[2022-02-20 17:59:59,579 INFO  L272        TraceCheckUtils]: 100: Hoare triple {21937#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {21936#true} is VALID
[2022-02-20 17:59:59,579 INFO  L290        TraceCheckUtils]: 101: Hoare triple {21936#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21936#true} is VALID
[2022-02-20 17:59:59,579 INFO  L290        TraceCheckUtils]: 102: Hoare triple {21936#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21936#true} is VALID
[2022-02-20 17:59:59,579 INFO  L290        TraceCheckUtils]: 103: Hoare triple {21936#true} assume true; {21936#true} is VALID
[2022-02-20 17:59:59,579 INFO  L284        TraceCheckUtils]: 104: Hoare quadruple {21936#true} {21937#false} #961#return; {21937#false} is VALID
[2022-02-20 17:59:59,579 INFO  L290        TraceCheckUtils]: 105: Hoare triple {21937#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {21937#false} is VALID
[2022-02-20 17:59:59,579 INFO  L290        TraceCheckUtils]: 106: Hoare triple {21937#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {21937#false} is VALID
[2022-02-20 17:59:59,579 INFO  L290        TraceCheckUtils]: 107: Hoare triple {21937#false} assume !false; {21937#false} is VALID
[2022-02-20 17:59:59,580 INFO  L134       CoverageAnalysis]: Checked inductivity of 36 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked.
[2022-02-20 17:59:59,580 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 17:59:59,580 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1326883788]
[2022-02-20 17:59:59,580 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1326883788] provided 1 perfect and 0 imperfect interpolant sequences
[2022-02-20 17:59:59,580 INFO  L191   FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences.
[2022-02-20 17:59:59,580 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12
[2022-02-20 17:59:59,581 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1537269371]
[2022-02-20 17:59:59,581 INFO  L85    oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton
[2022-02-20 17:59:59,581 INFO  L78                 Accepts]: Start accepts. Automaton has  has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 108
[2022-02-20 17:59:59,581 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 17:59:59,582 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 17:59:59,641 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 17:59:59,642 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 12 states
[2022-02-20 17:59:59,642 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 17:59:59,642 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants.
[2022-02-20 17:59:59,642 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132
[2022-02-20 17:59:59,643 INFO  L87              Difference]: Start difference. First operand 382 states and 584 transitions. Second operand  has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:00:09,132 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:00:09,132 INFO  L93              Difference]: Finished difference Result 927 states and 1436 transitions.
[2022-02-20 18:00:09,132 INFO  L141   InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. 
[2022-02-20 18:00:09,133 INFO  L78                 Accepts]: Start accepts. Automaton has  has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 108
[2022-02-20 18:00:09,133 INFO  L84                 Accepts]: Finished accepts. some prefix is accepted.
[2022-02-20 18:00:09,133 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:00:09,162 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1233 transitions.
[2022-02-20 18:00:09,162 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:00:09,172 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1233 transitions.
[2022-02-20 18:00:09,173 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1233 transitions.
[2022-02-20 18:00:10,355 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 1233 edges. 1233 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:00:10,395 INFO  L225             Difference]: With dead ends: 927
[2022-02-20 18:00:10,396 INFO  L226             Difference]: Without dead ends: 572
[2022-02-20 18:00:10,397 INFO  L932         BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552
[2022-02-20 18:00:10,400 INFO  L933         BasicCegarLoop]: 623 mSDtfsCounter, 1275 mSDsluCounter, 1196 mSDsCounter, 0 mSdLazyCounter, 4000 mSolverCounterSat, 480 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1275 SdHoareTripleChecker+Valid, 1819 SdHoareTripleChecker+Invalid, 4480 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 480 IncrementalHoareTripleChecker+Valid, 4000 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.5s IncrementalHoareTripleChecker+Time
[2022-02-20 18:00:10,400 INFO  L934         BasicCegarLoop]: SdHoareTripleChecker [1275 Valid, 1819 Invalid, 4480 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [480 Valid, 4000 Invalid, 0 Unknown, 0 Unchecked, 4.5s Time]
[2022-02-20 18:00:10,402 INFO  L82        GeneralOperation]: Start minimizeSevpa. Operand 572 states.
[2022-02-20 18:00:10,493 INFO  L88        GeneralOperation]: Finished minimizeSevpa. Reduced states from 572 to 384.
[2022-02-20 18:00:10,493 INFO  L214    AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa
[2022-02-20 18:00:10,495 INFO  L82        GeneralOperation]: Start isEquivalent. First operand 572 states. Second operand  has 384 states, 302 states have (on average 1.5264900662251655) internal successors, (461), 307 states have internal predecessors, (461), 59 states have call successors, (59), 18 states have call predecessors, (59), 22 states have return successors, (70), 58 states have call predecessors, (70), 58 states have call successors, (70)
[2022-02-20 18:00:10,496 INFO  L74              IsIncluded]: Start isIncluded. First operand 572 states. Second operand  has 384 states, 302 states have (on average 1.5264900662251655) internal successors, (461), 307 states have internal predecessors, (461), 59 states have call successors, (59), 18 states have call predecessors, (59), 22 states have return successors, (70), 58 states have call predecessors, (70), 58 states have call successors, (70)
[2022-02-20 18:00:10,496 INFO  L87              Difference]: Start difference. First operand 572 states. Second operand  has 384 states, 302 states have (on average 1.5264900662251655) internal successors, (461), 307 states have internal predecessors, (461), 59 states have call successors, (59), 18 states have call predecessors, (59), 22 states have return successors, (70), 58 states have call predecessors, (70), 58 states have call successors, (70)
[2022-02-20 18:00:10,517 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:00:10,517 INFO  L93              Difference]: Finished difference Result 572 states and 888 transitions.
[2022-02-20 18:00:10,517 INFO  L276                IsEmpty]: Start isEmpty. Operand 572 states and 888 transitions.
[2022-02-20 18:00:10,520 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:00:10,520 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:00:10,521 INFO  L74              IsIncluded]: Start isIncluded. First operand  has 384 states, 302 states have (on average 1.5264900662251655) internal successors, (461), 307 states have internal predecessors, (461), 59 states have call successors, (59), 18 states have call predecessors, (59), 22 states have return successors, (70), 58 states have call predecessors, (70), 58 states have call successors, (70) Second operand 572 states.
[2022-02-20 18:00:10,522 INFO  L87              Difference]: Start difference. First operand  has 384 states, 302 states have (on average 1.5264900662251655) internal successors, (461), 307 states have internal predecessors, (461), 59 states have call successors, (59), 18 states have call predecessors, (59), 22 states have return successors, (70), 58 states have call predecessors, (70), 58 states have call successors, (70) Second operand 572 states.
[2022-02-20 18:00:10,544 INFO  L144             Difference]: Subtrahend was deterministic. Have not used determinization.
[2022-02-20 18:00:10,544 INFO  L93              Difference]: Finished difference Result 572 states and 888 transitions.
[2022-02-20 18:00:10,544 INFO  L276                IsEmpty]: Start isEmpty. Operand 572 states and 888 transitions.
[2022-02-20 18:00:10,547 INFO  L282                IsEmpty]: Finished isEmpty. No accepting run.
[2022-02-20 18:00:10,547 INFO  L83              IsIncluded]: Finished isIncluded. Language is included
[2022-02-20 18:00:10,547 INFO  L88        GeneralOperation]: Finished isEquivalent.
[2022-02-20 18:00:10,547 INFO  L221    AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa
[2022-02-20 18:00:10,549 INFO  L82        GeneralOperation]: Start removeUnreachable. Operand  has 384 states, 302 states have (on average 1.5264900662251655) internal successors, (461), 307 states have internal predecessors, (461), 59 states have call successors, (59), 18 states have call predecessors, (59), 22 states have return successors, (70), 58 states have call predecessors, (70), 58 states have call successors, (70)
[2022-02-20 18:00:10,560 INFO  L88        GeneralOperation]: Finished removeUnreachable. Reduced from 384 states to 384 states and 590 transitions.
[2022-02-20 18:00:10,561 INFO  L78                 Accepts]: Start accepts. Automaton has 384 states and 590 transitions. Word has length 108
[2022-02-20 18:00:10,561 INFO  L84                 Accepts]: Finished accepts. word is rejected.
[2022-02-20 18:00:10,561 INFO  L470      AbstractCegarLoop]: Abstraction has 384 states and 590 transitions.
[2022-02-20 18:00:10,561 INFO  L471      AbstractCegarLoop]: INTERPOLANT automaton has  has 12 states, 11 states have (on average 6.454545454545454) internal successors, (71), 8 states have internal predecessors, (71), 4 states have call successors, (14), 6 states have call predecessors, (14), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)
[2022-02-20 18:00:10,562 INFO  L276                IsEmpty]: Start isEmpty. Operand 384 states and 590 transitions.
[2022-02-20 18:00:10,563 INFO  L282                IsEmpty]: Finished isEmpty. Found accepting run of length 110
[2022-02-20 18:00:10,563 INFO  L506         BasicCegarLoop]: Found error trace
[2022-02-20 18:00:10,563 INFO  L514         BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
[2022-02-20 18:00:10,564 WARN  L452      AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8
[2022-02-20 18:00:10,564 INFO  L402      AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] ===
[2022-02-20 18:00:10,564 INFO  L144       PredicateUnifier]: Initialized classic predicate unifier
[2022-02-20 18:00:10,564 INFO  L85        PathProgramCache]: Analyzing trace with hash 1045364330, now seen corresponding path program 1 times
[2022-02-20 18:00:10,564 INFO  L126   FreeRefinementEngine]: Executing refinement strategy CAMEL
[2022-02-20 18:00:10,565 INFO  L338   FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1102366205]
[2022-02-20 18:00:10,565 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:00:10,565 INFO  L127          SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms
[2022-02-20 18:00:10,591 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,622 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6
[2022-02-20 18:00:10,624 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,626 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,627 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,627 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,627 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {25047#true} {25047#true} #1007#return; {25047#true} is VALID
[2022-02-20 18:00:10,633 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12
[2022-02-20 18:00:10,635 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,637 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,637 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,637 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,637 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {25047#true} {25047#true} #1009#return; {25047#true} is VALID
[2022-02-20 18:00:10,638 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18
[2022-02-20 18:00:10,640 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,655 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25108#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:00:10,656 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25108#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25108#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:00:10,656 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25108#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25109#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:00:10,656 INFO  L290        TraceCheckUtils]: 3: Hoare triple {25109#(= 2 |setClientId_#in~handle|)} assume true; {25109#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:00:10,657 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {25109#(= 2 |setClientId_#in~handle|)} {25057#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1011#return; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,657 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25
[2022-02-20 18:00:10,659 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,661 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,662 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,662 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,662 INFO  L290        TraceCheckUtils]: 3: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,662 INFO  L284        TraceCheckUtils]: 4: Hoare quadruple {25047#true} {25063#(not (= ~rjh~0 1))} #1013#return; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,663 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32
[2022-02-20 18:00:10,666 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,669 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,669 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,669 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume !(2 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,670 INFO  L290        TraceCheckUtils]: 3: Hoare triple {25047#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,670 INFO  L290        TraceCheckUtils]: 4: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,670 INFO  L284        TraceCheckUtils]: 5: Hoare quadruple {25047#true} {25063#(not (= ~rjh~0 1))} #1015#return; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,670 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40
[2022-02-20 18:00:10,673 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,676 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,676 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,676 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume !(2 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,677 INFO  L290        TraceCheckUtils]: 3: Hoare triple {25047#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,677 INFO  L290        TraceCheckUtils]: 4: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,677 INFO  L284        TraceCheckUtils]: 5: Hoare quadruple {25047#true} {25063#(not (= ~rjh~0 1))} #1017#return; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,684 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64
[2022-02-20 18:00:10,686 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,689 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25110#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,689 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,690 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,690 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {25047#true} {25048#false} #1001#return; {25048#false} is VALID
[2022-02-20 18:00:10,697 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69
[2022-02-20 18:00:10,699 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,701 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25111#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,701 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,701 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,701 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {25047#true} {25048#false} #1003#return; {25048#false} is VALID
[2022-02-20 18:00:10,701 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78
[2022-02-20 18:00:10,702 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,704 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:10,704 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:10,704 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,705 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {25047#true} {25048#false} #955#return; {25048#false} is VALID
[2022-02-20 18:00:10,705 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88
[2022-02-20 18:00:10,721 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,726 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25110#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,727 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,727 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,727 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {25047#true} {25048#false} #957#return; {25048#false} is VALID
[2022-02-20 18:00:10,727 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94
[2022-02-20 18:00:10,728 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,730 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25047#true} is VALID
[2022-02-20 18:00:10,730 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {25047#true} is VALID
[2022-02-20 18:00:10,730 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,731 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {25047#true} {25048#false} #959#return; {25048#false} is VALID
[2022-02-20 18:00:10,731 INFO  L376   atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101
[2022-02-20 18:00:10,732 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:10,734 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:10,734 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:10,734 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,734 INFO  L284        TraceCheckUtils]: 3: Hoare quadruple {25047#true} {25048#false} #961#return; {25048#false} is VALID
[2022-02-20 18:00:10,734 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25047#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {25047#true} is VALID
[2022-02-20 18:00:10,735 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {25047#true} is VALID
[2022-02-20 18:00:10,735 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25047#true} is VALID
[2022-02-20 18:00:10,735 INFO  L290        TraceCheckUtils]: 3: Hoare triple {25047#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {25047#true} is VALID
[2022-02-20 18:00:10,735 INFO  L290        TraceCheckUtils]: 4: Hoare triple {25047#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {25047#true} is VALID
[2022-02-20 18:00:10,735 INFO  L290        TraceCheckUtils]: 5: Hoare triple {25047#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25047#true} is VALID
[2022-02-20 18:00:10,736 INFO  L272        TraceCheckUtils]: 6: Hoare triple {25047#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:00:10,736 INFO  L290        TraceCheckUtils]: 7: Hoare triple {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,736 INFO  L290        TraceCheckUtils]: 8: Hoare triple {25047#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,736 INFO  L290        TraceCheckUtils]: 9: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,737 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {25047#true} {25047#true} #1007#return; {25047#true} is VALID
[2022-02-20 18:00:10,737 INFO  L290        TraceCheckUtils]: 11: Hoare triple {25047#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25047#true} is VALID
[2022-02-20 18:00:10,737 INFO  L272        TraceCheckUtils]: 12: Hoare triple {25047#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:00:10,738 INFO  L290        TraceCheckUtils]: 13: Hoare triple {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,738 INFO  L290        TraceCheckUtils]: 14: Hoare triple {25047#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,738 INFO  L290        TraceCheckUtils]: 15: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,738 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {25047#true} {25047#true} #1009#return; {25047#true} is VALID
[2022-02-20 18:00:10,739 INFO  L290        TraceCheckUtils]: 17: Hoare triple {25047#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25057#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID
[2022-02-20 18:00:10,739 INFO  L272        TraceCheckUtils]: 18: Hoare triple {25057#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:00:10,740 INFO  L290        TraceCheckUtils]: 19: Hoare triple {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25108#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:00:10,740 INFO  L290        TraceCheckUtils]: 20: Hoare triple {25108#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25108#(= setClientId_~handle |setClientId_#in~handle|)} is VALID
[2022-02-20 18:00:10,740 INFO  L290        TraceCheckUtils]: 21: Hoare triple {25108#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25109#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:00:10,741 INFO  L290        TraceCheckUtils]: 22: Hoare triple {25109#(= 2 |setClientId_#in~handle|)} assume true; {25109#(= 2 |setClientId_#in~handle|)} is VALID
[2022-02-20 18:00:10,741 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {25109#(= 2 |setClientId_#in~handle|)} {25057#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1011#return; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,742 INFO  L290        TraceCheckUtils]: 24: Hoare triple {25063#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,742 INFO  L272        TraceCheckUtils]: 25: Hoare triple {25063#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:00:10,742 INFO  L290        TraceCheckUtils]: 26: Hoare triple {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,743 INFO  L290        TraceCheckUtils]: 27: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,743 INFO  L290        TraceCheckUtils]: 28: Hoare triple {25047#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,743 INFO  L290        TraceCheckUtils]: 29: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,743 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {25047#true} {25063#(not (= ~rjh~0 1))} #1013#return; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,744 INFO  L290        TraceCheckUtils]: 31: Hoare triple {25063#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,744 INFO  L272        TraceCheckUtils]: 32: Hoare triple {25063#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID
[2022-02-20 18:00:10,745 INFO  L290        TraceCheckUtils]: 33: Hoare triple {25106#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,745 INFO  L290        TraceCheckUtils]: 34: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,745 INFO  L290        TraceCheckUtils]: 35: Hoare triple {25047#true} assume !(2 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,745 INFO  L290        TraceCheckUtils]: 36: Hoare triple {25047#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,745 INFO  L290        TraceCheckUtils]: 37: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,746 INFO  L284        TraceCheckUtils]: 38: Hoare quadruple {25047#true} {25063#(not (= ~rjh~0 1))} #1015#return; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,746 INFO  L290        TraceCheckUtils]: 39: Hoare triple {25063#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,747 INFO  L272        TraceCheckUtils]: 40: Hoare triple {25063#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID
[2022-02-20 18:00:10,747 INFO  L290        TraceCheckUtils]: 41: Hoare triple {25107#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,747 INFO  L290        TraceCheckUtils]: 42: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,747 INFO  L290        TraceCheckUtils]: 43: Hoare triple {25047#true} assume !(2 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:10,748 INFO  L290        TraceCheckUtils]: 44: Hoare triple {25047#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,748 INFO  L290        TraceCheckUtils]: 45: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,748 INFO  L284        TraceCheckUtils]: 46: Hoare quadruple {25047#true} {25063#(not (= ~rjh~0 1))} #1017#return; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,749 INFO  L290        TraceCheckUtils]: 47: Hoare triple {25063#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,749 INFO  L290        TraceCheckUtils]: 48: Hoare triple {25063#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,749 INFO  L290        TraceCheckUtils]: 49: Hoare triple {25063#(not (= ~rjh~0 1))} assume !false; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,750 INFO  L290        TraceCheckUtils]: 50: Hoare triple {25063#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,750 INFO  L290        TraceCheckUtils]: 51: Hoare triple {25063#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,750 INFO  L290        TraceCheckUtils]: 52: Hoare triple {25063#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,751 INFO  L290        TraceCheckUtils]: 53: Hoare triple {25063#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,751 INFO  L290        TraceCheckUtils]: 54: Hoare triple {25063#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {25063#(not (= ~rjh~0 1))} is VALID
[2022-02-20 18:00:10,751 INFO  L290        TraceCheckUtils]: 55: Hoare triple {25063#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25081#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID
[2022-02-20 18:00:10,752 INFO  L290        TraceCheckUtils]: 56: Hoare triple {25081#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25048#false} is VALID
[2022-02-20 18:00:10,752 INFO  L290        TraceCheckUtils]: 57: Hoare triple {25048#false} assume { :end_inline_setClientAutoResponse } true; {25048#false} is VALID
[2022-02-20 18:00:10,752 INFO  L290        TraceCheckUtils]: 58: Hoare triple {25048#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25048#false} is VALID
[2022-02-20 18:00:10,752 INFO  L290        TraceCheckUtils]: 59: Hoare triple {25048#false} assume !false; {25048#false} is VALID
[2022-02-20 18:00:10,752 INFO  L290        TraceCheckUtils]: 60: Hoare triple {25048#false} assume !(test_~splverifierCounter~0#1 < 4); {25048#false} is VALID
[2022-02-20 18:00:10,752 INFO  L290        TraceCheckUtils]: 61: Hoare triple {25048#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {25048#false} is VALID
[2022-02-20 18:00:10,753 INFO  L272        TraceCheckUtils]: 62: Hoare triple {25048#false} call sendEmail(~bob~0, ~rjh~0); {25048#false} is VALID
[2022-02-20 18:00:10,753 INFO  L290        TraceCheckUtils]: 63: Hoare triple {25048#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25048#false} is VALID
[2022-02-20 18:00:10,753 INFO  L272        TraceCheckUtils]: 64: Hoare triple {25048#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25110#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:00:10,753 INFO  L290        TraceCheckUtils]: 65: Hoare triple {25110#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,753 INFO  L290        TraceCheckUtils]: 66: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,753 INFO  L290        TraceCheckUtils]: 67: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,754 INFO  L284        TraceCheckUtils]: 68: Hoare quadruple {25047#true} {25048#false} #1001#return; {25048#false} is VALID
[2022-02-20 18:00:10,754 INFO  L272        TraceCheckUtils]: 69: Hoare triple {25048#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25111#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID
[2022-02-20 18:00:10,754 INFO  L290        TraceCheckUtils]: 70: Hoare triple {25111#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,754 INFO  L290        TraceCheckUtils]: 71: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,754 INFO  L290        TraceCheckUtils]: 72: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,754 INFO  L284        TraceCheckUtils]: 73: Hoare quadruple {25047#true} {25048#false} #1003#return; {25048#false} is VALID
[2022-02-20 18:00:10,754 INFO  L290        TraceCheckUtils]: 74: Hoare triple {25048#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {25048#false} is VALID
[2022-02-20 18:00:10,755 INFO  L290        TraceCheckUtils]: 75: Hoare triple {25048#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {25048#false} is VALID
[2022-02-20 18:00:10,755 INFO  L272        TraceCheckUtils]: 76: Hoare triple {25048#false} call outgoing(~sender#1, ~email~0#1); {25048#false} is VALID
[2022-02-20 18:00:10,755 INFO  L290        TraceCheckUtils]: 77: Hoare triple {25048#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {25048#false} is VALID
[2022-02-20 18:00:10,755 INFO  L272        TraceCheckUtils]: 78: Hoare triple {25048#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {25047#true} is VALID
[2022-02-20 18:00:10,755 INFO  L290        TraceCheckUtils]: 79: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:10,755 INFO  L290        TraceCheckUtils]: 80: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:10,756 INFO  L290        TraceCheckUtils]: 81: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,756 INFO  L284        TraceCheckUtils]: 82: Hoare quadruple {25047#true} {25048#false} #955#return; {25048#false} is VALID
[2022-02-20 18:00:10,756 INFO  L290        TraceCheckUtils]: 83: Hoare triple {25048#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {25048#false} is VALID
[2022-02-20 18:00:10,756 INFO  L290        TraceCheckUtils]: 84: Hoare triple {25048#false} assume 0 == sign_~privkey~0#1; {25048#false} is VALID
[2022-02-20 18:00:10,756 INFO  L290        TraceCheckUtils]: 85: Hoare triple {25048#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {25048#false} is VALID
[2022-02-20 18:00:10,756 INFO  L290        TraceCheckUtils]: 86: Hoare triple {25048#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {25048#false} is VALID
[2022-02-20 18:00:10,757 INFO  L290        TraceCheckUtils]: 87: Hoare triple {25048#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {25048#false} is VALID
[2022-02-20 18:00:10,757 INFO  L272        TraceCheckUtils]: 88: Hoare triple {25048#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {25110#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID
[2022-02-20 18:00:10,757 INFO  L290        TraceCheckUtils]: 89: Hoare triple {25110#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:10,757 INFO  L290        TraceCheckUtils]: 90: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:10,757 INFO  L290        TraceCheckUtils]: 91: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,757 INFO  L284        TraceCheckUtils]: 92: Hoare quadruple {25047#true} {25048#false} #957#return; {25048#false} is VALID
[2022-02-20 18:00:10,757 INFO  L290        TraceCheckUtils]: 93: Hoare triple {25048#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {25048#false} is VALID
[2022-02-20 18:00:10,758 INFO  L272        TraceCheckUtils]: 94: Hoare triple {25048#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {25047#true} is VALID
[2022-02-20 18:00:10,758 INFO  L290        TraceCheckUtils]: 95: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25047#true} is VALID
[2022-02-20 18:00:10,758 INFO  L290        TraceCheckUtils]: 96: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {25047#true} is VALID
[2022-02-20 18:00:10,758 INFO  L290        TraceCheckUtils]: 97: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,758 INFO  L284        TraceCheckUtils]: 98: Hoare quadruple {25047#true} {25048#false} #959#return; {25048#false} is VALID
[2022-02-20 18:00:10,758 INFO  L290        TraceCheckUtils]: 99: Hoare triple {25048#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {25048#false} is VALID
[2022-02-20 18:00:10,759 INFO  L290        TraceCheckUtils]: 100: Hoare triple {25048#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {25048#false} is VALID
[2022-02-20 18:00:10,759 INFO  L272        TraceCheckUtils]: 101: Hoare triple {25048#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {25047#true} is VALID
[2022-02-20 18:00:10,759 INFO  L290        TraceCheckUtils]: 102: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:10,759 INFO  L290        TraceCheckUtils]: 103: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:10,759 INFO  L290        TraceCheckUtils]: 104: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:10,759 INFO  L284        TraceCheckUtils]: 105: Hoare quadruple {25047#true} {25048#false} #961#return; {25048#false} is VALID
[2022-02-20 18:00:10,760 INFO  L290        TraceCheckUtils]: 106: Hoare triple {25048#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {25048#false} is VALID
[2022-02-20 18:00:10,760 INFO  L290        TraceCheckUtils]: 107: Hoare triple {25048#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {25048#false} is VALID
[2022-02-20 18:00:10,760 INFO  L290        TraceCheckUtils]: 108: Hoare triple {25048#false} assume !false; {25048#false} is VALID
[2022-02-20 18:00:10,760 INFO  L134       CoverageAnalysis]: Checked inductivity of 36 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked.
[2022-02-20 18:00:10,761 INFO  L144   FreeRefinementEngine]: Strategy CAMEL found an infeasible trace
[2022-02-20 18:00:10,761 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1102366205]
[2022-02-20 18:00:10,761 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1102366205] provided 0 perfect and 1 imperfect interpolant sequences
[2022-02-20 18:00:10,761 INFO  L338   FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1107061426]
[2022-02-20 18:00:10,761 INFO  L95    rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY
[2022-02-20 18:00:10,761 INFO  L173          SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true
[2022-02-20 18:00:10,762 INFO  L189       MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3
[2022-02-20 18:00:10,776 INFO  L229       MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null)
[2022-02-20 18:00:10,833 INFO  L327       MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process
[2022-02-20 18:00:11,056 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:11,060 INFO  L263         TraceCheckSpWp]: Trace formula consists of 1008 conjuncts, 3 conjunts are in the unsatisfiable core
[2022-02-20 18:00:11,111 INFO  L136    AnnotateAndAsserter]: Conjunction of SSA is unsat
[2022-02-20 18:00:11,113 INFO  L286         TraceCheckSpWp]: Computing forward predicates...
[2022-02-20 18:00:11,410 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25047#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {25047#true} is VALID
[2022-02-20 18:00:11,410 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 3: Hoare triple {25047#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 4: Hoare triple {25047#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 5: Hoare triple {25047#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L272        TraceCheckUtils]: 6: Hoare triple {25047#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 7: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 8: Hoare triple {25047#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 9: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {25047#true} {25047#true} #1007#return; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 11: Hoare triple {25047#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L272        TraceCheckUtils]: 12: Hoare triple {25047#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 13: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,411 INFO  L290        TraceCheckUtils]: 14: Hoare triple {25047#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,412 INFO  L290        TraceCheckUtils]: 15: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,412 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {25047#true} {25047#true} #1009#return; {25047#true} is VALID
[2022-02-20 18:00:11,412 INFO  L290        TraceCheckUtils]: 17: Hoare triple {25047#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25047#true} is VALID
[2022-02-20 18:00:11,412 INFO  L272        TraceCheckUtils]: 18: Hoare triple {25047#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25047#true} is VALID
[2022-02-20 18:00:11,412 INFO  L290        TraceCheckUtils]: 19: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,413 INFO  L290        TraceCheckUtils]: 20: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,413 INFO  L290        TraceCheckUtils]: 21: Hoare triple {25047#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,413 INFO  L290        TraceCheckUtils]: 22: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,413 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {25047#true} {25047#true} #1011#return; {25047#true} is VALID
[2022-02-20 18:00:11,413 INFO  L290        TraceCheckUtils]: 24: Hoare triple {25047#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25047#true} is VALID
[2022-02-20 18:00:11,413 INFO  L272        TraceCheckUtils]: 25: Hoare triple {25047#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25047#true} is VALID
[2022-02-20 18:00:11,413 INFO  L290        TraceCheckUtils]: 26: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,414 INFO  L290        TraceCheckUtils]: 27: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,414 INFO  L290        TraceCheckUtils]: 28: Hoare triple {25047#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,414 INFO  L290        TraceCheckUtils]: 29: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,414 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {25047#true} {25047#true} #1013#return; {25047#true} is VALID
[2022-02-20 18:00:11,414 INFO  L290        TraceCheckUtils]: 31: Hoare triple {25047#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25047#true} is VALID
[2022-02-20 18:00:11,414 INFO  L272        TraceCheckUtils]: 32: Hoare triple {25047#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25047#true} is VALID
[2022-02-20 18:00:11,414 INFO  L290        TraceCheckUtils]: 33: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,415 INFO  L290        TraceCheckUtils]: 34: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,415 INFO  L290        TraceCheckUtils]: 35: Hoare triple {25047#true} assume !(2 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,415 INFO  L290        TraceCheckUtils]: 36: Hoare triple {25047#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,415 INFO  L290        TraceCheckUtils]: 37: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,415 INFO  L284        TraceCheckUtils]: 38: Hoare quadruple {25047#true} {25047#true} #1015#return; {25047#true} is VALID
[2022-02-20 18:00:11,415 INFO  L290        TraceCheckUtils]: 39: Hoare triple {25047#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {25047#true} is VALID
[2022-02-20 18:00:11,415 INFO  L272        TraceCheckUtils]: 40: Hoare triple {25047#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25047#true} is VALID
[2022-02-20 18:00:11,416 INFO  L290        TraceCheckUtils]: 41: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,416 INFO  L290        TraceCheckUtils]: 42: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,416 INFO  L290        TraceCheckUtils]: 43: Hoare triple {25047#true} assume !(2 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,416 INFO  L290        TraceCheckUtils]: 44: Hoare triple {25047#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,416 INFO  L290        TraceCheckUtils]: 45: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,416 INFO  L284        TraceCheckUtils]: 46: Hoare quadruple {25047#true} {25047#true} #1017#return; {25047#true} is VALID
[2022-02-20 18:00:11,416 INFO  L290        TraceCheckUtils]: 47: Hoare triple {25047#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {25047#true} is VALID
[2022-02-20 18:00:11,432 INFO  L290        TraceCheckUtils]: 48: Hoare triple {25047#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25259#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID
[2022-02-20 18:00:11,433 INFO  L290        TraceCheckUtils]: 49: Hoare triple {25259#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {25259#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID
[2022-02-20 18:00:11,434 INFO  L290        TraceCheckUtils]: 50: Hoare triple {25259#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25259#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID
[2022-02-20 18:00:11,434 INFO  L290        TraceCheckUtils]: 51: Hoare triple {25259#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,435 INFO  L290        TraceCheckUtils]: 52: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,435 INFO  L290        TraceCheckUtils]: 53: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,436 INFO  L290        TraceCheckUtils]: 54: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,436 INFO  L290        TraceCheckUtils]: 55: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,436 INFO  L290        TraceCheckUtils]: 56: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,437 INFO  L290        TraceCheckUtils]: 57: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,437 INFO  L290        TraceCheckUtils]: 58: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,437 INFO  L290        TraceCheckUtils]: 59: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID
[2022-02-20 18:00:11,438 INFO  L290        TraceCheckUtils]: 60: Hoare triple {25269#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {25048#false} is VALID
[2022-02-20 18:00:11,438 INFO  L290        TraceCheckUtils]: 61: Hoare triple {25048#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {25048#false} is VALID
[2022-02-20 18:00:11,438 INFO  L272        TraceCheckUtils]: 62: Hoare triple {25048#false} call sendEmail(~bob~0, ~rjh~0); {25048#false} is VALID
[2022-02-20 18:00:11,438 INFO  L290        TraceCheckUtils]: 63: Hoare triple {25048#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25048#false} is VALID
[2022-02-20 18:00:11,439 INFO  L272        TraceCheckUtils]: 64: Hoare triple {25048#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25048#false} is VALID
[2022-02-20 18:00:11,439 INFO  L290        TraceCheckUtils]: 65: Hoare triple {25048#false} ~handle := #in~handle;~value := #in~value; {25048#false} is VALID
[2022-02-20 18:00:11,439 INFO  L290        TraceCheckUtils]: 66: Hoare triple {25048#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25048#false} is VALID
[2022-02-20 18:00:11,439 INFO  L290        TraceCheckUtils]: 67: Hoare triple {25048#false} assume true; {25048#false} is VALID
[2022-02-20 18:00:11,439 INFO  L284        TraceCheckUtils]: 68: Hoare quadruple {25048#false} {25048#false} #1001#return; {25048#false} is VALID
[2022-02-20 18:00:11,439 INFO  L272        TraceCheckUtils]: 69: Hoare triple {25048#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25048#false} is VALID
[2022-02-20 18:00:11,439 INFO  L290        TraceCheckUtils]: 70: Hoare triple {25048#false} ~handle := #in~handle;~value := #in~value; {25048#false} is VALID
[2022-02-20 18:00:11,440 INFO  L290        TraceCheckUtils]: 71: Hoare triple {25048#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25048#false} is VALID
[2022-02-20 18:00:11,440 INFO  L290        TraceCheckUtils]: 72: Hoare triple {25048#false} assume true; {25048#false} is VALID
[2022-02-20 18:00:11,440 INFO  L284        TraceCheckUtils]: 73: Hoare quadruple {25048#false} {25048#false} #1003#return; {25048#false} is VALID
[2022-02-20 18:00:11,440 INFO  L290        TraceCheckUtils]: 74: Hoare triple {25048#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {25048#false} is VALID
[2022-02-20 18:00:11,440 INFO  L290        TraceCheckUtils]: 75: Hoare triple {25048#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {25048#false} is VALID
[2022-02-20 18:00:11,440 INFO  L272        TraceCheckUtils]: 76: Hoare triple {25048#false} call outgoing(~sender#1, ~email~0#1); {25048#false} is VALID
[2022-02-20 18:00:11,440 INFO  L290        TraceCheckUtils]: 77: Hoare triple {25048#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {25048#false} is VALID
[2022-02-20 18:00:11,440 INFO  L272        TraceCheckUtils]: 78: Hoare triple {25048#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {25048#false} is VALID
[2022-02-20 18:00:11,441 INFO  L290        TraceCheckUtils]: 79: Hoare triple {25048#false} ~handle := #in~handle;havoc ~retValue_acc~9; {25048#false} is VALID
[2022-02-20 18:00:11,441 INFO  L290        TraceCheckUtils]: 80: Hoare triple {25048#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25048#false} is VALID
[2022-02-20 18:00:11,441 INFO  L290        TraceCheckUtils]: 81: Hoare triple {25048#false} assume true; {25048#false} is VALID
[2022-02-20 18:00:11,441 INFO  L284        TraceCheckUtils]: 82: Hoare quadruple {25048#false} {25048#false} #955#return; {25048#false} is VALID
[2022-02-20 18:00:11,441 INFO  L290        TraceCheckUtils]: 83: Hoare triple {25048#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {25048#false} is VALID
[2022-02-20 18:00:11,441 INFO  L290        TraceCheckUtils]: 84: Hoare triple {25048#false} assume 0 == sign_~privkey~0#1; {25048#false} is VALID
[2022-02-20 18:00:11,441 INFO  L290        TraceCheckUtils]: 85: Hoare triple {25048#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {25048#false} is VALID
[2022-02-20 18:00:11,441 INFO  L290        TraceCheckUtils]: 86: Hoare triple {25048#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {25048#false} is VALID
[2022-02-20 18:00:11,442 INFO  L290        TraceCheckUtils]: 87: Hoare triple {25048#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {25048#false} is VALID
[2022-02-20 18:00:11,442 INFO  L272        TraceCheckUtils]: 88: Hoare triple {25048#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {25048#false} is VALID
[2022-02-20 18:00:11,442 INFO  L290        TraceCheckUtils]: 89: Hoare triple {25048#false} ~handle := #in~handle;~value := #in~value; {25048#false} is VALID
[2022-02-20 18:00:11,442 INFO  L290        TraceCheckUtils]: 90: Hoare triple {25048#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25048#false} is VALID
[2022-02-20 18:00:11,442 INFO  L290        TraceCheckUtils]: 91: Hoare triple {25048#false} assume true; {25048#false} is VALID
[2022-02-20 18:00:11,442 INFO  L284        TraceCheckUtils]: 92: Hoare quadruple {25048#false} {25048#false} #957#return; {25048#false} is VALID
[2022-02-20 18:00:11,442 INFO  L290        TraceCheckUtils]: 93: Hoare triple {25048#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {25048#false} is VALID
[2022-02-20 18:00:11,443 INFO  L272        TraceCheckUtils]: 94: Hoare triple {25048#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {25048#false} is VALID
[2022-02-20 18:00:11,443 INFO  L290        TraceCheckUtils]: 95: Hoare triple {25048#false} ~handle := #in~handle;havoc ~retValue_acc~31; {25048#false} is VALID
[2022-02-20 18:00:11,443 INFO  L290        TraceCheckUtils]: 96: Hoare triple {25048#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {25048#false} is VALID
[2022-02-20 18:00:11,443 INFO  L290        TraceCheckUtils]: 97: Hoare triple {25048#false} assume true; {25048#false} is VALID
[2022-02-20 18:00:11,443 INFO  L284        TraceCheckUtils]: 98: Hoare quadruple {25048#false} {25048#false} #959#return; {25048#false} is VALID
[2022-02-20 18:00:11,443 INFO  L290        TraceCheckUtils]: 99: Hoare triple {25048#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {25048#false} is VALID
[2022-02-20 18:00:11,443 INFO  L290        TraceCheckUtils]: 100: Hoare triple {25048#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {25048#false} is VALID
[2022-02-20 18:00:11,443 INFO  L272        TraceCheckUtils]: 101: Hoare triple {25048#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {25048#false} is VALID
[2022-02-20 18:00:11,444 INFO  L290        TraceCheckUtils]: 102: Hoare triple {25048#false} ~handle := #in~handle;havoc ~retValue_acc~9; {25048#false} is VALID
[2022-02-20 18:00:11,444 INFO  L290        TraceCheckUtils]: 103: Hoare triple {25048#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25048#false} is VALID
[2022-02-20 18:00:11,444 INFO  L290        TraceCheckUtils]: 104: Hoare triple {25048#false} assume true; {25048#false} is VALID
[2022-02-20 18:00:11,444 INFO  L284        TraceCheckUtils]: 105: Hoare quadruple {25048#false} {25048#false} #961#return; {25048#false} is VALID
[2022-02-20 18:00:11,444 INFO  L290        TraceCheckUtils]: 106: Hoare triple {25048#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {25048#false} is VALID
[2022-02-20 18:00:11,444 INFO  L290        TraceCheckUtils]: 107: Hoare triple {25048#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {25048#false} is VALID
[2022-02-20 18:00:11,444 INFO  L290        TraceCheckUtils]: 108: Hoare triple {25048#false} assume !false; {25048#false} is VALID
[2022-02-20 18:00:11,445 INFO  L134       CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked.
[2022-02-20 18:00:11,445 INFO  L328         TraceCheckSpWp]: Computing backward predicates...
[2022-02-20 18:00:11,788 INFO  L290        TraceCheckUtils]: 108: Hoare triple {25048#false} assume !false; {25048#false} is VALID
[2022-02-20 18:00:11,788 INFO  L290        TraceCheckUtils]: 107: Hoare triple {25048#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~9#1;assume { :begin_inline___automaton_fail } true; {25048#false} is VALID
[2022-02-20 18:00:11,789 INFO  L290        TraceCheckUtils]: 106: Hoare triple {25048#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret64#1 && __utac_acc__SignForward_spec__1_#t~ret64#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~9#1 := __utac_acc__SignForward_spec__1_#t~ret64#1;havoc __utac_acc__SignForward_spec__1_#t~ret64#1; {25048#false} is VALID
[2022-02-20 18:00:11,789 INFO  L284        TraceCheckUtils]: 105: Hoare quadruple {25047#true} {25048#false} #961#return; {25048#false} is VALID
[2022-02-20 18:00:11,789 INFO  L290        TraceCheckUtils]: 104: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,789 INFO  L290        TraceCheckUtils]: 103: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:11,789 INFO  L290        TraceCheckUtils]: 102: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:11,789 INFO  L272        TraceCheckUtils]: 101: Hoare triple {25048#false} call __utac_acc__SignForward_spec__1_#t~ret64#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {25047#true} is VALID
[2022-02-20 18:00:11,789 INFO  L290        TraceCheckUtils]: 100: Hoare triple {25048#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~3#1; {25048#false} is VALID
[2022-02-20 18:00:11,789 INFO  L290        TraceCheckUtils]: 99: Hoare triple {25048#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret63#1 && __utac_acc__SignForward_spec__1_#t~ret63#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~3#1 := __utac_acc__SignForward_spec__1_#t~ret63#1;havoc __utac_acc__SignForward_spec__1_#t~ret63#1; {25048#false} is VALID
[2022-02-20 18:00:11,789 INFO  L284        TraceCheckUtils]: 98: Hoare quadruple {25047#true} {25048#false} #959#return; {25048#false} is VALID
[2022-02-20 18:00:11,790 INFO  L290        TraceCheckUtils]: 97: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,790 INFO  L290        TraceCheckUtils]: 96: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~31; {25047#true} is VALID
[2022-02-20 18:00:11,790 INFO  L290        TraceCheckUtils]: 95: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25047#true} is VALID
[2022-02-20 18:00:11,790 INFO  L272        TraceCheckUtils]: 94: Hoare triple {25048#false} call __utac_acc__SignForward_spec__1_#t~ret63#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {25047#true} is VALID
[2022-02-20 18:00:11,790 INFO  L290        TraceCheckUtils]: 93: Hoare triple {25048#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret62#1, __utac_acc__SignForward_spec__1_#t~ret63#1, __utac_acc__SignForward_spec__1_#t~ret64#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~9#1, __utac_acc__SignForward_spec__1_~tmp___0~3#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~9#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~3#1;call __utac_acc__SignForward_spec__1_#t~ret62#1 := puts(25, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret62#1 && __utac_acc__SignForward_spec__1_#t~ret62#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret62#1; {25048#false} is VALID
[2022-02-20 18:00:11,790 INFO  L284        TraceCheckUtils]: 92: Hoare quadruple {25047#true} {25048#false} #957#return; {25048#false} is VALID
[2022-02-20 18:00:11,790 INFO  L290        TraceCheckUtils]: 91: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,790 INFO  L290        TraceCheckUtils]: 90: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,791 INFO  L290        TraceCheckUtils]: 89: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,791 INFO  L272        TraceCheckUtils]: 88: Hoare triple {25048#false} call setEmailFrom(outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1); {25047#true} is VALID
[2022-02-20 18:00:11,791 INFO  L290        TraceCheckUtils]: 87: Hoare triple {25048#false} outgoing__wrappee__AutoResponder_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret81#1 && outgoing__wrappee__AutoResponder_#t~ret81#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret81#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1; {25048#false} is VALID
[2022-02-20 18:00:11,791 INFO  L290        TraceCheckUtils]: 86: Hoare triple {25048#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {25048#false} is VALID
[2022-02-20 18:00:11,791 INFO  L290        TraceCheckUtils]: 85: Hoare triple {25048#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret81#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~tmp~14#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__AutoResponder_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {25048#false} is VALID
[2022-02-20 18:00:11,791 INFO  L290        TraceCheckUtils]: 84: Hoare triple {25048#false} assume 0 == sign_~privkey~0#1; {25048#false} is VALID
[2022-02-20 18:00:11,791 INFO  L290        TraceCheckUtils]: 83: Hoare triple {25048#false} assume -2147483648 <= sign_#t~ret90#1 && sign_#t~ret90#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret90#1;havoc sign_#t~ret90#1;sign_~privkey~0#1 := sign_~tmp~20#1; {25048#false} is VALID
[2022-02-20 18:00:11,791 INFO  L284        TraceCheckUtils]: 82: Hoare quadruple {25047#true} {25048#false} #955#return; {25048#false} is VALID
[2022-02-20 18:00:11,792 INFO  L290        TraceCheckUtils]: 81: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,792 INFO  L290        TraceCheckUtils]: 80: Hoare triple {25047#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:11,792 INFO  L290        TraceCheckUtils]: 79: Hoare triple {25047#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25047#true} is VALID
[2022-02-20 18:00:11,792 INFO  L272        TraceCheckUtils]: 78: Hoare triple {25048#false} call sign_#t~ret90#1 := getClientPrivateKey(sign_~client#1); {25047#true} is VALID
[2022-02-20 18:00:11,792 INFO  L290        TraceCheckUtils]: 77: Hoare triple {25048#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret90#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~20#1; {25048#false} is VALID
[2022-02-20 18:00:11,792 INFO  L272        TraceCheckUtils]: 76: Hoare triple {25048#false} call outgoing(~sender#1, ~email~0#1); {25048#false} is VALID
[2022-02-20 18:00:11,792 INFO  L290        TraceCheckUtils]: 75: Hoare triple {25048#false} #t~ret86#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp~18#1 := #t~ret86#1;havoc #t~ret86#1;~email~0#1 := ~tmp~18#1; {25048#false} is VALID
[2022-02-20 18:00:11,793 INFO  L290        TraceCheckUtils]: 74: Hoare triple {25048#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {25048#false} is VALID
[2022-02-20 18:00:11,793 INFO  L284        TraceCheckUtils]: 73: Hoare quadruple {25047#true} {25048#false} #1003#return; {25048#false} is VALID
[2022-02-20 18:00:11,793 INFO  L290        TraceCheckUtils]: 72: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,793 INFO  L290        TraceCheckUtils]: 71: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,793 INFO  L290        TraceCheckUtils]: 70: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,793 INFO  L272        TraceCheckUtils]: 69: Hoare triple {25048#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25047#true} is VALID
[2022-02-20 18:00:11,793 INFO  L284        TraceCheckUtils]: 68: Hoare quadruple {25047#true} {25048#false} #1001#return; {25048#false} is VALID
[2022-02-20 18:00:11,793 INFO  L290        TraceCheckUtils]: 67: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,794 INFO  L290        TraceCheckUtils]: 66: Hoare triple {25047#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,794 INFO  L290        TraceCheckUtils]: 65: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,794 INFO  L272        TraceCheckUtils]: 64: Hoare triple {25048#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25047#true} is VALID
[2022-02-20 18:00:11,794 INFO  L290        TraceCheckUtils]: 63: Hoare triple {25048#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25048#false} is VALID
[2022-02-20 18:00:11,794 INFO  L272        TraceCheckUtils]: 62: Hoare triple {25048#false} call sendEmail(~bob~0, ~rjh~0); {25048#false} is VALID
[2022-02-20 18:00:11,794 INFO  L290        TraceCheckUtils]: 61: Hoare triple {25048#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret42#1 := puts(17, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {25048#false} is VALID
[2022-02-20 18:00:11,796 INFO  L290        TraceCheckUtils]: 60: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {25048#false} is VALID
[2022-02-20 18:00:11,797 INFO  L290        TraceCheckUtils]: 59: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,797 INFO  L290        TraceCheckUtils]: 58: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,797 INFO  L290        TraceCheckUtils]: 57: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,797 INFO  L290        TraceCheckUtils]: 56: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,801 INFO  L290        TraceCheckUtils]: 55: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,801 INFO  L290        TraceCheckUtils]: 54: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,801 INFO  L290        TraceCheckUtils]: 53: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,802 INFO  L290        TraceCheckUtils]: 52: Hoare triple {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,802 INFO  L290        TraceCheckUtils]: 51: Hoare triple {25613#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25585#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID
[2022-02-20 18:00:11,802 INFO  L290        TraceCheckUtils]: 50: Hoare triple {25613#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {25613#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID
[2022-02-20 18:00:11,803 INFO  L290        TraceCheckUtils]: 49: Hoare triple {25613#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {25613#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID
[2022-02-20 18:00:11,803 INFO  L290        TraceCheckUtils]: 48: Hoare triple {25047#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25613#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID
[2022-02-20 18:00:11,804 INFO  L290        TraceCheckUtils]: 47: Hoare triple {25047#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 21, 0;havoc setup_#t~nondet49#1; {25047#true} is VALID
[2022-02-20 18:00:11,804 INFO  L284        TraceCheckUtils]: 46: Hoare quadruple {25047#true} {25047#true} #1017#return; {25047#true} is VALID
[2022-02-20 18:00:11,804 INFO  L290        TraceCheckUtils]: 45: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,804 INFO  L290        TraceCheckUtils]: 44: Hoare triple {25047#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,804 INFO  L290        TraceCheckUtils]: 43: Hoare triple {25047#true} assume !(2 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,804 INFO  L290        TraceCheckUtils]: 42: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,804 INFO  L290        TraceCheckUtils]: 41: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,805 INFO  L272        TraceCheckUtils]: 40: Hoare triple {25047#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25047#true} is VALID
[2022-02-20 18:00:11,805 INFO  L290        TraceCheckUtils]: 39: Hoare triple {25047#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {25047#true} is VALID
[2022-02-20 18:00:11,805 INFO  L284        TraceCheckUtils]: 38: Hoare quadruple {25047#true} {25047#true} #1015#return; {25047#true} is VALID
[2022-02-20 18:00:11,805 INFO  L290        TraceCheckUtils]: 37: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,805 INFO  L290        TraceCheckUtils]: 36: Hoare triple {25047#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,805 INFO  L290        TraceCheckUtils]: 35: Hoare triple {25047#true} assume !(2 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,805 INFO  L290        TraceCheckUtils]: 34: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,805 INFO  L290        TraceCheckUtils]: 33: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,806 INFO  L272        TraceCheckUtils]: 32: Hoare triple {25047#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25047#true} is VALID
[2022-02-20 18:00:11,806 INFO  L290        TraceCheckUtils]: 31: Hoare triple {25047#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 20, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25047#true} is VALID
[2022-02-20 18:00:11,806 INFO  L284        TraceCheckUtils]: 30: Hoare quadruple {25047#true} {25047#true} #1013#return; {25047#true} is VALID
[2022-02-20 18:00:11,806 INFO  L290        TraceCheckUtils]: 29: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,806 INFO  L290        TraceCheckUtils]: 28: Hoare triple {25047#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,806 INFO  L290        TraceCheckUtils]: 27: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,806 INFO  L290        TraceCheckUtils]: 26: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,807 INFO  L272        TraceCheckUtils]: 25: Hoare triple {25047#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25047#true} is VALID
[2022-02-20 18:00:11,807 INFO  L290        TraceCheckUtils]: 24: Hoare triple {25047#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25047#true} is VALID
[2022-02-20 18:00:11,807 INFO  L284        TraceCheckUtils]: 23: Hoare quadruple {25047#true} {25047#true} #1011#return; {25047#true} is VALID
[2022-02-20 18:00:11,807 INFO  L290        TraceCheckUtils]: 22: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,807 INFO  L290        TraceCheckUtils]: 21: Hoare triple {25047#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,807 INFO  L290        TraceCheckUtils]: 20: Hoare triple {25047#true} assume !(1 == ~handle); {25047#true} is VALID
[2022-02-20 18:00:11,807 INFO  L290        TraceCheckUtils]: 19: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,807 INFO  L272        TraceCheckUtils]: 18: Hoare triple {25047#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L290        TraceCheckUtils]: 17: Hoare triple {25047#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 19, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L284        TraceCheckUtils]: 16: Hoare quadruple {25047#true} {25047#true} #1009#return; {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L290        TraceCheckUtils]: 15: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L290        TraceCheckUtils]: 14: Hoare triple {25047#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L290        TraceCheckUtils]: 13: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L272        TraceCheckUtils]: 12: Hoare triple {25047#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L290        TraceCheckUtils]: 11: Hoare triple {25047#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L284        TraceCheckUtils]: 10: Hoare quadruple {25047#true} {25047#true} #1007#return; {25047#true} is VALID
[2022-02-20 18:00:11,808 INFO  L290        TraceCheckUtils]: 9: Hoare triple {25047#true} assume true; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L290        TraceCheckUtils]: 8: Hoare triple {25047#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L290        TraceCheckUtils]: 7: Hoare triple {25047#true} ~handle := #in~handle;~value := #in~value; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L272        TraceCheckUtils]: 6: Hoare triple {25047#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L290        TraceCheckUtils]: 5: Hoare triple {25047#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L290        TraceCheckUtils]: 4: Hoare triple {25047#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L290        TraceCheckUtils]: 3: Hoare triple {25047#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~19#1;havoc valid_product_~retValue_acc~19#1;valid_product_~retValue_acc~19#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~19#1; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L290        TraceCheckUtils]: 2: Hoare triple {25047#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L290        TraceCheckUtils]: 1: Hoare triple {25047#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~34#1, main_~tmp~7#1;havoc main_~retValue_acc~34#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L290        TraceCheckUtils]: 0: Hoare triple {25047#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(44, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(11, 21);call #Ultimate.allocInit(19, 22);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(100, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(12, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(18, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(21, 37);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {25047#true} is VALID
[2022-02-20 18:00:11,809 INFO  L134       CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked.
[2022-02-20 18:00:11,810 INFO  L165   FreeRefinementEngine]: IpTcStrategyModuleZ3 [1107061426] provided 0 perfect and 2 imperfect interpolant sequences
[2022-02-20 18:00:11,810 INFO  L191   FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences.
[2022-02-20 18:00:11,810 INFO  L204   FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15
[2022-02-20 18:00:11,810 INFO  L118   tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [886671302]
[2022-02-20 18:00:11,810 INFO  L85    oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton
[2022-02-20 18:00:11,811 INFO  L78                 Accepts]: Start accepts. Automaton has  has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) Word has length 109
[2022-02-20 18:00:11,844 INFO  L84                 Accepts]: Finished accepts. word is accepted.
[2022-02-20 18:00:11,844 INFO  L86        InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with  has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22)
[2022-02-20 18:00:11,950 INFO  L122       InductivityCheck]: Floyd-Hoare automaton has 169 edges. 169 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 
[2022-02-20 18:00:11,950 INFO  L546      AbstractCegarLoop]: INTERPOLANT automaton has 15 states
[2022-02-20 18:00:11,950 INFO  L108   FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL
[2022-02-20 18:00:11,951 INFO  L143   InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants.
[2022-02-20 18:00:11,951 INFO  L145   InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210
[2022-02-20 18:00:11,951 INFO  L87              Difference]: Start difference. First operand 384 states and 590 transitions. Second operand  has 15 states, 14 states have (on average 8.428571428571429) internal successors, (118), 11 states have internal predecessors, (118), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22)